So I've sat down with a colleague from support today, and found out that the VPN server is configured to propose the following for phase 1 and phase 2:
IKE (Phase 1) proposal: * CH Group: Group 2 * Encryption: 3DES * Authentication SHA1 * Life Time (seconds): 28800 Ipsec (Phase 2) proposal: * Protocol: ESP * Encryption: AES-128 * Authentication: SHA1 * Enable Perfect Forward Secrecy: no * Life Time (seconds): 28800 Based on this, I figured I had to specify "3des-sha1-modp1024" as phase 1 algoritms and "aes128-sha1" as phase 2 algorithms, but so far I haven't had any luck.. Can anyone validate my assumption about the phase 1 and phase 2 algoritms values? My next step will be to try and get more logging from StrongSwan, to see if I can more precicely pinpoint the problem. Kind regards, Jonas Koperdraat Op za 20 okt. 2018 om 07:00 schreef Jonas Koperdraat < jo...@jonaskoperdraat.nl>: > Thanks for the reply. > > I'll get in touch with support and see if I can find out the specifics of > phase 2. > > Kind regards, > > Jonas > > On Thu, Oct 18, 2018, 18:40 Noel Kuntze > <noel.kuntze+strongswan-users-ml@thermi.consulting> wrote: > >> Hi, >> >> It looks like something is off with your phase two configuration. It can >> be anything in your phase two configuration that it doesn't like. You're >> better off just asking the administrator of the other side what they expect. >> >> Kind regards >> >> Noel >> >> Am 16.10.18 um 22:16 schrieb Jonas Koperdraat: >> > Hello there, >> > >> > I'm having trouble connecting to my company's VPN from my Linux laptop. >> I have spent quite some time trying to figure out what might be causing >> this problem, but frankly my knowledge on the subject is limited, so I'm >> hoping someone here might be able to help me in the right direction. Any >> help would be greatly appreciated! >> > >> > My campany uses an L2TP VPN with en IPSec tunnel. Using the same >> credentials as I'm using on my laptop, I am able to connect to the network >> from my mobile phone funning Android Oreo, without any problems, but from >> my laptop I am unable to connect. >> > >> > I am running Ubuntu 18.04.1 LTS. >> > >> > jonas@Jonas-XPS13:~$ uname -a >> > Linux Jonas-XPS13 4.15.0-1018-oem #21-Ubuntu SMP Tue Aug 28 14:12:47 >> UTC 2018 x86_64 x86_64 x86_64 GNU/Linux >> > >> > Following these instructions, I added the L2TP network manager to Gnome: >> > >> https://medium.com/@hkdb/ubuntu-16-04-connecting-to-l2tp-over-ipsec-via-network-manager-204b5d475721 >> > >> > However, I wasn't able to connect. This stackoverflow question/answer >> (among others) mentioned that I might have to specify phase 1 and phase 2 >> algorithms: >> > >> https://askubuntu.com/questions/904217/unable-to-connect-l2tp-ipsec-vpn-from-ubuntu-16-04 >> > >> > I ran an ike-scan, from which I concluded that the VPN indeed uses old >> algorithms, so I added 3des-sha1-modp1024! and 3des-sha1! as phase 1 and >> phase 2 algorithms. For good measure I added the exclamation marks, as some >> solutions mentioned that might be required. >> > >> > jonas@Jonas-XPS13:~$ sudo ike-scan -v office.********.nl >> > DEBUG: pkt len=336 bytes, bandwidth=56000 bps, int=52000 us >> > Starting ike-scan 1.9.4 with 1 hosts ( >> http://www.nta-monitor.com/tools/ike-scan/) >> > 87.213.34.174Main Mode Handshake returned HDR=(CKY-R=254e5ebbbb17c30a) >> SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds >> LifeDuration=28800) VID=5b362bc820f60007 (SonicWall-7) >> > >> > Ending ike-scan 1.9.4: 1 hosts scanned in 0.060 seconds (16.70 >> hosts/sec). 1 returned handshake; 0 returned notify >> > >> > Unfortunately, even though that seemed to be the solution for the >> majority of the problems I encountered online, I am still unable to >> connect. Below are links to pastebins with relevant information: >> > >> > Logging of a connection attempt: https://pastebin.com/cEwMQjjC >> > /etc/strongswan.conf: https://pastebin.com/LppKLiqw >> > /etc/strongswan.d/charon.conf https://pastebin.com/9ecW0LXJ >> > >> > Kind regards and thanks in advance, >> > >> > Jonas >> > >> > >> > >> > >> >>