Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Strongswan eap-tls client configuration
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
gsra99
Tux's lil' helper
Tux's lil' helper


Joined: 06 Jan 2008
Posts: 89

PostPosted: Sat Dec 14, 2019 7:40 pm    Post subject: Strongswan eap-tls client configuration Reply with quote

I have set up an IKEv2 VPN server with EAP-TLS authentication. The strongswan configuration for the server is below.
Code:
# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
   charondebug="ike 2, knl 1, cfg 0"
   uniqueids=no

# Add connections here.

conn Server
   auto=add
   compress=no
   type=tunnel
   keyexchange=ike
   fragmentation=yes
   forceencaps=yes
   ike=aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024!
   esp=aes256-sha256,aes256-sha1,3des-sha1!
   dpdaction=clear
   dpddelay=300s
   rekey=no
   left=%any
   leftid=@dns.server.com
    leftcert=server.pem
   leftauth=pubkey
   leftsendcert=always
   leftsubnet=0.0.0.0/0
   right=%any
   rightid=%any
   rightauth=eap-radius
   rightsourceip=172.16.1.0/28
   rightdns=192.168.1.1
   rightsendcert=never
   eap_identity=%identity

The ipsec.secrets file is below.
Code:
# ipsec.secrets - strongSwan IPsec secrets file
: RSA "server.key" "Password"

I can see the server configuration with the Freeradius server works as Android and Windows 10 clients can connect to it. However, I am struggling to setup a Linux client as it fails to connect. The client configuration is below.
Code:
# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
   # strictcrlpolicy=yes
   # uniqueids = no

# Add connections here.

conn Client
    keyexchange=ikev2
   right=dns.server.com
   # This should match the `leftid` value on your server's configuration
   rightid=@dns.server.com
    rightsubnet=0.0.0.0/0
   rightauth=pubkey
   rightca=%same
   leftsourceip=%config
   leftcert=graju.pem
   leftid="C=GB, ST=JS, O=Organisation, CN=username, E=email@address"
   leftauth=eap
   ike=aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024!
   esp=aes256-sha256,aes256-sha1,3des-sha1!
   eap_identity=%identity
   aaa_identity=%identity
   auto=add

The ipsec.secrets file is below.
Code:
# ipsec.secrets - strongSwan IPsec secrets file
: RSA "client.key" "Password"

The VPN connection fails. Could you let me know what client configuration I need to make it work.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum