LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page Connect to IKEv2/IPSEC MSCHAPv2 Windows Server?
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-18-2024, 12:07 PM   #1
DiBosco
Member
 
Registered: Nov 2001
Location: Manchester, UK
Distribution: Mageia
Posts: 807

Rep: Reputation: 40
Connect to IKEv2/IPSEC MSCHAPv2 Windows Server?

I'm trying to connect to a Windows server that uses IKEv2/IPSEC MSCHAPv2 with no certificate. It's simply username and password. From Windows client this works fine, but I'd really like to be able to get on via Linux.

I've found lots of articles saying use Swanstrong, so I've set it up using Netowrk Manager in KDE and it's just now having it.

I get this from journalctl:

Code:
    Apr 11 20:29:07 localhost.localdomain NetworkManager[1377]: <info>  [1712863747.2734] agent-manager: agent[fb5d5065f4827f4c,:1.124/nmcli-connect/1000]: agent registered
    Apr 11 20:29:07 localhost.localdomain NetworkManager[1377]: <info>  [1712863747.2763] vpn[0x264b5a0,19768401-370f-461d-9175-338cbbdba5e1,"DestinationVPN"]: starting strongswan
    Apr 11 20:29:07 localhost.localdomain NetworkManager[1377]: <info>  [1712863747.2767] audit: op="connection-activate" uuid="19768401-370f-461d-9175-338cbbdba5e1" name="DestinationVPN" pid=3615 uid=1000 result="success"
    Apr 11 20:29:07 localhost.localdomain charon-nm[3621]: 00[DMN] Starting charon NetworkManager backend (strongSwan 5.9.10)
    Apr 11 20:29:07 localhost.localdomain charon-nm[3621]: 00[LIB] unable to load OpenSSL FIPS provider
    Apr 11 20:29:07 localhost.localdomain charon-nm[3621]: 00[LIB] plugin 'openssl': failed to load - openssl_plugin_create returned NULL
    Apr 11 20:29:07 localhost.localdomain charon-nm[3621]: 00[KNL] received netlink error: Unknown device type (95)
    Apr 11 20:29:07 localhost.localdomain charon-nm[3621]: 00[KNL] failed to create XFRM interface 'xfrmi-test-1645'
    Apr 11 20:29:07 localhost.localdomain charon-nm[3621]: 00[NET] could not open socket: Address family not supported by protocol
    Apr 11 20:29:07 localhost.localdomain charon-nm[3621]: 00[NET] could not open IPv6 socket, IPv6 disabled
    Apr 11 20:29:07 localhost.localdomain charon-nm[3621]: 00[KNL] received netlink error: Rule family not supported (97)
    Apr 11 20:29:07 localhost.localdomain charon-nm[3621]: 00[KNL] unable to create IPv6 routing table rule
    Apr 11 20:29:07 localhost.localdomain charon-nm[3621]: 00[LIB] loaded plugins: nm-backend charon-nm ldap pkcs11 tpm aesni aes des rc2 sha2 sha3 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pkcs1 pkcs7 sshkey pem pkcs8 fips-prf gmp curve25519 chapoly xcbc cmac hmac kdf gcm drbg curl soup kernel-netlink socket-default eap-identity eap-md5 eap-gtc eap-mschapv2 eap-tls eap-ttls eap-peap
    Apr 11 20:29:07 localhost.localdomain charon-nm[3621]: 00[LIB] dropped capabilities, running as uid 0, gid 0
    Apr 11 20:29:07 localhost.localdomain kded5[2282]: org.kde.plasma.nm.kded: Unhandled VPN connection state change:  NetworkManager::VpnConnection::NeedAuth
    Apr 11 20:29:07 localhost.localdomain charon-nm[3621]: 00[JOB] spawning 16 worker threads
    Apr 11 20:29:07 localhost.localdomain kded5[2282]: org.kde.plasma.nm.kded: Unhandled VPN connection state change:  NetworkManager::VpnConnection::Connecting
    Apr 11 20:29:07 localhost.localdomain charon-nm[3621]: 05[CFG] received initiate for NetworkManager connection DestinationVPN
    Apr 11 20:29:07 localhost.localdomain charon-nm[3621]: 05[CFG] using gateway identity 'aname.bname.co.uk'
    Apr 11 20:29:07 localhost.localdomain charon-nm[3621]: 05[IKE] initiating IKE_SA DestinationVPN[1] to xxx.xxx.xxx.xxx
    Apr 11 20:29:07 localhost.localdomain charon-nm[3621]: 05[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
    Apr 11 20:29:07 localhost.localdomain charon-nm[3621]: 05[NET] sending packet: from 192.168.0.108[44444] to xxx.xxx.xxx.xxx[500] (336 bytes)
    Apr 11 20:29:11 localhost.localdomain charon-nm[3621]: 06[IKE] retransmit 1 of request with message ID 0
    Apr 11 20:29:11 localhost.localdomain charon-nm[3621]: 06[NET] sending packet: from 192.168.0.108[44444] to xxx.xxx.xxx.xxx[[500] (336 bytes)
    Apr 11 20:29:18 localhost.localdomain charon-nm[3621]: 07[IKE] retransmit 2 of request with message ID 0
    Apr 11 20:29:18 localhost.localdomain charon-nm[3621]: 07[NET] sending packet: from 192.168.0.108[44444] to xxx.xxx.xxx.xxx[[500] (336 bytes)
    Apr 11 20:29:31 localhost.localdomain charon-nm[3621]: 08[IKE] retransmit 3 of request with message ID 0
    Apr 11 20:29:31 localhost.localdomain charon-nm[3621]: 08[NET] sending packet: from 192.168.0.108[44444] to xxx.xxx.xxx.xxx[[500] (336 bytes)
    Apr 11 20:29:54 localhost.localdomain charon-nm[3621]: 09[IKE] retransmit 4 of request with message ID 0
    Apr 11 20:29:54 localhost.localdomain charon-nm[3621]: 09[NET] sending packet: from 192.168.0.108[44444] to xxx.xxx.xxx.xxx[[500] (336 bytes)
    Apr 11 20:30:07 localhost.localdomain NetworkManager[1377]: <warn>  [1712863807.9933] vpn[0x264b5a0,19768401-370f-461d-9175-338cbbdba5e1,"DestinationVPN"]: connect timeout exceeded
    Apr 11 20:30:07 localhost.localdomain charon-nm[3621]: Connect timer expired, disconnecting.
    Apr 11 20:30:07 localhost.localdomain charon-nm[3621]: 10[IKE] destroying IKE_SA in state CONNECTING without notification
I can't connect via Android either. Is there simply an issue that this is never going to work from a non-Windows client, or could I be doing something wrong?

In Network Manager I set up a VPN connection using Strongswan with EAP as the Authentication and request inner IP address selected. All else is default.

If there's any information I can supply which would help please ask.

Many thanks.
 
  


Reply

Tags
eap, ikev2, strongswan, vpn



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: How to Setup IKEv2 IPSec VPN Using strongSwan and Let's Encrypt on Rocky Linux 9 LXer Syndicated Linux News 0 02-27-2023 11:19 PM
Cannot connect my linux laptop to WPA2/PEAP/MSCHAPv2 Enterprise university network ambrox Linux - Networking 2 12-03-2021 07:45 AM
IPSec IKEv2 routing on OpenWRT Bernd123 Linux - Security 1 09-03-2019 04:08 AM
[SOLVED] IPSec IKEv2: Failed Auth Using Strongswan Client l1m0n4d3 Linux - Networking 3 12-14-2018 07:13 AM
Cannot create working xsupplicant.conf to connect to peap-mschapv2 network Fred_is_dead_7x Linux - Wireless Networking 2 02-07-2009 11:55 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:08 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration