Question

Have errors between ubuntu18/strongswan server and ubuntu18/strongswan client

First of all, thank you for the documentation/tutorial very well organized. I have just followed and I could not make it work.

I setup strongswan server using ubuntu 18 as explained in this tutorial. And used strongswan/ubuntu18 as a client.

And I got this log from Server side.

systemctl status strongswan

  • strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf Loaded: loaded (/lib/systemd/system/strongswan.service; enabled; vendor preset: enabled) Active: active (running) since Sat 2021-09-04 13:54:50 EDT; 1h 26min ago Main PID: 10829 (starter) Tasks: 18 (limit: 4630) CGroup: /system.slice/strongswan.service tq10829 /usr/lib/ipsec/starter --daemon charon --nofork mq10843 /usr/lib/ipsec/charon --debug-ike 1 --debug-knl 1 --debug-cfg 0

Sep 04 15:21:06 u18 charon[10843]: 07[NET] sending packet: from 192.168.1.124[500] to 192.168.1.123[500] (270 bytes) Sep 04 15:21:06 u18 charon[10843]: 08[NET] received packet: from 192.168.1.123[4500] to 192.168.1.124[4500] (336 bytes) Sep 04 15:21:06 u18 charon[10843]: 08[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N( Sep 04 15:21:06 u18 charon[10843]: 08[IKE] received cert request for “CN=VPN root CA” Sep 04 15:21:06 u18 charon[10843]: 08[IKE] EAP-Identity request configured, but not supported Sep 04 15:21:06 u18 charon[10843]: 08[IKE] initiating EAP_MSCHAPV2 method (id 0xAE) Sep 04 15:21:06 u18 charon[10843]: 08[IKE] peer supports MOBIKE Sep 04 15:21:06 u18 charon[10843]: 08[IKE] no private key found for ‘192.168.1.124’ Sep 04 15:21:06 u18 charon[10843]: 08[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ] Sep 04 15:21:06 u18 charon[10843]: 08[NET] sending packet: from 192.168.1.124[4500] to 192.168.1.123[4500] (80 bytes)

And I also got this log from client side.

systemctl status strongswan

  • strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf Loaded: loaded (/lib/systemd/system/strongswan.service; disabled; vendor preset: enabled) Active: active (running) since Sat 2021-09-04 15:21:06 EDT; 20s ago Main PID: 9801 (starter) Tasks: 18 (limit: 4630) CGroup: /system.slice/strongswan.service tq9801 /usr/lib/ipsec/starter --daemon charon --nofork mq9815 /usr/lib/ipsec/charon

Sep 04 15:21:06 u18 charon[9815]: 09[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ] Sep 04 15:21:06 u18 charon[9815]: 09[IKE] remote host is behind NAT Sep 04 15:21:06 u18 charon[9815]: 09[IKE] sending cert request for “CN=VPN root CA” Sep 04 15:21:06 u18 charon[9815]: 09[IKE] establishing CHILD_SA ikev2-rw{1} Sep 04 15:21:06 u18 charon[9815]: 09[IKE] establishing CHILD_SA ikev2-rw{1} Sep 04 15:21:06 u18 charon[9815]: 09[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) Sep 04 15:21:06 u18 charon[9815]: 09[NET] sending packet: from 192.168.1.123[4500] to 192.168.1.124[4500] (336 bytes) Sep 04 15:21:06 u18 charon[9815]: 10[NET] received packet: from 192.168.1.124[4500] to 192.168.1.123[4500] (80 bytes) Sep 04 15:21:06 u18 charon[9815]: 10[ENC] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ] Sep 04 15:21:06 u18 charon[9815]: 10[IKE] received AUTHENTICATION_FAILED notify error

If someone catches what I did wrong, please give me some ideas.


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Actually this problem happened because of configuration mistake. After reading the following tutorial https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-18-04-2, and found a couple of mistakes. After fixing those mistakes, this problem has disappeared.