[Swan] LibreSwan 3.21 Client side ERROR using AWS (server side)
Priyank Kumar
priyank.guddu at gmail.com
Thu Oct 26 09:21:48 UTC 2017
Hi
First post, I setup the libreswan on my AWS instance and able to connect to
it using my android phone. I couldnt get any tutorial on how to setup on
Linux client side, after harvesting the net I tried following
configuration.
* My AWS side VPN server works fine with my phone, so I dont suspect that
*Issue 1*: if the Linux PC side conf file has narrowing = no, then it gives
error "myvpn": cannot initiate connection with narrowing=no and
(kind=CK_TEMPLATE)
Issue 2: There is no clear instruction how to start the VPN client, I am
using
ipsec auto --up myvpn or ipsec auto --start myvpn (this shows sometime
success)
Issue 3: If I do narrowing = yes, it fails by
# Linux PC (Client side)
/etc/ipsec.d/myvpn.conf
conn myvpn
left=%defaultroute
right=<MyServerIP>
narrowing=no
encapsulation=yes
authby=secret
pfs=no
rekey=no
keyingtries=5
dpddelay=30
dpdtimeout=120
dpdaction=clear
ike=3des-sha1,3des-sha2,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024,aes256-sha2_512
phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2,aes256-sha2_512
sha2-truncbug=yes
auto=add
leftprotoport=17/1701
rightprotoport=17/1701
type=transport
phase2=esp
*#AWS VPN server side conf file, this works with Android phone *
cat /etc/ipsec.conf
version 2.0
config setup
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!
192.168.42.0/24,%v4:!192.168.43.0/24
protostack=netkey
nhelpers=0
interfaces=%defaultroute
uniqueids=no
conn shared
left=%defaultroute
leftid=<ServerIP>
right=%any
encapsulation=yes
authby=secret
pfs=no
rekey=no
keyingtries=5
dpddelay=30
dpdtimeout=120
dpdaction=clear
ike=3des-sha1,3des-sha2,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;
modp1024,aes256-sha2_512
phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2,aes256-sha2_512
sha2-truncbug=yes
conn l2tp-psk
auto=add
leftprotoport=17/1701
rightprotoport=17/%any
type=transport
phase2=esp
also=shared
conn xauth-psk
auto=add
leftsubnet=0.0.0.0/0
rightaddresspool=192.168.43.10-192.168.43.250
modecfgdns1=8.8.8.8
modecfgdns2=8.8.4.4
leftxauthserver=yes
rightxauthclient=yes
leftmodecfgserver=yes
rightmodecfgclient=yes
modecfgpull=yes
xauthby=file
ike-frag=yes
ikev2=never
cisco-unity=yes
also=shared
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20171026/f3c1063d/attachment-0001.html>
More information about the Swan
mailing list