On 01.06.16 22:39 Fabian Dreßler wrote: > I hope you can help me with my Strongswan Configuration. The goal is to > have a VPN Server for my Smartphone (Android) and my Computer (Ubuntu) > in America. (I am from Germany)
Android can use IKEv2 with RSA-certificates. What does Ubuntu/VPNC support? Can you connect using android and the official strongswan client? May help in debugging, if you know your server works with android. > Jun 1 20:33:49 ip-172-31-56-231 charon: 12[IKE] X.X.X.X is > initiating a Aggressive Mode IKE_SA Aggressive mode. I do not think that is needed/good. > Jun 1 20:33:49 ip-172-31-56-231 charon: 12[CFG] looking for > XAuthInitPSK peer configs matching 172.31.56.231...X.X.X.X[fabian] > Jun 1 20:33:49 ip-172-31-56-231 charon: 12[IKE] no peer config found Your configs are not valid, somehow. > //etc/ipsec.conf//:/ > > conn fabian > keyexchange=ikev1 > authby=xauthpsk > xauth=server Are these two lines needed? > left=%defaultroute > leftsubnet=0.0.0.0/0 > leftfirewall=yes > right=%any > rightsubnet=192.168.201.0/24 > rightsourceip=192.168.201.1/24 Is rightsubnet needed, if you have rightsourceip? > rightdns=8.8.8.8 > auto=add > leftauth=psk > rightauth=psk > rightauth2=xauth I thought these lines are enough and you could omit the two lines above (authby and xauth). > Jun 1 22:38:27 Fabian-PC NetworkManager[918]: /usr/sbin/vpnc: > response was invalid [1]: (ISAKMP_N_INVALID_EXCHANGE_TYPE)(7) I found this with a short google search, which is also about vpnc: https://lists.strongswan.org/pipermail/users/2013-April/004507.html But the OP did not find/post a solution. Johannes
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
