Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
P
P
Programmerus2019-01-18 21:54:24
Debian
Programmerus, 2019-01-18 21:54:24

L2TP-VPN not working between Strongswan/Debian (client) and Windows 2012 (server). Authentication failed?

I'm trying to connect as a Debian Strech client using Strongswan to a VPN server (IPSec/L2TP) running on Windows Server 2012R2. The server is working fine . clients under Windows and even MacOS connect to it without problems. No special dances with a tambourine are needed.
I struggled for three hours today trying to connect Strongswan and Debian Strech to it - I have already tried everything, zero to the mass. The config is below (now I have already removed almost everything from it - but I have already tried completely different combinations). Error - AUTHENTICATION FAILED. PSK I enter certainly correct.
ipsec.conf

config setup
conn %default
    authby=secret
conn intp
    left=%any
    leftfirewall=no
    right=server_hostname
    rightfirewall=yes
    type=tunnel
    auto=add

ipsec.secrets
include /var/lib/strongswan/ipsec.secrets.inc
: PSK VALID_PSK

ipsec up intp
initiating IKE_SA intp[1] to 194.84.28.242
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from 144.76.196.175[500] to 194.84.28.242[500] (1300 bytes)
received packet: from 194.84.28.242[500] to 144.76.196.175[500] (38 bytes)
parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
peer didn't accept DH group MODP_3072, it requested MODP_1024
initiating IKE_SA intp[1] to 194.84.28.242
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from 144.76.196.175[500] to 194.84.28.242[500] (1044 bytes)
received packet: from 194.84.28.242[500] to 144.76.196.175[500] (360 bytes)
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) V V ]
received MS NT5 ISAKMPOAKLEY v9 vendor ID
received MS-Negotiation Discovery Capable vendor ID
remote host is behind NAT
no IDi configured, fall back on IP address
authentication of '144.76.196.175' (myself) with pre-shared key
establishing CHILD_SA intp
generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(ADD_6_ADDR) N(EAP_ONLY) ]
sending packet: from 144.76.196.175[4500] to 194.84.28.242[4500] (412 bytes)
received packet: from 194.84.28.242[4500] to 144.76.196.175[4500] (68 bytes)
parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
received AUTHENTICATION_FAILED notify error
establishing connection 'intp' failed

Thanks in advance for science ;)

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
G
gt0rs, 2019-05-19
@gt0rs

Faced the same problem, by trial and error I got the following config (client and server behind NAT, strongswan 5.7):

config setup

conn %default
    ikelifetime=60m
    keylife=20m
    rekeymargin=3m
    keyingtries=1
    ike=3des-sha1-modp1024!
    esp=3des-sha1!

conn l2tp_psk
    keyexchange=ikev1
    left=%defaultroute
    auto=add
    authby=psk
    type=transport
    leftprotoport=17/1701
    rightprotoport=17/1701
    right=XXX.XXX.XXX.XX # Публичный IP сервера
    rightid=XXX.XXX.XXX.XXX # IP сервера в локальной сети
    rightsendcert=never

Similar questions
D
deleted-LocCodE2015-02-05 11:50:24
Optimizing Debian for Java, what should be done and how? 3Reply
A
Andrew2019-07-03 19:36:09
Why doesn't 3proxy start? 2Reply
P
pkproject2015-02-07 13:47:31
Php cli raising CPU performance by 100%? 1Reply
Q
q2zoff2019-07-07 23:30:18
How to set the primary IP address on a network interface? 2Reply
S
Sergey07132019-07-09 15:40:58
Debian Non-Free with firewood? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question