I installed Strongswan 5.1.2 from Ubuntu 14.04 reps or 5.2.1 night build and xl2tpd. Also created certificates (ca, server, clients) . So, Win 7 l2tp/cert connection is established with these certificates, but ikev2 connection as with machine certs as eap-mschapv2 do not work and causes the same error:
*getting a local address in traffic selector 10.10.1.0/24 <http://10.10.1.0/24>[KNL] no local address found in traffic selector 10.10.1.0/24 <http://10.10.1.0/24>[IKE] CHILD_SA ikev2_machine_cert{1} established with SPIs ce88164c_i f9267310_o and TS 10.10.1.0/24 <http://10.10.1.0/24> === 10.10.2.10/32 <http://10.10.2.10/32>[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR DNS NBNS DNS NBNS) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) ][NET] sending packet: from 95.252.95.95[4500] to 5.18.98.53[4500] (1500 bytes)[DMN] signal of type SIGINT received. Shutting down[IKE] queueing IKE_DELETE task[IKE] activating new tasks[IKE] activating IKE_DELETE task* My machine cert connection part: conn ikev2_machine_cert auto=add esp=aes256-sha1 ike=aes256-sha1-modp1024 keyexchange=ikev2 left=95.252.95.95 leftsubnet=10.10.1.0/24 leftcert=/etc/ipsec.d/certs/server.crt right=%any rightsourceip=10.10.2.0/24 type=tunnel conn ikev2_cert_eap-mschapv2 keyexchange=ikev2 ike=aes256-sha1-modp1024! esp=aes256-sha1! dpdaction=clear dpddelay=300s rekey=no left=95.252.95.95 leftsubnet=0.0.0.0/0 leftauth=pubkey leftcert=/etc/ipsec.d/certs/server.crt leftid=95.252.95.95 right=%any rightauth=eap-mschapv2 rightsendcert=never rightsourceip=10.10.3.10 eap_identity=%any auto=add type=tunnel What is wrong and where is mistake ?
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
