Hello- We have a working IKEv2 EAP-MSCHAPv2 VPN working with Windows 7 and Linux clients, but I am unable to get it working on my Mac (OS X 10.8.5, Intel, 64-bit), latest updates installed.
I have installed the certifying authority certificate in my System keychain, and have configured the VPN, but when I try to connect I get the following output in the log: initiating IKE_SA Certifi VPC[6] to 54.236.231.10 generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] sending packet: from 192.168.1.175[63224] to x.x.x.x[4500] (884 bytes) received packet: from x.x.x.x[4500] to 192.168.1.175[63224] (38 bytes) parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ] peer didn't accept DH group MODP_2048, it requested MODP_1024 initiating IKE_SA Certifi VPC[6] to x.x.x.x generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] sending packet: from 192.168.1.175[63224] to x.x.x.x[4500] (756 bytes) received packet: from x.x.x.x[4500] to 192.168.1.175[63224] (312 bytes) parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ] local host is behind NAT, sending keep alives remote host is behind NAT establishing CHILD_SA Certifi VPC generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr CP(ADDR DNS) N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] sending packet: from 192.168.1.175[65384] to x.x.x.x[4500] (412 bytes) received packet: from x.x.x.x[4500] to 192.168.1.175[65384] (364 bytes) parsed IKE_AUTH response 1 [ IDr AUTH EAP/REQ/ID ] no trusted RSA public key found for 'vpn.enrfin.com' generating INFORMATIONAL request 2 [ N(AUTH_FAILED) ] sending packet: from 192.168.1.175[65384] to x.x.x.x[4500] (76 bytes) And I get a dialog box that says: "Establishing Connection Certifi Failed: Server authentication failed." I'm not clear on whether or not I need to do something with charon-xpc tarball if I simply install the Strongswan.app? I believe that I need the charon-xpc tarball if I build Strongswan from source, but do I need to do anything with it if I am installing the app? The CA cert is installed in my System keychain, and is trusted. Any suggestions or pointers would be greatly appreciated. Thanks in advance! -Dan Dan Diman [email protected]
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
