Dear Noel, I'm unable to access network resources behind the VPN server. Kali Server Kali WAN - 11.12.13.15Kali LAN - 192.168.7.1LAN side server - 192.168.7.5 Test:1. Road Warrior unable to reach 192.168.7.5 but pinging 192.168.7.1 over vpn connection2. Got ping reply for ip 192.168.7.5 from Kali Server LAN interface 192.168.7.1 Any changes required in ipsec.conf or iptables? Kindly suggest. Thank you,s.s. arvindhar
From: [email protected] To: [email protected]; [email protected] Subject: RE: [strongSwan] Strongswan on Kali linux Date: Thu, 3 Jul 2014 12:22:43 +0000 I changed to Main mode in client. Thank you, s.s.arvindhar From: [email protected] To: [email protected]; [email protected] Subject: RE: [strongSwan] Strongswan on Kali linux Date: Thu, 3 Jul 2014 12:21:53 +0000 Thank you Noel, It connected, Will update you once i finish the below tests 1. NAT test 2. Ping communication test 3. Split tunnel test 4. Android test 5. iphone test Thank you, s.s.arvindhar > Date: Thu, 3 Jul 2014 13:39:48 +0200 > From: [email protected] > To: [email protected]; [email protected] > Subject: Re: [strongSwan] Strongswan on Kali linux > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello Arvindhar, > > As I wrote before, you need to set aggressive=yes in conn %default or conn rw > or make the Shrewsoft Client initiate in main mode, not aggressive mode. > > Regards, > Noel Kuntze > > GPG Key id: 0x63EC6658 > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > > Am 03.07.2014 13:37, schrieb Arvindhar Subbu: > > Dear Noel, > > > > Please check below ipsec.conf data. Kindly let me know if you want to know > > more details. > > > > ***********ipsec.conf************************************************ > > # ipsec.conf - strongSwan IPsec configuration file > > # basic configuration > > config setup > > conn %default > > type=tunnel > > ike=aes128-sha1-modp2048,3des-sha1-modp1536 > > ikelifetime=60m > > keylife=20m > > rekeymargin=3m > > keyingtries=1 > > keyexchange=ikev1 > > esp=aes128-sha1,3des-sha1 > > mobike=yes > > leftikeport=4500 > > rightikeport=4500 > > conn rw > > left=11.12.13.15 > > leftcert=gatewayCert.pem > > [email protected] > > leftfirewall=yes > > right=%any > > rightsourceip=192.168.20.0/24 > > auto=add > > > > # strictcrlpolicy=yes > > # uniqueids = no > > # Add connections here. > > # Sample VPN connections > > # conn sample-self-signed > > # leftsubnet=10.1.0.0/16 > > # leftcert=selfCert.der > > # leftsendcert=never > > # right=192.168.0.2 > > # rightsubnet=10.2.0.0/16 > > # rightcert=peerCert.der > > # auto=start > > #conn sample-with-ca-cert > > # leftsubnet=10.1.0.0/16 > > # leftcert=myCert.pem > > # right=192.168.0.2 > > # rightsubnet=10.2.0.0/16 > > # rightid="C=CH, O=Linux strongSwan CN=peer name" > > # auto=start > > > > *************************************************************************** > > > > Thank you, > > s.s.arvindhar > > > > > >> Date: Thu, 3 Jul 2014 12:30:08 +0200 > >> From: [email protected] > >> To: [email protected] > >> Subject: Re: [strongSwan] Strongswan on Kali linux > >> > > Hello Arvindhar, > > > > You need to set aggressive=yes in the conn. Also, please show us your > > ipsec.conf. > > > > Regards, > > Noel Kuntze > > > > GPG Key id: 0x63EC6658 > > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > > > > Am 03.07.2014 11:58, schrieb Arvindhar Subbu: > >> Hi, > > > >> Unable to connect to Strongswan server from Road warrior. > > > >> I'm following 2dd.it strongswan guide to deploy on kali linux as a server > >> and windows 7 as a road warrior. Please help/clue to solve. > > > >> www.2dd.it/articoli/sicurezza-informatica/ipsec-installation/#.U7UnPbdvZY8 > > > >> Jul 1 12:00:12 vpneye charon: 13[ENC] received unknown vendor ID: > >> f1:4b:94:b7:bf:f1:fe:f0:27:73:b8:c4:9f:ed:ed:26 > >> Jul 1 12:00:12 vpneye charon: 13[ENC] received unknown vendor ID: > >> 16:6f:93:2d:55:eb:64:d8:e4:df:4f:d3:7e:23:13:f0:d0:fd:84:51 > >> Jul 1 12:00:12 vpneye charon: 13[ENC] received unknown vendor ID: > >> 84:04:ad:f9:cd:a0:57:60:b2:ca:29:2e:4b:ff:53:7b > >> Jul 1 12:00:12 vpneye charon: 13[IKE] received Cisco Unity vendor ID > >> Jul 1 12:00:12 vpneye charon: 13[IKE] ignoring certificate request without > >> data > >> Jul 1 12:00:12 vpneye charon: 13[IKE] 11.12.13.18 is initiating a > >> Aggressive Mode IKE_SA > >> Jul 1 12:00:12 vpneye charon: 13[CFG] looking for RSA signature peer > >> configs matching 11.12.13.15...11.12.13.18[C=IN, ST=TN, O=BUGBRAINS, > >> OU=IT, CN=MILEYCYRUS, [email protected]] > >> Jul 1 12:00:12 vpneye charon: 13[IKE] no peer config found > >> Jul 1 12:00:12 vpneye charon: 13[ENC] generating INFORMATIONAL_V1 request > >> 152362081 [ N(AUTH_FAILED) ] > >> Jul 1 12:00:12 vpneye charon: 13[NET] sending packet: from > >> 11.12.13.15[500] to 11.12.13.18[500] (56 bytes) > > > >> Thank you, > >> s.s.arvindhar > > > > > >> _______________________________________________ > >> Users mailing list > >> [email protected] > >> https://lists.strongswan.org/mailman/listinfo/users > > > >> _______________________________________________ > >> Users mailing list > >> [email protected] > >> https://lists.strongswan.org/mailman/listinfo/users > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBAgAGBQJTtUEEAAoJEDg5KY9j7GZYI5sP/AvALhv5guqaW5vb8NSMn18G > QD/PN0AKcaYspK2IZkxDtATjCbKxH6ol5TLf7Gct0awnK5q7nZkWnj5YTeFnZ/jq > 9HoD217LItBkPlyCS8Nha1a0aUmZnsYqbMOYtfnicIpvdlAdn9ZxalFQ5VIc0Its > jrKjvXEqQasX0maKdG81AZvOIkPKOCVm2qWb5pOig0pCDtN4uWeRjSbsdsu8rK07 > WygpZj72BKI6M3jnxoEaoTHL6d6EsuPxxqFCefu/1e7jQmvRH77FqnmXKxHjLF+4 > GpELRGPtbZ0lsq7dVASi8/qKlvYEUEg4CcXA/uOOECvVrjqTvQksWlBm0CLB2Xd/ > L2yMIYiMLlllQx7w6NFvaVNNFdwDlf6K9m5m5xRuUeh+r0xvGLUlPe68aTp4K7+V > nsdokOtez0YHJs1o0KE7dl//G8WVac+VDyXJaM9csaZz/HX9VBrOSsxGblIbsuG8 > YuweP1Jw3TtSGY7IdrA3xPeQU1bqGawc2ci4K14Go3cEjlkiUO55a2nMOLCgqkUL > ZbWhzUQ9rRfcHY8g22H91O1PEnlyKAOKRUTA/lpisvb/B9HD+tLdYfFPRltOa+lj > gtSv9NC5AsChWfnB/J5EXTrgxec2BaRKdtZImDay3fIHrDmuhhLG3Eu+4sfUAHhE > gbBqTqENf+sqD5mRSs6t > =jkdN > -----END PGP SIGNATURE-----
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
