[strongSwan] problem connecting linux laptop to VPN using network-manager-strongswan 1.4.5-2.1

Sun, 27 Jun 2021 18:42:24 -0700

I am encountering a problem attempting to access a VPN using strongswan from my linux laptop.  I have it working from an android phone and tablet as well as a windows laptop, so I know the server is configured properly.
The connection appears to start normally and then fails at the EAP stage.  Log on the linux laptop shows: 


Jun 27 17:05:15 Z560 charon-nm: 06[IKE] authentication of 
'durgeeenterprises.publicvm.com' with RSA_EMSA_PKCS1_SHA2_384 successful
Jun 27 17:05:15 Z560 charon-nm: 06[IKE] server requested EAP_IDENTITY 
(id 0x00), sending 'dhdurgee'
Jun 27 17:05:15 Z560 charon-nm: 06[IKE] EAP_IDENTITY not supported, 
sending EAP_NAK
Jun 27 17:05:15 Z560 charon-nm: 06[ENC] generating IKE_AUTH request 2 
[ EAP/RES/NAK ]
Jun 27 17:05:15 Z560 charon-nm: 06[NET] sending packet: from 
192.168.1.114[60298] to 108.31.28.59[4500] (76 bytes)
Jun 27 17:05:15 Z560 charon-nm: 09[NET] received packet: from 
108.31.28.59[4500] to 192.168.1.114[60298] (76 bytes)
Jun 27 17:05:15 Z560 charon-nm: 09[ENC] parsed IKE_AUTH response 2 [ 
EAP/FAIL ]
Jun 27 17:05:15 Z560 charon-nm: 09[IKE] received EAP_FAILURE, EAP 
authentication failed
Jun 27 17:05:15 Z560 charon-nm: 09[ENC] generating INFORMATIONAL 
request 3 [ N(AUTH_FAILED) ]
Jun 27 17:05:15 Z560 charon-nm: 09[NET] sending packet: from 
192.168.1.114[60298] to 108.31.28.59[4500] (76 bytes)


While on the server end I see:


Jun 27 17:05:15 DG41TY charon: 06[CFG] looking for peer configs 
matching 192.168.80.11[%any]...172.58.187.218[dhdurgee]

Jun 27 17:05:15 DG41TY charon: 06[CFG] selected peer config 'ikev2-vpn'

Jun 27 17:05:15 DG41TY charon: 06[IKE] initiating EAP_IDENTITY method 
(id 0x00)

Jun 27 17:05:15 DG41TY charon: 06[IKE] peer supports MOBIKE

Jun 27 17:05:15 DG41TY charon: 06[IKE] authentication of 
'durgeeenterprises.publicvm.com' (myself) with RSA_EMSA_PKCS1_SHA384 
successful
Jun 27 17:05:15 DG41TY charon: 06[IKE] sending end entity cert "C=US, 
O=Durgee Enterprises LLC, CN=durgeeenterprises.publicvm.com"
Jun 27 17:05:15 DG41TY charon: 06[ENC] generating IKE_AUTH response 1 
[ IDr CERT AUTH EAP/REQ/ID ]
Jun 27 17:05:15 DG41TY charon: 06[ENC] splitting IKE message with 
length of 2092 bytes into 5 fragments
Jun 27 17:05:15 DG41TY charon: 06[ENC] generating IKE_AUTH response 1 
[ EF(1/5) ]
Jun 27 17:05:15 DG41TY charon: 06[ENC] generating IKE_AUTH response 1 
[ EF(2/5) ]
Jun 27 17:05:15 DG41TY charon: 06[ENC] generating IKE_AUTH response 1 
[ EF(3/5) ]
Jun 27 17:05:15 DG41TY charon: 06[ENC] generating IKE_AUTH response 1 
[ EF(4/5) ]
Jun 27 17:05:15 DG41TY charon: 06[ENC] generating IKE_AUTH response 1 
[ EF(5/5) ]
Jun 27 17:05:15 DG41TY charon: 06[NET] sending packet: from 
192.168.80.11[4500] to 172.58.187.218[54591] (544 bytes)
Jun 27 17:05:15 DG41TY charon: message repeated 3 times: [ 06[NET] 
sending packet: from 192.168.80.11[4500] to 172.58.187.218[54591] (544 
bytes)]
Jun 27 17:05:15 DG41TY charon: 06[NET] sending packet: from 
192.168.80.11[4500] to 172.58.187.218[54591] (176 bytes)
Jun 27 17:05:15 DG41TY charon: 05[NET] received packet: from 
172.58.187.218[54591] to 192.168.80.11[4500] (76 bytes)
Jun 27 17:05:15 DG41TY charon: 05[ENC] parsed IKE_AUTH request 2 [ 
EAP/RES/NAK ]
Jun 27 17:05:15 DG41TY charon: 05[IKE] received EAP_NAK, sending 
EAP_FAILURE
Jun 27 17:05:15 DG41TY charon: 05[ENC] generating IKE_AUTH response 2 
[ EAP/FAIL ]
Jun 27 17:05:15 DG41TY charon: 05[NET] sending packet: from 
192.168.80.11[4500] to 172.58.187.218[54591] (76 bytes)



What am I doing wrong here?  I assume I have an error in the linux 
client configuration, since android and windows clients work with the 
server.  What did I miss?


Dave




Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature






















					Reply via email to