Сейчас я настраиваю сервер strongswan и хочу протестировать его с помощью Android-клиента strongswan. Я настроил ipsec.conf, strongswan.conf и ipsec.secrets следующим образом и не смог войти в систему с помощью Android-клиента.
Кто-нибудь может дать мне совет или совет, что я сделал не так?
[ipsec.conf]
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# plutodebug=all
# crlcheckinterval=600
# strictcrlpolicy=yes
# cachecrls=yes
nat_traversal=yes
charonstart=yes
plutostart=no
charondebug = "ike 4, knl 3, cfg 0"
#
# Jason Choi - 32 Network
#
conn jchoi32
left=192.16.1.40
leftfirewall=yes
leftsubnet=0.0.0.0/0
rightid=jchoi32@myhome.com
rightsourceip=10.20.16.234
keyexchange=ikev2
ike=modp768-modp1024-modp1536-modp2048-modp3072-modp4096-modp6144-modp8192-md5-sha1-aesxcbc-des-3des-aes128-aes256-blowfish
esp=md5-sha1-aesxcbc-des-3des-aes128-aes256
rightsendcert=never
rightauth=eap-radius
eap_identity=%any
auto=add
# dpdaction=clear
[strongswan.conf]
# strongswan.conf - strongSwan configuration file
charon {
filelog {
/var/log/charon.log {
time_format = %b %e %T
append = no
default = 1
flush_line = yes
}
stderr {
ike = 2
knl = 3
ike_name = yes
}
}
syslog {
identifier = charon-custom
daemon {
}
auth {
default = -1
ike = 0
}
}
# number of worker threads in charon
threads = 16
# send strongswan vendor ID?
# send_vendor_id = yes
plugins {
sql {
# loglevel to log into sql database
loglevel = -1
# URI to the database
# database = sqlite:///path/to/file.db
# database = mysql://user:password@localhost/database
}
eap-radius {
#class_group = yes
eap_start = no
servers {
TEST-Radius {
address = 10.20.16.135
secret = test123
#nas_identifier = ipsec-gateway
#sockets = 20
#port = 1812
}
}
}
}
dns1 = 10.20.16.51
dns2 = 4.2.2.1
# inactivity_close_ike = yes
retransmit_tries = 3
#
# NAT Keep Alive interval
#
keep_alive = 30s
# ...
}
pluto {
}
libstrongswan {
# set to no, the DH exponent size is optimized
# dh_exponent_ansi_x9_42 = no
}
[ipsec.secrets]
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication. See ipsec_pluto(8) manpage, and HTML documentation.
# RSA private key for this host, authenticating it to any other host
# which knows the public part. Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "ipsec showhostkey".
# this file is managed with debconf and will contain the automatically created private key
jchoi32@myhome.com : EAP "ABCD.1234.EFGH"
192.16.1.40 55.105.28.74 : PSK SecretKeyWithPadding
%any : PSK SecretKeyWithPadding
====================
Заранее спасибо!
Джейсон