Strongswan mschapv2 configure
Hello, I'm fighting anymore, I don't want to count how much with strongswan.
And how many configurations were created is also another issue :( unfortunately without a positive result)
I can't find a complete tutorial anywhere.
Outline of the situation on the wrist I have a Zyxel USG 500 - Here I have configured VPN IKEv2 mschapv2.
The VPN on windows matched up correctly with the config provided by zyxel.
A friend here says that he managed to compile through the network manager after disabling eap plugins, i.e. eap-peap , eap-md5 eap-gtc
and so I did by creating the eap.conf file in /etc/strngswan/charon/eap.conf
then I added a file for authorization ./ipsec.secrets gdfzie I put my login details
my ipsec file currently looks like this
setup
# strictcrlpolicy=yes
# uniqueids = no
# Slightly more verbose logging. Very useful for debugging.
charondebug="dmn 4, mgr 4, ike 4, chd 4, job 4, cfg 4, knl 4, net 4, enc 4, lib 4"
# Default configuration options, used below if an option is not specified.
# See: https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection
conn %default
# Use IKEv2 by default
keyexchange=ikev2
# Prefer modern cipher suites that allow PFS (Perfect Forward Secrecy)
ike=aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096 ,aes128-sha256-modp1536, aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes 256-sha256-modp1536,aes256- sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024!
esp=aes128gcm16-ecp256,aes256gcm16-ecp384,aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096, aes256-sha256-modp4096,aes256-sha1- modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp 1024,aes256-sha384-modp1536, aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024,aes128gcm16,aes256gcm16,aes128-sha256,aes128 -sha1,aes256-sha384,aes256-sha256, aes256-sha1!
# Dead Peer Discovery
dpdaction=clear
dpddelay=300s
# Do not renegotiate a connection if it is about to expire
rekey=yes
auto=start
compress=no
type=tunnel
fragmentation=yes
forceencaps=yes
conn xxx
# server side
right=x.x.x.x
rightssubnet=0.0.0.0/0
rightid=x.x.x.x
rightcert=asd_vpn.crt
rightsendcert=always
#leftauth=eap
# client side
left=%any
leftid=%any
leftsubnet=0.0.0.0/0
leftauth=eap-mschapv2
eap_identity=vpn_xxxx
ike=aes128-sha256-modp1024
esp=aes128-sha256
ikelifetime=28800s
lifetime=3600s
If anyone has an idea of why this isn't working for me, I'd be grateful. I wouldn't be surprised if it's a really trivial error :/
All Replies
-
Here are some examples using strongswan on Linux to establish vpn. I hope these will help.
https://community.zyxel.com/en/discussion/15678/usg-flex-200-no-proposal-error-with-strongswan
https://community.zyxel.com/en/discussion/9890/i-can-connect-from-windows-10-but-cant-from-linux0 -
unfortunately this is not a solution for mine. We keep looking
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight