Connect to IKEv2/IPSEC MSCHAPv2 Windows Server?
I'm trying to connect to a Windows server that uses IKEv2/IPSEC MSCHAPv2 with no certificate. It's simply username and password. From Windows client this works fine, but I'd really like to be able to get on via Linux.
I've found lots of articles saying use Swanstrong, so I've set it up using Netowrk Manager in KDE and it's just now having it. I get this from journalctl: Code:
Apr 11 20:29:07 localhost.localdomain NetworkManager[1377]: <info> [1712863747.2734] agent-manager: agent[fb5d5065f4827f4c,:1.124/nmcli-connect/1000]: agent registered In Network Manager I set up a VPN connection using Strongswan with EAP as the Authentication and request inner IP address selected. All else is default. If there's any information I can supply which would help please ask. Many thanks. |
I got connected using wpa_supplicant on a university website, but it's beyond the "we're smart, so we'll figure it out for you" approach of NM. You have to authenticate yourself, which grades your access. Others get higher/lower levels of access.
Do a targeted search for connecting using that protocol & NetworkManager, or read 'man wpa_supplicant.conf' to see how I did it, because it was 10 years ago, and I saw it as just another obstacle to my (late) higher education, and got a severe dose of "Knowledge Bulimia" after. [Knowledge Bulimia = learn it for the test/purpose, & forget it after :D.] EDIT: From your output, it looks like you mightn't have the openssl requirements (whatever they are), and it never really tries. It's not going to send your user & pass unencrypted, is it? |
Isn't wpa_supplicant for connecting to wifi? I have no issue with that part of it. :)
|
Quote:
|
Quote:
|
Yes, the username and password is the on;y thing that's entered when I connect using Windows as the client and therefore the only thing I [can] try with Linux. There is no certificate, it's all very iffy, but that's their call.
|
Check is there a program, script or Python module. NM must have crossed this bridge before. I'd be swallowing hard and using networkmanager, except my vpn NM driver needs systemd :(.
EDIT: I did a basic, basic before-you-bother-anybody type search and found scores of similar posts, many with [SOLVED] in the title. Post the one(s) that solve it for you. |
Quote:
Quote:
|
Based on log, you should check the configuration of peer IPSec. The peer IPSec does NOT response the request.
|
Quote:
What does response the request mean please? |
My point is: Do a basic search and you will find plenty of people connecting without much hassle. I did it using wpa_supplicant & dhcpcd. Others use NM. Read what they did, and do it yourself.
|
Quote:
|
Quote:
|
> What is the peer in this case?
There are two terminators on one IPSec tunnel. Your side is one and another side you connect to is another. |
Quote:
https://wiki.strongswan.org/issues/998 https://github.com/openssl/openssl/b...README-FIPS.md https://wiki.strongswan.org/issues/3082 https://forum.openwrt.org/t/ipsec-ik...ervice/37352/3 https://github.com/openssl/openssl/discussions/23665 Normally don't recommend YouTube for much besides entertainment, but this appears well thought out. Skip to 11:47: https://www.youtube.com/watch?v=geAt...hannel=OpenSSL |
All times are GMT -5. The time now is 04:49 AM. |