Hey everyone! I am trying to get a windows client connected to the VPN. Linux client works just fine with the same configuration, its just the windows client giving me crap.
I followed this documentation to bring the configuration up: https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2 This is the server's configuration ======================== conn tcc-server left=172.14.0.28 leftcert=my-domain leftid=@my-domain leftsendcert=always leftsubnets={172.14.0.0/16} leftrsasigkey=%cert right=%any rightaddresspool=192.168.1.0/24 rightca=%same rightrsasigkey=%cert rightsubnets={192.168.1.0/24} modecfgdns=8.8.8.8,8.8.1.1,1.1.1.1 narrowing=yes dpddelay=30 # dpdtimeout=120 dpdaction=clear auto=add ikev2=insist rekey=no fragmentation=yes encapsulation=yes ======================== The error logs I get ======================== Jan 22 18:33:31 ip-172-14-0-28.ec2.internal pluto[234457]: "tcc-server/1x1"[1] 168.90.110.44 #1: proposal 2:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA1;DH=MODP2048 2:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP2048[first-match] 3:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_384_192;PRF=HMAC_SHA2_384;DH=MODP2048 Jan 22 18:33:31 ip-172-14-0-28.ec2.internal pluto[234457]: "tcc-server/1x1"[1] 168.90.110.44 #1: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048} Jan 22 18:33:32 ip-172-14-0-28.ec2.internal pluto[234457]: "tcc-server/1x1"[1] 168.90.110.44 #1: processing decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,AUTH,N(MOBIKE_SUPPORTED),CP,SA,TSi,TSr} Jan 22 18:33:32 ip-172-14-0-28.ec2.internal pluto[234457]: "tcc-server/1x1"[1] 168.90.110.44 #1: switched to "tcc-server/1x1"[2] my-ip Jan 22 18:33:32 ip-172-14-0-28.ec2.internal pluto[234457]: "tcc-server/1x1"[1] 168.90.110.44: deleting connection instance with peer my-ip {isakmp=#0/ipsec=#0} Jan 22 18:33:32 ip-172-14-0-28.ec2.internal pluto[234457]: "tcc-server/1x1"[2] 168.90.110.44 #1: authentication failed: peer authentication requires policy RSASIG_v1_5 Jan 22 18:33:32 ip-172-14-0-28.ec2.internal pluto[234457]: "tcc-server/1x1"[2] 168.90.110.44 #1: responding to IKE_AUTH message (ID 1) from my-ip:4500 with encrypted notification AUTHENTICATION_FAILED Jan 22 18:33:32 ip-172-14-0-28.ec2.internal pluto[234457]: "tcc-server/1x1"[2] 168.90.110.44 #1: encountered fatal error in state STATE_V2_PARENT_R1 Jan 22 18:33:32 ip-172-14-0-28.ec2.internal pluto[234457]: "tcc-server/1x1"[2] 168.90.110.44 #1: deleting state (STATE_V2_PARENT_R1) aged 0.142638s and NOT sending notification Jan 22 18:33:32 ip-172-14-0-28.ec2.internal pluto[234457]: "tcc-server/1x1"[2] 168.90.110.44: deleting connection instance with peer my-ip {isakmp=#0/ipsec=#0} ======================== Has anyone experienced this problem before with windows clients? any tips? what exactly does 'policy RSASIG_v1_5' refer to and how can i go about fixing that? Thanks, everyone!
_______________________________________________ Swan mailing list Swan@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan
