A client is looking for a clear way to monitor failed and successful logins.
Is there any way to log just those?
When I try to connect to the VPN server using charon-cmd, Im instructing it use
vpnserver but the server is responding with vpnserver1. I have two connection
configs set up (pasted below). What am I missing??
CLIENT
sudo charon-cmd --host x.x.x.x --identity remote-user --p12 remote-user.p12
Hi Christian,
> When I try to connect to the VPN server using charon-cmd, Im instructing
> it use vpnserver but the server is responding with vpnserver1. I have
> two connection configs set up (pasted below). What am I missing??
What exactly confuses you?
Regards,
Tobias
Basically, linux users cant connect which I’m trying to work out why.
From what I can see, I’m requesting --remote-identity vpnserver but the server
is choosing vpnserver1.
Thanks
> On 12 Jun 2018, at 13:24, Tobias Brunner wrote:
>
> Hi Christian,
>
>> When I try to connect to the VPN server
Hi Christian,
> From what I can see, I’m requesting --remote-identity vpnserver but the
> server is choosing vpnserver1.
charon-cmd does not send the configured identity (i.e. it does not send
an IDr payload). The configured identity is only used to match against
the returned identity/certifica
Ok, I changed my command line to now read
sudo charon-cmd --host x.x.x.x --identity remote.user --p12 remote.user.p12
But I am still getting failed login. This works in OSX’s built-in VPN client
so I know the certificate is good.
SERVER
Jun 12 13:24:00 07[IKE] x.x.x.x is initiating an IKE_SA
Hi Christian,
> Ok, I changed my command line to now read
>
> sudo charon-cmd --host x.x.x.x --identity remote.user --p12 remote.user.p12
The server expects the client to authenticate with EAP, but the client
will not do that automatically if you configure a private
key/certificate (it then uses
With that option, its asking for MSCHAPV2
CLIENT
10[IKE] server requested EAP_IDENTITY (id 0x00), sending ‘remote.user'
10[ENC] generating IKE_AUTH request 2 [ EAP/RES/ID ]
10[NET] sending packet: from 192.168.1.31[54408] to x.x.x.x[4500] (112 bytes)
11[NET] received packet: from x.x.x.x[4500] to
> With that option, its asking for MSCHAPV2
Why did you configure a client certificate then? If the server is
configured to do EAP-MSCHAPv2 no client certificate/key is needed, but a
password instead.
Regards,
Tobias
Its using eap-dynamic with eap-tls as the preferred.
> On 12 Jun 2018, at 15:17, Tobias Brunner wrote:
>
>> With that option, its asking for MSCHAPV2
>
> Why did you configure a client certificate then? If the server is
> configured to do EAP-MSCHAPv2 no client certificate/key is needed, but
> Its using eap-dynamic with eap-tls as the preferred.
The latter is doubtful because EAP-MSCHAPv2 is the method initiated by
the server (and not as response to an EAP-Nak by the client).
Regards,
Tobias
Ok, I changed remote { auth = eap-tls ... and tried again and now on the client
side, I’m getting EAP_TLS not supported! Getting there…. Now to figure out how
to enable it on the client.
SERVER
Jun 12 14:22:22 08[CFG] looking for peer configs matching
10.0.0.49[%any]…x.x.x.x[remote.user]
Jun
Hello everyone,
I'm getting a lot of this kind of UNSUPPORTED_CRITICAL_PAYLOAD
from many windows 10 laptops.
Anyone has an idea of what could the problem be?
generating QUICK_MODE request 3970887770 [ HASH SA No KE ID ID ]
sending packet: from 10.81.110.254[500] to 10.81.126.89[500] (396 bytes)
r
13 matches
Mail list logo
