These log lines are interesting:

Aug 21 14:59:26 KorberVPN charon: 12[IKE] no IKE config found for x.x.x.x…y.y.y.y, sending NOPROPOSALCHOSEN

They’re saying that the client and server cannot agree on a set of ciphers in common.

For the Windows 10 client, are you using the GUI to configure the VPN or the PowerShell commands? I’d opt for the latter if you can, since the ciphers that are included there are more modern.

Also just confirming that you are using an Ubuntu 20.04 server and not 18.04?

Yes, I am using Ubuntu 20.04. Is 18.04 a better version to use for this?

The VPN was initially configured using the GUI. I re-created it using PowerShell and am receiving the Windows connection error ‘The parameter is incorrect’ with the following log entries on the server:

Aug 24 18:09:17 KorberVPN charon: 11[NET] received packet: from y.y.y.y[500] to x.x.x.x[500] (376 bytes)
Aug 24 18:09:17 KorberVPN charon: 11[ENC] parsed IKESAINIT request 0 [ SA KE No N(FRAGSUP) N(NATDSIP) N(NATDDIP) V V V V ]
Aug 24 18:09:17 KorberVPN charon: 11[IKE] received MS NT5 ISAKMPOAKLEY v9 vendor ID
Aug 24 18:09:17 KorberVPN charon: 11[IKE] received MS-Negotiation Discovery Capable vendor ID
Aug 24 18:09:17 KorberVPN charon: 11[IKE] received Vid-Initial-Contact vendor ID
Aug 24 18:09:17 KorberVPN charon: 11[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
Aug 24 18:09:17 KorberVPN charon: 11[IKE] y.y.y.y is initiating an IKESA
Aug 24 18:09:17 KorberVPN charon: 11[IKE] remote host is behind NAT
Aug 24 18:09:17 KorberVPN charon: 11[ENC] generating IKESAINIT response 0 [ SA KE No N(NATDSIP) N(NATDDIP) N(FRAGSUP) N(CHDLESSSUP) N(MULTAUTH) ]
Aug 24 18:09:17 KorberVPN charon: 11[NET] sending packet: from x.x.x.x[500] to y.y.y.y[500] (288 bytes)
Aug 24 18:09:47 KorberVPN charon: 12[JOB] deleting half open IKESA with y.y.y.y after timeout

After clearing the Windows cache for the network adapters I’m now getting ‘IKE authentication credentials are unacceptable’. Is there some disconnect with the certificate being used by Strongswan?

Hmm, that sounds a little bit more promising. One thing that I ran into on my first few attempts with this was a missing package.

Are both libcharon-extra-plugins and libcharon-extauth-plugins installed on the server? Without the latter, there will be authentication errors on the server side, since the extauth package is what includes support for EAP-MSCHAPv2.

Also is there anything in the server logs that shows the failing authentication attempts?

Thank you for your assistance.

When installing the packages the server said both were already installed. Here are the entries from /var/log/syslog. Please let me know if there is a better log I should be looking at. Again, this is my first experience with Ubuntu and Strongswam.
Aug 24 19:28:58 KorberVPN charon: 12[NET] received packet: from y.y.y.y[500] to x.x.x.x[500] (376 bytes)
Aug 24 19:28:58 KorberVPN charon: 12[ENC] parsed IKESAINIT request 0 [ SA KE No N(FRAGSUP) N(NATDSIP) N(NATDDIP) V V V V ]
Aug 24 19:28:58 KorberVPN charon: 12[IKE] received MS NT5 ISAKMPOAKLEY v9 vendor ID
Aug 24 19:28:58 KorberVPN charon: 12[IKE] received MS-Negotiation Discovery Capable vendor ID
Aug 24 19:28:58 KorberVPN charon: 12[IKE] received Vid-Initial-Contact vendor ID
Aug 24 19:28:58 KorberVPN charon: 12[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
Aug 24 19:28:58 KorberVPN charon: 12[IKE] y.y.y.y is initiating an IKESA
Aug 24 19:28:58 KorberVPN charon: 12[IKE] remote host is behind NAT
Aug 24 19:28:58 KorberVPN charon: 12[ENC] generating IKESAINIT response 0 [ SA KE No N(NATDSIP) N(NATDDIP) N(FRAGSUP) N(CHDLESSSUP) N(MULTAUTH) ]
Aug 24 19:28:58 KorberVPN charon: 12[NET] sending packet: from x.x.x.x[500] to y.y.y.y[500] (288 bytes)
Aug 24 19:28:58 KorberVPN charon: 13[NET] received packet: from y.y.y.y[4500] to x.x.x.x[4500] (572 bytes)
Aug 24 19:28:58 KorberVPN charon: 13[ENC] parsed IKEAUTH request 1 [ EF(¼) ]
Aug 24 19:28:58 KorberVPN charon: 13[ENC] received fragment #1 of 4, waiting for complete IKE message
Aug 24 19:28:58 KorberVPN charon: 15[NET] received packet: from y.y.y.y[4500] to x.x.x.x[4500] (572 bytes)
Aug 24 19:28:58 KorberVPN charon: 15[ENC] parsed IKEAUTH request 1 [ EF(2/4) ]
Aug 24 19:28:58 KorberVPN charon: 15[ENC] received fragment #2 of 4, waiting for complete IKE message
Aug 24 19:28:58 KorberVPN charon: 16[NET] received packet: from y.y.y.y[4500] to x.x.x.x[4500] (572 bytes)
Aug 24 19:28:58 KorberVPN charon: 16[ENC] parsed IKEAUTH request 1 [ EF(¾) ]
Aug 24 19:28:58 KorberVPN charon: 16[ENC] received fragment #3 of 4, waiting for complete IKE message
Aug 24 19:28:58 KorberVPN charon: 14[NET] received packet: from y.y.y.y[4500] to x.x.x.x[4500] (172 bytes)
Aug 24 19:28:58 KorberVPN charon: 14[ENC] parsed IKEAUTH request 1 [ EF(4/4) ]
Aug 24 19:28:58 KorberVPN charon: 14[ENC] received fragment #4 of 4, reassembled fragmented IKE message (1642 bytes)
Aug 24 19:28:58 KorberVPN charon: 14[ENC] parsed IKEAUTH request 1 [ IDi CERTREQ N(MOBIKESUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]
Aug 24 19:28:58 KorberVPN charon: 14[IKE] received cert request for “CN=VisionVPN”
Aug 24 19:28:58 KorberVPN charon: 14[IKE] received 67 cert requests for an unknown ca
Aug 24 19:28:58 KorberVPN charon: 14[IKE] initiating EAPIDENTITY method (id 0x00)
Aug 24 19:28:58 KorberVPN charon: 14[IKE] peer supports MOBIKE
Aug 24 19:28:58 KorberVPN charon: 14[IKE] no private key found for ‘x.x.x.x’
Aug 24 19:28:58 KorberVPN charon: 14[ENC] generating IKEAUTH response 1 [ N(AUTHFAILED) ]
Aug 24 19:28:58 KorberVPN charon: 14[NET] sending packet: from x.x.x.x[4500] to y.y.y.y[4500] (65 bytes)