Hi David,
Please confirm you have StrongSwann’s eap-mschapv2 plugin installed. If not try Installing, libcharon-extra-plugins on your client. Kind Regards Charles Fadipe Junior Penetration and Security Tester University Information Services University of Cambridge ________________________________ From: Users <users-boun...@lists.strongswan.org> on behalf of David H Durgee <dhdur...@verizon.net> Sent: Sunday, June 27, 2021 10:42 pm To: users@lists.strongswan.org Subject: [strongSwan] problem connecting linux laptop to VPN using network-manager-strongswan 1.4.5-2.1 I am encountering a problem attempting to access a VPN using strongswan from my linux laptop. I have it working from an android phone and tablet as well as a windows laptop, so I know the server is configured properly. The connection appears to start normally and then fails at the EAP stage. Log on the linux laptop shows: > Jun 27 17:05:15 Z560 charon-nm: 06[IKE] authentication of > 'durgeeenterprises.publicvm.com' with RSA_EMSA_PKCS1_SHA2_384 successful > Jun 27 17:05:15 Z560 charon-nm: 06[IKE] server requested EAP_IDENTITY > (id 0x00), sending 'dhdurgee' > Jun 27 17:05:15 Z560 charon-nm: 06[IKE] EAP_IDENTITY not supported, > sending EAP_NAK > Jun 27 17:05:15 Z560 charon-nm: 06[ENC] generating IKE_AUTH request 2 > [ EAP/RES/NAK ] > Jun 27 17:05:15 Z560 charon-nm: 06[NET] sending packet: from > 192.168.1.114[60298] to 108.31.28.59[4500] (76 bytes) > Jun 27 17:05:15 Z560 charon-nm: 09[NET] received packet: from > 108.31.28.59[4500] to 192.168.1.114[60298] (76 bytes) > Jun 27 17:05:15 Z560 charon-nm: 09[ENC] parsed IKE_AUTH response 2 [ > EAP/FAIL ] > Jun 27 17:05:15 Z560 charon-nm: 09[IKE] received EAP_FAILURE, EAP > authentication failed > Jun 27 17:05:15 Z560 charon-nm: 09[ENC] generating INFORMATIONAL > request 3 [ N(AUTH_FAILED) ] > Jun 27 17:05:15 Z560 charon-nm: 09[NET] sending packet: from > 192.168.1.114[60298] to 108.31.28.59[4500] (76 bytes) While on the server end I see: > Jun 27 17:05:15 DG41TY charon: 06[CFG] looking for peer configs > matching 192.168.80.11[%any]...172.58.187.218[dhdurgee] > Jun 27 17:05:15 DG41TY charon: 06[CFG] selected peer config 'ikev2-vpn' > Jun 27 17:05:15 DG41TY charon: 06[IKE] initiating EAP_IDENTITY method > (id 0x00) > Jun 27 17:05:15 DG41TY charon: 06[IKE] peer supports MOBIKE > Jun 27 17:05:15 DG41TY charon: 06[IKE] authentication of > 'durgeeenterprises.publicvm.com' (myself) with RSA_EMSA_PKCS1_SHA384 > successful > Jun 27 17:05:15 DG41TY charon: 06[IKE] sending end entity cert "C=US, > O=Durgee Enterprises LLC, CN=durgeeenterprises.publicvm.com" > Jun 27 17:05:15 DG41TY charon: 06[ENC] generating IKE_AUTH response 1 > [ IDr CERT AUTH EAP/REQ/ID ] > Jun 27 17:05:15 DG41TY charon: 06[ENC] splitting IKE message with > length of 2092 bytes into 5 fragments > Jun 27 17:05:15 DG41TY charon: 06[ENC] generating IKE_AUTH response 1 > [ EF(1/5) ] > Jun 27 17:05:15 DG41TY charon: 06[ENC] generating IKE_AUTH response 1 > [ EF(2/5) ] > Jun 27 17:05:15 DG41TY charon: 06[ENC] generating IKE_AUTH response 1 > [ EF(3/5) ] > Jun 27 17:05:15 DG41TY charon: 06[ENC] generating IKE_AUTH response 1 > [ EF(4/5) ] > Jun 27 17:05:15 DG41TY charon: 06[ENC] generating IKE_AUTH response 1 > [ EF(5/5) ] > Jun 27 17:05:15 DG41TY charon: 06[NET] sending packet: from > 192.168.80.11[4500] to 172.58.187.218[54591] (544 bytes) > Jun 27 17:05:15 DG41TY charon: message repeated 3 times: [ 06[NET] > sending packet: from 192.168.80.11[4500] to 172.58.187.218[54591] (544 > bytes)] > Jun 27 17:05:15 DG41TY charon: 06[NET] sending packet: from > 192.168.80.11[4500] to 172.58.187.218[54591] (176 bytes) > Jun 27 17:05:15 DG41TY charon: 05[NET] received packet: from > 172.58.187.218[54591] to 192.168.80.11[4500] (76 bytes) > Jun 27 17:05:15 DG41TY charon: 05[ENC] parsed IKE_AUTH request 2 [ > EAP/RES/NAK ] > Jun 27 17:05:15 DG41TY charon: 05[IKE] received EAP_NAK, sending > EAP_FAILURE > Jun 27 17:05:15 DG41TY charon: 05[ENC] generating IKE_AUTH response 2 > [ EAP/FAIL ] > Jun 27 17:05:15 DG41TY charon: 05[NET] sending packet: from > 192.168.80.11[4500] to 172.58.187.218[54591] (76 bytes) What am I doing wrong here? I assume I have an error in the linux client configuration, since android and windows clients work with the server. What did I miss? Dave