Answer the question
In order to leave comments, you need to log in
A
A
Al Tinho2019-02-05 09:08:47
Al Tinho, 2019-02-05 09:08:47
How to connect via ipsec Centos7 and Windows Server 2016?
Good afternoon!
Please tell me how to connect Centos7 and Windows Server 2016 via ipsec?
Initiator - windows server, on centos I use the libreswan package, connect via PSK, tried to connect via shrew vpn - it doesn't work
Feb 5 09:50:56.680377: packet from aaaa:500: ignoring unknown Vendor ID payload [01528bbbc00696121849ab9a1c5b2a5100000001]
Feb 5 09:5 :56.680536: "test2"[1] aaaa #1: responding to Main Mode from unknown peer aaaa on port 500
Feb 5 09:50:56.680620: "test2"[1] aaaa #1: OAKLEY_DES_CBC(UNUSED) is not supported. Attribute OAKLEY_ENCRYPTION_ALGORITHM
Feb 5 09:50:56.680733: "test2"[1] aaaa #1: STATE_MAIN_R1: sent MR1, expecting MI2
Feb 5 09:50:56.688398: "test2"[1] aaaa #1: STATE_MAIN_R2: sent MR2, expecting MI3
Feb 5 09:50:56.695191: "test2"[1] aaaa #1: Peer ID is ID_IPV4_ADDR: 'xxxx "
_
_ test2"[1] aaaa #1: the peer proposed: xxxx/32:0/0 -> 0.0.0.0/0:0/0
Feb 5 09:50:57.317102: FIPS Product: NO
Feb 5 09:50:57.317247 : FIPS Kernel: NO
Feb 5 09:50:57.317255: FIPS Mode: NO
Feb 5 09:50:57.317267: NSS DB directory: sql:/etc/ipsec.d
Feb 5 09:50:57.317412: Initializing NSS
Feb 5 09 :50:57.317431: Opening NSS database "sql:/etc/ipsec.d" read-only
Feb 5 09:50:57.443809: NSS initialized
Feb 5 09:50:57.443844: NSS crypto library initialized
Feb 5 09:50:57.443850: FIPS HMAC integrity support [enabled]
Feb 5 09:50:57.443854: FIPS mode disabled for pluto daemon
Feb 5 09:50:57.477169: FIPS HMAC integrity verification self-test passed
Feb 5 09:50:57.477513: libcap-ng support [enabled]
Feb 5 09:50:57.477529: Linux audit support [enabled]
Feb 5 09: 50: 57.477574: Linux audit activated
Feb September 5: 50: 57.477580: Starting Pluto (Libreswan Version 3.25 XFRM (netkey) KLIPS FORK PTHREAD_SETSCHEDPRIO GCC_EXCEPTIONS NSS DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL (non-NSS) LDAP (non-NSS )) pid:3232
Feb 5 09:50:57.477584: core dump dir: /run/pluto
Feb 5 09:50:57.477588: secrets file: /etc/ipsec.secrets
Feb 5 09:50:57.477592: leak-detective enabled
Feb 5 09:50 :57.477595: NSS crypto [enabled]
Feb 5 09:50:57.477599: XAUTH PAM support [enabled]
Feb 5 09:50:57.477717: NAT-Traversal support [enabled]
Feb 5 09:50:57.477769: Initializing libevent in pthreads mode : headers: 2.0.21-stable (2001500); library: 2.0.21-stable (2001500)
Feb 5 09:50:57.478111: Encryption algorithms:
Feb 5 09:50:57.478133: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} (aes_ccm aes_ccm_c)
Feb 5 09 :50:57.478139: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} (aes_ccm_b)
Feb 5 09:50:57.478149: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} (aes_ccm_a)
Feb 5 09:50:57.478154: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] (3des)
Feb 5 09:50:57.478159: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128}
Feb 5 09:50:57.478164: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} (camellia)
Feb 5 09 :50:57.478170: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes_gcm aes_gcm_c)
Feb 5 09:50:57.478175: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*bes_bes} (256,192,*bes)
Feb 5 09:50:57.478195: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes_gcm_a)
Feb 5 09:50:57.478216: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*12} (aesctr)
Feb 5 09:50:57.478221: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} (aes)
Feb 5 09:50:57.478225: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192, *128} (serpent)
Feb 5 09:50:57.478230: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} (twofish)
Feb 5 09:50:57.478235: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192 ,*128} (twofish_cbc_ssh)
Feb 5 09:50:57.478249: CAST_CBC IKEv1: ESP IKEv2: ESP {*128} (cast)
Feb 5 09:50:57.478272: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP {256,192,*128} (aes_gmac)
Feb 5 09: 50:57.478277: NULL IKEv1: ESP IKEv2: ESP[]
Feb 5 09:50:57.478287: Hash algorithms:
Feb 5 09:50:57.478295: MD5 IKEv1: IKE IKEv2:
Feb 5 09:50:57.478309: SHA1 IKEv1: IKE IKEv2: FIPS (sha)
Feb 5 09:50:57.478314: SHA2_256 IKEv1: IKE IKEv2: FIPS (sha2 sha256)
Feb 5 09:50:57.478318: SHA2_384 IKEv1: IKE IKEv2: FIPS (sha384)
Feb 5 09:50:57.478322: SHA2_512 IKEv1: IKE IKEv2: FIPS (sha512)
Feb 5 09:50:57.478333: PRF algorithms:
Feb 5 09:50:57.478353: HMAC_MD5 IKEv1: IKE IKEv2: IKE (md5)
Feb 5 09 :50:57.478358: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS (sha sha1)
Feb 5 09:50:57.478362: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS (sha2 sha256 sha2_256)
Feb 5 09:50:57.4783 IKEv2: IKE FIPS (sha384 sha2_384)
Feb 5 09:50:57.478385: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS (sha512 sha2_512)
Feb 5 09:50:57.478389: AES_XCBC IKEv1: IKEv2: IKE FIPS (aes128_xcbc)
Feb 5 09:50:57.478401: Integrity algorithms:
Feb 5 09:50:57.478407: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2 hmac_md5)
Feb 5 09:50:57.478411: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha sha1 sha1_96 hmac_sha1)
Feb 5 09:50:57.478428: HMAC_SHA2_512_256 IKEv1: IKE ESP 2 sha2_512 hmac_sha2_512)
Feb September 5: 50: 57.478433: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha384 sha2_384 hmac_sha2_384)
Feb September 5: 50: 57.478437: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (sha2 sha256 sha2_256 hmac_sha2_256)
Feb September 5: 50: 57.478443: AES_XCBC_96 IKEv1: AH IKEv2 ESP: ESP IKE AH FIPS (aes_xcbc aes128_xcbc aes128_xcbc_96)
Feb September 5: 50: 57.478448: AES_CMAC_96 IKEv1: AH IKEv2 ESP: ESP AH FIPS (aes_cmac)
Feb 5 9:50 :57.478452: NONE IKEv1: ESP IKEv2: ESP FIPS (null)
Feb 5 09:50:57.478465: DH algorithms:
Feb 5 09:50:57.478470: NONE IKEv1: IKEv2: IKE ESP AH (null dh0)
Feb 5 09:50 :57.478474: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH (dh2)
Feb 5 09:50:57.478478: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH (dh5)
Feb 5 09:50:57.478482: IDP2048 IKE ESP AH IKEv2: IKE ESP AH FIPS (dh14)
Feb 5 09:50:57.478486: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh15)
Feb 5 09:50:57.478490: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh16)
Feb 5 09: 50:57.478494: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh17)
Feb 5 09:50:57.478498: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS (dh18)
Feb 5 09:50:57.478502 DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS (ecp_256)
Feb 5 09:50:57.478507: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS (ecp_384)
Feb 5 09:50:57.478511: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS (ecp_521)
Feb 5 09:50:57.478515: DH22 IKEv1: IKE ESP AH IKEv2: IKE ESP AH
Feb 5 09:50:57.478519: DH23 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS
Feb 5 09:50:57.478523: DH24 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS
Feb 5 09:50:57.481077: starting up 4 crypto helpers
Feb 5 09:50:57.481168: started thread for crypto helper 0
Feb 5 09:50:57.481199: started thread for crypto helper 1
Feb 5 09:50:57.481225: started thread for crypto helper 2
Feb 5 09:50:57.481289: started thread for crypto helper 3
Similar questions
A
V
V
A
I
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question