[Swan] Dropping AUTH message containing INITIAL_CONTACT on OSX and Win10
Derek Cameron
dcamero2016 at gmail.com
Tue Jan 8 15:58:33 UTC 2019
I have found a solution to the problem of "missing payloads: AUTH" on
Windows 10 clients. It is necessary to first set up the VPN in the
Windows Settings GUI with VPN type of IKEv2. But then you must second
open a Windows PowerShell and issue the cmdlet:
Set-VpnConnection -Name "LibreSwan" -AuthenticationMethod "MachineCertificate"
The Windows 10 native client then connects to the CentOS 7 LibreSwan server.
But how do I get _all_ traffic from the Windows 10 client to be routed
through the LibreSwan server?
My /etc/ipsec.d/roadwarrior.conf looks like this:
conn roadwarrior
left=123.23.23.23
leftcert=123.23.23.23
leftid=@123.23.23.23
leftsendcert=always
leftsubnet=0.0.0.0/0
leftrsasigkey=%cert
right=%any
rightaddresspool=10.11.0.2-10.11.0.254
rightca=%same
rightrsasigkey=%cert
modecfgdns="1.1.1.1,1.0.0.1"
narrowing=yes
dpddelay=30
dpdtimeout=120
dpdaction=clear
auto=add
ikev2=insist
rekey=no
fragmentation=yes
ike=aes256-sha2_512;modp2048,aes128-sha2_512;modp2048,aes256-sha1;modp1024,aes128-sha1;modp1024
More information about the Swan
mailing list