The logs of the Windows server will tell you what it doesn't like.

On 27.10.2017 11:13, Ben Lavender wrote:
>
> Anyone think they could assist with this?
>
>  
>
> *From:*Ben Lavender
> *Sent:* 24 October 2017 17:23
> *To:* '[email protected]' <[email protected]>
> *Subject:* Host-to-Host Windows to Debian (StrongSwan)
>
>  
>
> Hello,
>
>  
>
> Please could anyone assist with this problem?
>
>  
>
> We have setup a connection between to servers (right Windows | left 
> Debian-StrongSwan) in a host-to-host configure, where the Windows server will 
> be establishing the connection using transport mode (IKEv1). The 
> authentication is set to use a X.509 certificates.
>
>  
>
> The problem we are having seems to be within the two log lines below:
>
>  
>
> Oct 24 16:21:45 LAB-DEBCLIENT-01 charon: 07[ENC] parsed INFORMATIONAL_V1 
> request 62237808 [ HASH N(AUTH_FAILED) ]
>
> Oct 24 16:21:45 LAB-DEBCLIENT-01 charon: 07[IKE] received 
> AUTHENTICATION_FAILED error notify
>
>  
>
> Is there any advice given for attempting to resolve this issue? I can provide 
> full logs if need be. Thanks.
>
>  
>
> /etc/ipsec.conf
>
>  
>
> # ipsec.conf - strongSwan IPsec configuration file
>
>  
>
> config setup
>
>         charondebug="ike 4, knl 4, cfg 4"
>
>  
>
> conn %default
>
>         ikelifetime=60m
>
>         keylife=20m
>
>         rekeymargin=3m
>
>         keyingtries=1
>
>         mobike=no
>
>         keyexchange=ike
>
>  
>
> conn host-host
>
>         left=192.168.2.9
>
>         leftcert=deb.crt.pem
>
>         leftid="CN=LAB-DEBCLIENT-01.lab.vdcs.local"
>
>         leftfirewall=yes
>
>         right=192.168.2.5
>
>         rightid="CN=LAB-FPSVR-01.lab.vdcs.local"
>
>         type=transport
>
>         auto=add
>
>  
>
> ca strongswan
>
>        cacert=rootca.pem
>
>        crluri=http://LAB-DC-01.lab.vdcs.local/tempcrl/lab-LAB-DC-01-CA-1.crl
>
>        auto=add
>
>  
>
>  
>
> /etc/ipsec.secrets
>
>  
>
> # This file holds shared secrets or RSA private keys for authentication.
>
>  
>
> # RSA private key for this host, authenticating it to any other host
>
> # which knows the public part.
>
>  
>
> : RSA deb.key.pem
>
>  
>
> Regards
>
>  
>
> Ben
>
>  
>
> Virtual Data Centre Services (virtualDCS) is registered in England and Wales 
> under company number 07238621; registered address: The Waterscape, 42 Leeds 
> and Bradford Road, LS5 3EG. This e-mail and any attachments are strictly 
> confidential and intended for the addressee only. If you are not the named 
> addressee you must not disclose, copy, or take any action in reliance of this 
> transmission, and you should notify us as soon as possible. Any views or 
> opinions expressed are solely those of the author and do not necessarily 
> represent those of virtualDCS. This e-mail and any attachments are believed 
> to be free from viruses but it is your responsibility to carry out all 
> necessary virus checks, and virtualDCS accepts no liability in connection 
> therewith.
>

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to