Thanks for the reply. I'll get in touch with support and see if I can find out the specifics of phase 2.
Kind regards, Jonas On Thu, Oct 18, 2018, 18:40 Noel Kuntze <noel.kuntze+strongswan-users-ml@thermi.consulting> wrote: > Hi, > > It looks like something is off with your phase two configuration. It can > be anything in your phase two configuration that it doesn't like. You're > better off just asking the administrator of the other side what they expect. > > Kind regards > > Noel > > Am 16.10.18 um 22:16 schrieb Jonas Koperdraat: > > Hello there, > > > > I'm having trouble connecting to my company's VPN from my Linux laptop. > I have spent quite some time trying to figure out what might be causing > this problem, but frankly my knowledge on the subject is limited, so I'm > hoping someone here might be able to help me in the right direction. Any > help would be greatly appreciated! > > > > My campany uses an L2TP VPN with en IPSec tunnel. Using the same > credentials as I'm using on my laptop, I am able to connect to the network > from my mobile phone funning Android Oreo, without any problems, but from > my laptop I am unable to connect. > > > > I am running Ubuntu 18.04.1 LTS. > > > > jonas@Jonas-XPS13:~$ uname -a > > Linux Jonas-XPS13 4.15.0-1018-oem #21-Ubuntu SMP Tue Aug 28 14:12:47 UTC > 2018 x86_64 x86_64 x86_64 GNU/Linux > > > > Following these instructions, I added the L2TP network manager to Gnome: > > > https://medium.com/@hkdb/ubuntu-16-04-connecting-to-l2tp-over-ipsec-via-network-manager-204b5d475721 > > > > However, I wasn't able to connect. This stackoverflow question/answer > (among others) mentioned that I might have to specify phase 1 and phase 2 > algorithms: > > > https://askubuntu.com/questions/904217/unable-to-connect-l2tp-ipsec-vpn-from-ubuntu-16-04 > > > > I ran an ike-scan, from which I concluded that the VPN indeed uses old > algorithms, so I added 3des-sha1-modp1024! and 3des-sha1! as phase 1 and > phase 2 algorithms. For good measure I added the exclamation marks, as some > solutions mentioned that might be required. > > > > jonas@Jonas-XPS13:~$ sudo ike-scan -v office.********.nl > > DEBUG: pkt len=336 bytes, bandwidth=56000 bps, int=52000 us > > Starting ike-scan 1.9.4 with 1 hosts ( > http://www.nta-monitor.com/tools/ike-scan/) > > 87.213.34.174Main Mode Handshake returned HDR=(CKY-R=254e5ebbbb17c30a) > SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds > LifeDuration=28800) VID=5b362bc820f60007 (SonicWall-7) > > > > Ending ike-scan 1.9.4: 1 hosts scanned in 0.060 seconds (16.70 > hosts/sec). 1 returned handshake; 0 returned notify > > > > Unfortunately, even though that seemed to be the solution for the > majority of the problems I encountered online, I am still unable to > connect. Below are links to pastebins with relevant information: > > > > Logging of a connection attempt: https://pastebin.com/cEwMQjjC > > /etc/strongswan.conf: https://pastebin.com/LppKLiqw > > /etc/strongswan.d/charon.conf https://pastebin.com/9ecW0LXJ > > > > Kind regards and thanks in advance, > > > > Jonas > > > > > > > > > >
