Author Topic: Ipsec (Read 4992 times)

franco · « **Reply #15 on:** October 13, 2016, 03:45:53 pm »

Let's help out

Commit:

https://github.com/opnsense/core/commit/5dc95bac

Command:

# opnsense-patch 5dc95bac

Cheers,
Franco

voltara2000 · « **Reply #16 on:** October 14, 2016, 05:45:58 pm »

Hi,

I have applied patch. From the gui side everything looks good.
When I tried to connect I have got the following error: Error Description: 13801: IKE authentication credentials are unacceptable. I didn't have a chance to go over my config and certificates. I will do that on this weekend and try to figure out what is the cause of that.

Thank you,
Andrei

voltara2000 · « **Reply #17 on:** October 15, 2016, 02:50:35 am »

Hi,

After some testing with Windows 7 and StrongSwan android client I am getting the same error on both.
Please see attached final part of the Log. What could be the problem? Anyone has any suggestions?

Thank you,
Andrei

franco · « **Reply #18 on:** October 17, 2016, 07:39:54 am »

Hi Andrei,

EAP is working, but the verify against the certificate/chain does not.

Cheers,
Franco

voltara2000 · « **Reply #19 on:** October 17, 2016, 09:13:40 pm »

Hi Franco,

What do you think causing this behavior? Opensense implementation of the StrongSwan or wrong configuration on my side? I have checked my certificates few times and they look ok. I have followed pfsense guide https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2 for setting this connection. I will try to recreate same config on pfsense to see the logs and compare, will also post opnsense generated file config vs pfsense for same scenario.

Thank you,
Andrei

Author Topic: Ipsec (Read 4992 times)

franco

Re: Ipsec

voltara2000

Re: Ipsec

voltara2000

Re: Ipsec

franco

Re: Ipsec

voltara2000

Re: Ipsec