[strongSwan] Unable to connect to the VPN server from ubuntu via nm-strongswan

Tue, 18 Apr 2017 02:14:21 -0700 

Hello!

What I have:
    strongswan 5.2.1 on Bananapi.

That's what I want to use to connect:
    iOS devices;
    Linux on desktop.

These files were created:
    CA private key;
    CA certificate;
    VPN host private key;
    VPN host certificate;
    Client private key;
    Client certificate (.pem and .p12 for iOS).

IPsec configuration file (server):

# ipsec.conf - strongSwan IPsec configuration file

config setup
    charondebug="cfg 2, dmn 2, ike 2, net 2"


conn client
    keyexchange=ikev2
    leftauth=pubkey
    left=%any
    leftid=VPN
    leftcert=vpn-host-certificate.pem
    leftsendcert=always
    leftsubnet=0.0.0.0/0
    right=%any
    rightsourceip=192.168.0.1/24
    rightdns=8.8.8.8,8.8.4.4
    dpdaction=clear
    rightid=*@example.com
    rightcert2=*certificate.pem
    rightauth=eap-tls
    rightsendcert=never
    eap_identity=%identity
    auto=add

Secrets file (server):

# This file holds shared secrets or RSA private keys for authentication.

# RSA private key for this host, authenticating it to any other host
# which knows the public part.
# this file is managed with debconf and will contain the automatically created $ 
include /var/lib/strongswan/ipsec.secrets.inc

: RSA vpn-host-key.pem
I can connect from my iOS devices, but from Ubuntu (16.10 and now 17.04) with network-manager-strongswan (1.4.1-1) I can't (Vpn connection failed). 

bananapi(server) tail -f /var/log/syslog:

Apr 15 13:32:32 bananapi charon: 08[CFG] no matching peer config found
Apr 15 13:32:32 bananapi charon: 08[IKE] processing INTERNAL_IP4_ADDRESS attribute Apr 15 13:32:32 bananapi charon: 08[IKE] processing INTERNAL_IP4_DNS attribute Apr 15 13:32:32 bananapi charon: 08[IKE] processing INTERNAL_IP4_NBNS attribute 
Apr 15 13:32:32 bananapi charon: 08[IKE] peer supports MOBIKE
Apr 15 13:32:32 bananapi charon: 08[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ] Apr 15 13:32:32 bananapi charon: 08[NET] sending packet: from 192.168.0.101[4500] to 85.140.*.*[8066] (76 bytes) Apr 15 13:32:32 bananapi charon: 03[NET] sending packet: from 192.168.0.101[4500] to 85.140.*.*[8066] Apr 15 13:32:32 bananapi charon: 08[IKE] IKE_SA (unnamed)[13] state change: CONNECTING => DESTROYING 


Settings of vpn-connection (network manager Ubuntu):

Gateway
    Adress: ip adress of the bananapi
    Certificate: CA certificate (.pem)
Client
    Authentication: Certificate/private key
    Certificate: Client certificate(.pem)
    Private key: Client private key(.pem)

Please indicate where I made a mistake.

Best regards,
Eugene

_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to