2

Сейчас я настраиваю сервер strongswan и хочу протестировать его с помощью Android-клиента strongswan. Я настроил ipsec.conf, strongswan.conf и ipsec.secrets следующим образом и не смог войти в систему с помощью Android-клиента.

Кто-нибудь может дать мне совет или совет, что я сделал не так?

[ipsec.conf]
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
    # plutodebug=all
    # crlcheckinterval=600
    # strictcrlpolicy=yes
    # cachecrls=yes
    nat_traversal=yes
    charonstart=yes
    plutostart=no
    charondebug = "ike 4, knl 3, cfg 0"

#
# Jason Choi - 32 Network
#
conn jchoi32
    left=192.16.1.40
    leftfirewall=yes
    leftsubnet=0.0.0.0/0
    rightid=jchoi32@myhome.com
    rightsourceip=10.20.16.234
    keyexchange=ikev2
    ike=modp768-modp1024-modp1536-modp2048-modp3072-modp4096-modp6144-modp8192-md5-sha1-aesxcbc-des-3des-aes128-aes256-blowfish
    esp=md5-sha1-aesxcbc-des-3des-aes128-aes256
    rightsendcert=never
    rightauth=eap-radius
    eap_identity=%any
    auto=add
    # dpdaction=clear

[strongswan.conf]
# strongswan.conf - strongSwan configuration file
charon {
   filelog {

     /var/log/charon.log {
     time_format = %b %e %T
     append = no
     default = 1
     flush_line = yes
  }
  stderr {
     ike = 2
     knl = 3
     ike_name = yes
  }
}
syslog {
   identifier = charon-custom
   daemon {
   }
   auth {
      default = -1
      ike = 0
   }
}

# number of worker threads in charon
threads = 16
# send strongswan vendor ID?
# send_vendor_id = yes
plugins {
   sql {
      # loglevel to log into sql database
      loglevel = -1
      # URI to the database
      # database = sqlite:///path/to/file.db
      # database = mysql://user:password@localhost/database
   } 
   eap-radius {
      #class_group = yes
      eap_start = no
      servers {
         TEST-Radius {
            address = 10.20.16.135
            secret = test123
            #nas_identifier = ipsec-gateway
            #sockets = 20
            #port = 1812
         }
      }
   }
}
dns1 = 10.20.16.51
dns2 = 4.2.2.1
# inactivity_close_ike = yes
retransmit_tries = 3
#
# NAT Keep Alive interval
#
keep_alive = 30s
# ...

}
pluto {
}
libstrongswan {
   #  set to no, the DH exponent size is optimized
   #  dh_exponent_ansi_x9_42 = no
}
[ipsec.secrets]
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication.  See ipsec_pluto(8) manpage, and HTML documentation.
# RSA private key for this host, authenticating it to any other host
# which knows the public part.  Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "ipsec showhostkey".
# this file is managed with debconf and will contain the automatically created private key
jchoi32@myhome.com : EAP "ABCD.1234.EFGH"
192.16.1.40 55.105.28.74 : PSK SecretKeyWithPadding
%any : PSK SecretKeyWithPadding

====================

Заранее спасибо!

Джейсон

0