2
I'm using strongswan
on ubuntu 16.04 to connect to a thirdparty L2TP/IPSec VPN.
They provided me a profile file like this:
VPN connection IP : X.X.X.X
IPSEC Authentication : ---------------------
IPSEC Preshared key : SOME^"TH!NG$
L2TP authentication :
username : USER
password : PASS
IPSEC Phase 1 Proposal----------------------
encryption 3DES Authentication SHA1
encryption AES192 Authentication SHA1
encryption AES256 Authentication MD5
Diffie-Hellman Group 2
Key lifetime (seconds) 86400
IPSEC Phase 2 Proposal----------------------
Local Address 0.0.0.0/0.0.0.0
Remote Address 0.0.0.0/0.0.0.0
encryption 3DES Authentication SHA1
encryption AES192 Authentication SHA1
encryption AES256 Authentication MD5
Key lifetime (seconds) 86400
I have created /etc/ipsec.conf like this:
config setup
# strictcrlpolicy=yes
# uniqueids = no
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
authby=secret
ike=3des-sha1,AES192-sha1,aes256-md5,modp1024!
esp=3des-sha1,AES192-sha1,aes256-md5!
conn myvpn
keyexchange=ikev1
left=MY.IP.ADD.RESS
auto=add
authby=secret
type=transport
leftprotoport=17/1701
rightprotoport=17/1701
right=X.X.X.X
and /etc/ipsec.secrets like:
# empty line
MY.IP.ADD.RES X.X.X.X : PSK 'SOME^"TH!NG$'
(my ip address: MY.IP.ADD.RES and remote server: X.X.X.X)
$ sudo ipsec up myvpn
results like below:
initiating Main Mode IKE_SA myvpn[2] to X.X.X.X
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from MY.IP.ADD.RES[500] to X.X.X.X[500] (204 bytes)
sending retransmit 1 of request message ID 0, seq 1
sending packet: from MY.IP.ADD.RES[500] to X.X.X.X[500] (204 bytes)
sending retransmit 2 of request message ID 0, seq 1
How I should find out what is wrong with my config file?
Is ike
or esp
wrong or mismatch with given profile?
I'm new to this section, beside my question, any directions to docs, helpful blogs or informations about given profile might help me.
1Could you solve the problem finally? – ilyas Jumadurdyew – 2019-05-20T15:52:09.173
1@ilyasJumadurdyew yeah, and thank you for the mention. I posted a fix as an answer. – Developia – 2019-05-21T05:56:29.043