Need help connecting a TPLink Archer D9 to a Ubuntu libreswan ipsec server
Trying to get a subnet<->subnet vpn between work and my home Archer D9
router (and eventually others). I actually had it working fine between
the D9 and our work Vigor2870 router but that had to be retired, so I
setup Ubuntu Server 18.04 VM.
Setup:
Work Internet : TPLink ER-5120 ADSL2+
- Static public ip on mycompany.com.au
- Internal subnet 192.168.5.0/24
- DMZ to Ubuntu server on 192.168.5.52
Home Internet:
- xDSL, Dynamic IP
- TP Link Archer D9
- 192.168.1.1
I've tried a *lot* of configs, but they all result in the following
(from ipsec barf):
Jun 24 17:28:47 vpnserver pluto[12658]: packet from x.x.x.x:500: initial
Main Mode message received on 192.168.5.52:500 but no connection has
been authorized with policy PSK+IKEV1_ALLOW
I believe I have the ike, phase 2 & secrets set correctly. Not so sure
re the subnets. Am at a loss as to what to try next
my current non working config
lindsay.conf
config setup
protostack=netkey
conn lindsay
also=common
leftsubnet=192.168.1.0/24
rightsubnet=192.168.5.0/24
conn common
type=tunnel
left=192.168.1.1
leftsourceip=x.x.x.x
right=192.168.5.52
authby=secret
ike=3des-md5;modp1024
phase2alg=3des-md5;modp1024
pfs=yes
lifetime=3600
ikelifetime=3600
keyexchange = ike
lindsay.secrets
%any %any : PSK "test"
Archer is Setup with
- Remote IPSec Gateway (URL):mycompany.com.au
- Tunnel access from local IP addresses:Subnet Address
- IP Address for VPN:192.168.1.0
- Subnet Mask:255.255.255.0
- Tunnel access from remote IP addresses:Subnet Address
- IP Address for VPN:192.168.5.0
- Subnet Mask:255.255.255.0
Key Exchange: IKE
Auth: Preshared Key
Key: test
PFS: enabled
Ike & Phase 2 Algorithms matching the server.
Thanks.
--
Lindsay
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
