I used Debian as Server and windows as clients in ike2 conn. working setup can be found here
https://github.com/peppelinux/UniTools/blob/master/IPSec/ipsec.fw.sh I never used ike1, sorry 2017-10-27 11:13 GMT+02:00 Ben Lavender <[email protected]>: > Anyone think they could assist with this? > > > > *From:* Ben Lavender > *Sent:* 24 October 2017 17:23 > *To:* '[email protected]' <[email protected]> > *Subject:* Host-to-Host Windows to Debian (StrongSwan) > > > > Hello, > > > > Please could anyone assist with this problem? > > > > We have setup a connection between to servers (right Windows | left > Debian-StrongSwan) in a host-to-host configure, where the Windows server > will be establishing the connection using transport mode (IKEv1). The > authentication is set to use a X.509 certificates. > > > > The problem we are having seems to be within the two log lines below: > > > > Oct 24 16:21:45 LAB-DEBCLIENT-01 charon: 07[ENC] parsed INFORMATIONAL_V1 > request 62237808 [ HASH N(AUTH_FAILED) ] > > Oct 24 16:21:45 LAB-DEBCLIENT-01 charon: 07[IKE] received > AUTHENTICATION_FAILED error notify > > > > Is there any advice given for attempting to resolve this issue? I can > provide full logs if need be. Thanks. > > > > /etc/ipsec.conf > > > > # ipsec.conf - strongSwan IPsec configuration file > > > > config setup > > charondebug="ike 4, knl 4, cfg 4" > > > > conn %default > > ikelifetime=60m > > keylife=20m > > rekeymargin=3m > > keyingtries=1 > > mobike=no > > keyexchange=ike > > > > conn host-host > > left=192.168.2.9 > > leftcert=deb.crt.pem > > leftid="CN=LAB-DEBCLIENT-01.lab.vdcs.local" > > leftfirewall=yes > > right=192.168.2.5 > > rightid="CN=LAB-FPSVR-01.lab.vdcs.local" > > type=transport > > auto=add > > > > ca strongswan > > cacert=rootca.pem > > crluri=http://LAB-DC-01.lab.vdcs.local/tempcrl/lab-LAB-DC- > 01-CA-1.crl > > auto=add > > > > > > /etc/ipsec.secrets > > > > # This file holds shared secrets or RSA private keys for authentication. > > > > # RSA private key for this host, authenticating it to any other host > > # which knows the public part. > > > > : RSA deb.key.pem > > > > Regards > > > > Ben > > > > Virtual Data Centre Services (virtualDCS) is registered in England and > Wales under company number 07238621; registered address: The Waterscape, > 42 Leeds and Bradford Road, LS5 3EG > <https://maps.google.com/?q=The+Waterscape,+42+Leeds+and+Bradford+Road,+LS5+3EG&entry=gmail&source=g>. > This e-mail and any attachments are strictly confidential and intended for > the addressee only. If you are not the named addressee you must not > disclose, copy, or take any action in reliance of this transmission, and > you should notify us as soon as possible. Any views or opinions expressed > are solely those of the author and do not necessarily represent those of > virtualDCS. This e-mail and any attachments are believed to be free from > viruses but it is your responsibility to carry out all necessary virus > checks, and virtualDCS accepts no liability in connection therewith. >
