Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
E
E
Eugene2017-01-11 18:35:51
linux
Eugene, 2017-01-11 18:35:51

Strongswan client linux configuration or what am I doing wrong?

strongswan server ipsec.conf

conn %default
        ikelifetime=3h
        keylife=20m
        rekeymargin=3m
        keyingtries=2
        mobike=no
conn win_ike2_domain
        left=%defaultroute
        leftauth=pubkey
        leftcert=vpnhost.pem                        # the host cert
        [email protected]            # the SAN (Alt name) in the Cert
        leftsubnet=0.0.0.0/0                        # The internal subnet the remote user wants to access
        right=%any                                  # Connections can come from anywhere
        rightauth=eap-radius
        rightsendcert=never
        rightsourceip=10.10.10.0/24                  # Use this pool of IPs to assign to these inbound connections
        auto=add
        eap_identity=%any
        keyexchange=ikev2
        fragmentation=yes
        dpdaction=clear

Radius - Windows 2012 Network Policy Server
The server certificate contains the SAN for this host issued to the dns.domain.name host, which is different from the dns of this host
. My Mac and Windows clients connect without problems.
There were two :D Linux users who couldn't.
How should strongswan's ipsec.conf configuration look like on the client side in case of my configuration?
the server is represented by a certificate. the client is represented by an EAP (domain account) registered in secrets.
What should ipsec.secrets look like?
login : EAP "password"
or
domain\login : EAP "password"
or
[email protected] : EAP "password"
Who faced a similar configuration, can you tell me the correct configuration of the
PS client part, you are primarily interested in console settings, integration with the network manager is not needed yet.
Maybe something else besides strongswan needs to be installed in Linux, which I don't suspect?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
2
2tele22018-12-05 10:14:31
How to correctly compose and use a script on GPO Server 2016 for users to write the "description" column of the computer in the OU Active Directory? 6Reply
R
rinaz222019-10-18 18:19:06
How to follow the link in the mobile version of the site only after the second click? 5Reply
K
Ksyusha2016-05-02 23:00:05
Debian PHP. How to make authorization for root in PAM? 2Reply
S
sergealmazov2014-03-03 18:54:33
What is a good console editor for JS/HTML code? 1Reply
P
ProstoUserName2020-08-23 16:03:51
I wanted to install trisquel, after I chose install trisquel, this [Photo] appeared? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question