Strongswan and Mikrotik client how to connect?

V

Viktor2017-09-08 18:05:52

open server

Viktor, 2017-09-08 18:05:52

I can't set up a connection between Strongswan and the Mikrotik client
Other options - windows and android work without problems
Now the configuration looks like this:
Strongswan ----------------------> Mikrotik
109.122. 11.31 195.16.10.10: PSK "01234567899876543210"
CONN MIKROT
RIGHTSENDCERT = NEVER
FORCEENCAPS = YES LEFT =
109.122.11.31
LeftSubnet = 10.86.86.0 / 24
Right = 195.16.10.10
RightSubnet = 172.23.36.0 / 24
IKE = AES256-SHA256-MODP1024!
esp=aes256-sha256-modp1024!
keyingtries=0
ikelifetime=1h
lifetime=24h
authby=secret
auto=start
keyexchange=ikev1
type=tunnel
In the logs, constant attempts

spoiler

Sep 8 17:53:16 server-1117368-1 charon: 09[ENC] parsed ID_PROT request 0 [ SA V V ]
Sep 8 17:53:16 server-1117368-1 charon: 09[IKE] received Cisco Unity vendor ID
Sep 8 17:53:16 server-1117368-1 charon: 09[IKE] received DPD vendor ID
Sep 8 17:53:16 server-1117368-1 charon: 09[IKE] 195.16.35.154 is initiating a Main Mode IKE_SA
Sep 8 17:53:16 server-1117368-1 charon: 09[ENC] generating ID_PROT response 0 [ SA V V ]
Sep 8 17:53:16 server-1117368-1 charon: 09[NET] sending packet: from 109.120.171.31[500] to 195.16.10.10[500] (120 bytes)
Sep 8 17:53:16 server-1117368-1 charon: 12[NET] received packet: from 195.16.10.10[500] to 109.122.11.31[500] (188 bytes)
Sep 8 17:53:16 server-1117368-1 charon: 12[ENC] parsed ID_PROT request 0 [ KE No ]
Sep 8 17:53:16 server-1117368-1 charon: 12[ENC] generating ID_PROT response 0 [ KE No ]
Sep 8 17:53:16 server-1117368-1 charon: 12[NET] sending packet: from 109.122.11.31[500] to 195.16.10.10[500] (196 bytes)
Sep 8 17:53:16 server-1117368-1 charon: 13[IKE] sending DPD request
Sep 8 17:53:16 server-1117368-1 charon: 13[ENC] generating INFORMATIONAL_V1 request 1615391926 [ HASH N(DPD) ]
Sep 8 17:53:16 server-1117368-1 charon: 13[NET] sending packet: from 109.122.11.31[500] to 195.16.10.10[500] (108 bytes)
Sep 8 17:53:16 server-1117368-1 charon: 09[NET] received packet: from 195.16.10.10[500] to 109.122.11.31[500] (92 bytes)
Sep 8 17:53:16 server-1117368-1 charon: 09[ENC] parsed ID_PROT request 0 [ ID HASH ]
Sep 8 17:53:16 server-1117368-1 charon: 09[CFG] looking for pre-shared key peer configs matching 109.122.11.31...195.16.10.10[195.16.10.10]
Sep 8 17:53:16 server-1117368-1 charon: 09[CFG] selected peer config "Mikrot"
Sep 8 17:53:16 server-1117368-1 charon: 09[IKE] IKE_SA Mikrot[3] established between 109.122.11.31[CN=czalls.hldns.ru]...195.16.10.10[195.16.10.10]
Sep 8 17:53:16 server-1117368-1 charon: 09[ENC] generating ID_PROT response 0 [ ID HASH ]
Sep 8 17:53:16 server-1117368-1 charon: 09[NET] sending packet: from 109.122.11.31[500] to 195.16.10.10[500] (108 bytes)
Sep 8 17:53:26 server-1117368-1 charon: 16[IKE] deleting IKE_SA Mikrot[2] between 109.122.11.31[CN=zcalls.hldns.ru]...195.16.10.10[195.16.10.10]
Sep 8 17:53:26 server-1117368-1 charon: 16[IKE] sending DELETE for IKE_SA Mikrot[2]
Sep 8 17:53:26 server-1117368-1 charon: 16[ENC] generating INFORMATIONAL_V1 request 941903393 [ HASH D ]
Sep 8 17:53:26 server-1117368-1 charon: 11[NET] received packet: from 195.16.10.10[500] to 109.122.11.31[500] (92 bytes)
Sep 8 17:53:26 server-1117368-1 charon: 11[IKE] received retransmit of request with ID 0, retransmitting response

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

Alams Stoyne, 2019-05-21
@CodeInMyHeart

Buddy - "Do you need it, huh?" (c) You now have the same mess in your head as in the text. Let me try to teach you how to form questions for Google:
1) What is a Web Server - And we study what is Apache + PHP or Nginx and also learn about MySQL or other database systems
2) What is OpenServer - And we study how it works and what is stored where (for example, phpmyadmin is stored approximately here OpenServer\modules\system\html\openserver\phpmyadmin but you definitely don’t need phpmyadmin files)
3) PHP basics + working with the database in PHP- And we study
And when there is a basis, it’s worth writing here
Ps Example #1 mysqli_connect() example

<?php
$link = mysqli_connect("Адрес сервера MySQL", "ПОЛЬЗОВАТЕЛЬ", "ПАРОЛЬ", "БАЗА ДАННЫХ КОТОРАЯ УЖЕ ДОЛЖНЫ БЫТЬ СОЗДАНА");

if (!$link) {
    echo "Ошибка: Невозможно установить соединение с MySQL." . PHP_EOL;
    echo "Код ошибки errno: " . mysqli_connect_errno() . PHP_EOL;
    echo "Текст ошибки error: " . mysqli_connect_error() . PHP_EOL;
    exit;
}

echo "Соединение с MySQL установлено!" . PHP_EOL;
echo "Информация о сервере: " . mysqli_get_host_info($link) . PHP_EOL;

mysqli_close($link);
?>

C

CityCat4, 2017-09-08
@CityCat4

IKEv1 with Mikrotik will not work in principle. You need to use IKEv2 if the firmware is appropriate. If the firmware does not yet have IKEv2, update and try. In addition, the sha256 hash in Mikrotik is somehow done through the back - it only works on connecting Mikrotik with Mikrotik, when you try to connect Mikrotik with strongswan - nothing happens.

G

Gregory, 2017-09-11
@Maxlinus

https://habrahabr.ru/post/337426/