I'd assume changes in /etc/ipsec.secrets and /etc/ipsec.conf are to be made. My current ipsec.conf looks like this: config setup charondebug="ike 1, knl 1, cfg 0" uniqueids=no conn ikev2-vpn auto=add compress=no type=tunnel keyexchange=ikev2 fragmentation=yes forceencaps=yes ike=aes256-sha1-modp1024,3des-sha1-modp1024!
Ubuntu Manpage: ipsec.secrets - secrets for IKE/IPsec ipsec.secrets - secrets for IKE/IPsec authentication DESCRIPTION The file ipsec.secrets holds a table of secrets. These secrets are used by the strongSwan Internet Key Exchange (IKE) daemons pluto (IKEv1) and charon (IKEv2) to authenticate other hosts. It is vital that these secrets be protected. ipsec.secrets: secrets for IKE/IPsec authentication # sample /etc/ipsec.secrets file for 10.1.0.1 10.1.0.1 10.2.0.1 : PSK "secret shared by two hosts" # sample roadwarrior %any gateway.corp.com : PSK "shared secret with many roadwarriors" # sample server for roadwarriors myip %any : PSK "shared secret with many roadwarriors" # an entry may be split across lines, # but indentation matters www
For ipsec.conf and ipsec.secrets, see above. In the end, it turned out to be most likely a setting in the firewall. I then used netExtender by SonicWall to then make the connection work and now use Remmina as my remote desktop client.
vim /etc/ipsec.conf conn ipsec-ikev2-vpn-client auto=start right=vpnsvr.kifarunix-demo.com rightid=vpnsvr.kifarunix-demo.com rightsubnet=0.0.0.0/0 rightauth=pubkey leftsourceip=%config leftid=vpnsecure leftauth=eap-mschapv2 eap_identity=%identity. Setup authentication secrets. vim /etc/ipsec.secrets
$ nano /etc/ipsec.secrets 0.0.0.0: **** PSK **“Your PSK”** This breaks down as left IP, right IP, PSK. If you are using a different form of authentication, you may wish to read man 5 ipsec.secrets. 0.0.0.0 is a reserved IP address which we’re using here to mean “any IP address”. We could use a static IP address here, but this is
ipsec.secrets Reference - ipsec.secrets Reference - strongSwan ipsec.secrets¶. strongSwan's /etc/ipsec.secrets file contains an unlimited number of the following types of secrets: RSA defines an RSA private key; ECDSA defines an libreswan include ipsec.*.secrets # get secrets from other files Each entry in the file is a list of indices, followed by a secret. The two parts are separated by a colon (:) that is followed by whitespace or a newline. An index is an IP address, or a Fully Qualified Domain Name, user@FQDN, %any or %any6 (other kinds may come). An IP address may be Setup IPSEC VPN using StrongSwan on Debian 10 - kifarunix.com vim /etc/ipsec.secrets # This file holds shared secrets or RSA private keys for authentication. # RSA private key for this host, authenticating it to any other host which knows the public part. Ubuntu Manpage: ipsec.secrets - secrets for IKE/IPsec