Hi, I'm trying to connect an Ubuntu client with the strongswan networkmanager-plugin to my strongswan VPN server, using the same configuration as for a Windows 7 client. The server is authenticated via certificate, the client is authenticated via eap-radius module. The Windows 7 client works fine, the Ubuntu not so much.
/etc/ipsec.conf :
conn %default
ike=aes256-sha1-modp1536,aes256-sha1-modp1024!
esp=aes256-sha1!
dpdaction=clear
dpddelay=300s
rekeymargin=3m
keyingtries=1
leftcert=vpncert.pem
leftsubnet=0.0.0.0/0
leftid="C=LU, ST=Luxembourg, L=Luxembourg, O=Fondation RESTENA, OU=IT,
CN=vpn6-pub.restena.lu, [email protected]"
leftfirewall=yes
right=%any
auto=add
conn ikev2
keyexchange=ikev2
left=%any
leftauth=pubkey
eap_identity=%any
rightauth=eap-radius
rightsourceip=192.168.120.192/26
For the Ubuntu client :
Address : vpn6-pub.restena.lu
Certificate: The server's certificate
Authentication : EAP
Username : ctompers
As options, I checked only "Request an inner IP address"
Error Log :
Jun 3 08:21:38 vpn6-test charon: 04[CFG] switching to peer config 'ikev2'
Jun 3 08:21:38 vpn6-test charon: 04[IKE] initiating EAP-Identity request
Jun 3 08:21:38 vpn6-test charon: 04[IKE] peer supports MOBIKE
Jun 3 08:21:38 vpn6-test charon: 04[IKE] authentication of 'C=LU,
ST=Luxembourg, L=Luxembourg, O=Fondation RESTENA, OU=IT,
CN=vpn6-pub.restena.lu, [email protected]' (myself) with RSA
signature successful
Jun 3 08:21:38 vpn6-test charon: 04[ENC] generating IKE_AUTH response 1 [ IDr
AUTH EAP/REQ/ID ]
Jun 3 08:21:38 vpn6-test charon: 04[NET] sending packet: from
192.168.1.13[4500] to 192.168.3.19[4500]
Jun 3 08:21:38 vpn6-test charon: 13[NET] received packet: from
192.168.3.19[4500] to 192.168.1.13[4500]
Jun 3 08:21:38 vpn6-test charon: 13[ENC] parsed IKE_AUTH request 2 [
EAP/RES/ID ]
Jun 3 08:21:38 vpn6-test charon: 13[IKE] received EAP identity 'ctompers'
Jun 3 08:21:38 vpn6-test charon: 13[IKE] initiating EAP_RADIUS method
Jun 3 08:21:38 vpn6-test charon: 13[ENC] generating IKE_AUTH response 2 [
EAP/REQ/(25) ]
Jun 3 08:21:38 vpn6-test charon: 13[NET] sending packet: from
192.168.1.13[4500] to 192.168.3.19[4500]
Jun 3 08:21:38 vpn6-test charon: 10[NET] received packet: from
192.168.3.19[4500] to 192.168.1.13[4500]
Jun 3 08:21:38 vpn6-test charon: 10[ENC] parsed IKE_AUTH request 3 [
EAP/RES/NAK ]
Jun 3 08:21:38 vpn6-test charon: 10[IKE] received EAP_NAK, sending EAP_FAILURE
Jun 3 08:21:38 vpn6-test charon: 10[ENC] generating IKE_AUTH response 3 [
EAP/FAIL ]
Jun 3 08:21:38 vpn6-test charon: 10[NET] sending packet: from
192.168.1.13[4500] to 192.168.3.19[4500]
Thanks a lot for all suggestions.
kind regards
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
