I changed to Main mode in client. Thank you, s.s.arvindhar
From: [email protected] To: [email protected]; [email protected] Subject: RE: [strongSwan] Strongswan on Kali linux Date: Thu, 3 Jul 2014 12:21:53 +0000 Thank you Noel, It connected, Will update you once i finish the below tests 1. NAT test 2. Ping communication test 3. Split tunnel test 4. Android test 5. iphone test Thank you, s.s.arvindhar > Date: Thu, 3 Jul 2014 13:39:48 +0200 > From: [email protected] > To: [email protected]; [email protected] > Subject: Re: [strongSwan] Strongswan on Kali linux > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello Arvindhar, > > As I wrote before, you need to set aggressive=yes in conn %default or conn rw > or make the Shrewsoft Client initiate in main mode, not aggressive mode. > > Regards, > Noel Kuntze > > GPG Key id: 0x63EC6658 > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > > Am 03.07.2014 13:37, schrieb Arvindhar Subbu: > > Dear Noel, > > > > Please check below ipsec.conf data. Kindly let me know if you want to know > > more details. > > > > ***********ipsec.conf************************************************ > > # ipsec.conf - strongSwan IPsec configuration file > > # basic configuration > > config setup > > conn %default > > type=tunnel > > ike=aes128-sha1-modp2048,3des-sha1-modp1536 > > ikelifetime=60m > > keylife=20m > > rekeymargin=3m > > keyingtries=1 > > keyexchange=ikev1 > > esp=aes128-sha1,3des-sha1 > > mobike=yes > > leftikeport=4500 > > rightikeport=4500 > > conn rw > > left=11.12.13.15 > > leftcert=gatewayCert.pem > > [email protected] > > leftfirewall=yes > > right=%any > > rightsourceip=192.168.20.0/24 > > auto=add > > > > # strictcrlpolicy=yes > > # uniqueids = no > > # Add connections here. > > # Sample VPN connections > > # conn sample-self-signed > > # leftsubnet=10.1.0.0/16 > > # leftcert=selfCert.der > > # leftsendcert=never > > # right=192.168.0.2 > > # rightsubnet=10.2.0.0/16 > > # rightcert=peerCert.der > > # auto=start > > #conn sample-with-ca-cert > > # leftsubnet=10.1.0.0/16 > > # leftcert=myCert.pem > > # right=192.168.0.2 > > # rightsubnet=10.2.0.0/16 > > # rightid="C=CH, O=Linux strongSwan CN=peer name" > > # auto=start > > > > *************************************************************************** > > > > Thank you, > > s.s.arvindhar > > > > > >> Date: Thu, 3 Jul 2014 12:30:08 +0200 > >> From: [email protected] > >> To: [email protected] > >> Subject: Re: [strongSwan] Strongswan on Kali linux > >> > > Hello Arvindhar, > > > > You need to set aggressive=yes in the conn. Also, please show us your > > ipsec.conf. > > > > Regards, > > Noel Kuntze > > > > GPG Key id: 0x63EC6658 > > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > > > > Am 03.07.2014 11:58, schrieb Arvindhar Subbu: > >> Hi, > > > >> Unable to connect to Strongswan server from Road warrior. > > > >> I'm following 2dd.it strongswan guide to deploy on kali linux as a server > >> and windows 7 as a road warrior. Please help/clue to solve. > > > >> www.2dd.it/articoli/sicurezza-informatica/ipsec-installation/#.U7UnPbdvZY8 > > > >> Jul 1 12:00:12 vpneye charon: 13[ENC] received unknown vendor ID: > >> f1:4b:94:b7:bf:f1:fe:f0:27:73:b8:c4:9f:ed:ed:26 > >> Jul 1 12:00:12 vpneye charon: 13[ENC] received unknown vendor ID: > >> 16:6f:93:2d:55:eb:64:d8:e4:df:4f:d3:7e:23:13:f0:d0:fd:84:51 > >> Jul 1 12:00:12 vpneye charon: 13[ENC] received unknown vendor ID: > >> 84:04:ad:f9:cd:a0:57:60:b2:ca:29:2e:4b:ff:53:7b > >> Jul 1 12:00:12 vpneye charon: 13[IKE] received Cisco Unity vendor ID > >> Jul 1 12:00:12 vpneye charon: 13[IKE] ignoring certificate request without > >> data > >> Jul 1 12:00:12 vpneye charon: 13[IKE] 11.12.13.18 is initiating a > >> Aggressive Mode IKE_SA > >> Jul 1 12:00:12 vpneye charon: 13[CFG] looking for RSA signature peer > >> configs matching 11.12.13.15...11.12.13.18[C=IN, ST=TN, O=BUGBRAINS, > >> OU=IT, CN=MILEYCYRUS, [email protected]] > >> Jul 1 12:00:12 vpneye charon: 13[IKE] no peer config found > >> Jul 1 12:00:12 vpneye charon: 13[ENC] generating INFORMATIONAL_V1 request > >> 152362081 [ N(AUTH_FAILED) ] > >> Jul 1 12:00:12 vpneye charon: 13[NET] sending packet: from > >> 11.12.13.15[500] to 11.12.13.18[500] (56 bytes) > > > >> Thank you, > >> s.s.arvindhar > > > > > >> _______________________________________________ > >> Users mailing list > >> [email protected] > >> https://lists.strongswan.org/mailman/listinfo/users > > > >> _______________________________________________ > >> Users mailing list > >> [email protected] > >> https://lists.strongswan.org/mailman/listinfo/users > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBAgAGBQJTtUEEAAoJEDg5KY9j7GZYI5sP/AvALhv5guqaW5vb8NSMn18G > QD/PN0AKcaYspK2IZkxDtATjCbKxH6ol5TLf7Gct0awnK5q7nZkWnj5YTeFnZ/jq > 9HoD217LItBkPlyCS8Nha1a0aUmZnsYqbMOYtfnicIpvdlAdn9ZxalFQ5VIc0Its > jrKjvXEqQasX0maKdG81AZvOIkPKOCVm2qWb5pOig0pCDtN4uWeRjSbsdsu8rK07 > WygpZj72BKI6M3jnxoEaoTHL6d6EsuPxxqFCefu/1e7jQmvRH77FqnmXKxHjLF+4 > GpELRGPtbZ0lsq7dVASi8/qKlvYEUEg4CcXA/uOOECvVrjqTvQksWlBm0CLB2Xd/ > L2yMIYiMLlllQx7w6NFvaVNNFdwDlf6K9m5m5xRuUeh+r0xvGLUlPe68aTp4K7+V > nsdokOtez0YHJs1o0KE7dl//G8WVac+VDyXJaM9csaZz/HX9VBrOSsxGblIbsuG8 > YuweP1Jw3TtSGY7IdrA3xPeQU1bqGawc2ci4K14Go3cEjlkiUO55a2nMOLCgqkUL > ZbWhzUQ9rRfcHY8g22H91O1PEnlyKAOKRUTA/lpisvb/B9HD+tLdYfFPRltOa+lj > gtSv9NC5AsChWfnB/J5EXTrgxec2BaRKdtZImDay3fIHrDmuhhLG3Eu+4sfUAHhE > gbBqTqENf+sqD5mRSs6t > =jkdN > -----END PGP SIGNATURE-----
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
