Strongswan mschapv2 configure

tczauderna
tczauderna Posts: 8  Freshman Member
Zyxel Certified Network Administrator - WLAN Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula

Hello, I'm fighting anymore, I don't want to count how much with strongswan.
And how many configurations were created is also another issue :( unfortunately without a positive result)

I can't find a complete tutorial anywhere.

Outline of the situation on the wrist I have a Zyxel USG 500 - Here I have configured VPN IKEv2 mschapv2.

The VPN on windows matched up correctly with the config provided by zyxel.

A friend here says that he managed to compile through the network manager after disabling eap plugins, i.e. eap-peap , eap-md5 eap-gtc

and so I did by creating the eap.conf file in /etc/strngswan/charon/eap.conf

then I added a file for authorization ./ipsec.secrets gdfzie I put my login details

my ipsec file currently looks like this

setup
# strictcrlpolicy=yes
# uniqueids = no

     # Slightly more verbose logging. Very useful for debugging.
charondebug="dmn 4, mgr 4, ike 4, chd 4, job 4, cfg 4, knl 4, net 4, enc 4, lib 4"

# Default configuration options, used below if an option is not specified.
# See: https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection

conn %default

     # Use IKEv2 by default
keyexchange=ikev2

# Prefer modern cipher suites that allow PFS (Perfect Forward Secrecy)

ike=aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096 ,aes128-sha256-modp1536, aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes 256-sha256-modp1536,aes256- sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024!
esp=aes128gcm16-ecp256,aes256gcm16-ecp384,aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096, aes256-sha256-modp4096,aes256-sha1- modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp 1024,aes256-sha384-modp1536, aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024,aes128gcm16,aes256gcm16,aes128-sha256,aes128 -sha1,aes256-sha384,aes256-sha256, aes256-sha1!

# Dead Peer Discovery

dpdaction=clear
dpddelay=300s

# Do not renegotiate a connection if it is about to expire

rekey=yes
auto=start
compress=no
type=tunnel
fragmentation=yes
forceencaps=yes

conn xxx
# server side

     right=x.x.x.x

rightssubnet=0.0.0.0/0

     rightid=x.x.x.x
rightcert=asd_vpn.crt
rightsendcert=always

#leftauth=eap

# client side
left=%any
leftid=%any
leftsubnet=0.0.0.0/0
leftauth=eap-mschapv2
eap_identity=vpn_xxxx

ike=aes128-sha256-modp1024
esp=aes128-sha256

ikelifetime=28800s
lifetime=3600s

If anyone has an idea of why this isn't working for me, I'd be grateful. I wouldn't be surprised if it's a really trivial error :/

All Replies

  • jasailafan
    jasailafan Posts: 193  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary

    Here are some examples using strongswan on Linux to establish vpn. I hope these will help.
    https://community.zyxel.com/en/discussion/15678/usg-flex-200-no-proposal-error-with-strongswan
    https://community.zyxel.com/en/discussion/9890/i-can-connect-from-windows-10-but-cant-from-linux

  • tczauderna
    tczauderna Posts: 8  Freshman Member
    Zyxel Certified Network Administrator - WLAN Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula

    unfortunately this is not a solution for mine. We keep looking

Security Highlight