Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

strongswan客户端连接提示“用户鉴权失败” #192

Open
py-friend opened this issue Mar 20, 2021 · 4 comments
Open

strongswan客户端连接提示“用户鉴权失败” #192

py-friend opened this issue Mar 20, 2021 · 4 comments

Comments

@py-friend
Copy link

用最新的5.9.0脚本在ubuntu16.04 vps上重建ikev2服务器后,在安卓9.0机顶盒上使用strongswan客户端连接提示“用户鉴权失败”,但是win10和ios自带客户端都是没有问题的,请问是什么问题?
另外,2年前使用5.5.1版本的这个脚本搭建的IKEV2服务器在所有客户端都没有问题
@jackytang
Copy link

我也碰到同样的问题,安卓手机怎么试都不行,ios和osx都没有问题

@Dca3fu3
Copy link

Dca3fu3 commented Jul 7, 2021

刚好解决这个问题:
修改ipsec.conf 文件,
在"conn networkmanager-strongswan"下面增加ike=…… 和esp=……两行。
重启ipsec服务后就行了。
如下
conn networkmanager-strongswan
keyexchange=ikev2
ike=aes256-sha256-modp2048,3des-sha1-modp2048,aes256-sha1-modp2048!
esp=aes128-sha256
left=%defaultroute
leftauth=pubkey
leftsubnet=0.0.0.0/0
leftcert=server.cert.pem
right=%any
rightauth=pubkey
rightsourceip=10.31.2.0/24
rightcert=client.cert.pem
auto=add

@Dca3fu3
Copy link

Dca3fu3 commented Jul 7, 2021

conn android_xauth_psk
keyexchange=ikev1
ike=aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-modp1536,aes128-sha256-modp2048,aes256-aes128-sha256-sha1-modp2048-modp4096-modp1024,aes256-sha1-modp1024,aes256-sha256-modp1024,aes256-sha256-modp1536,aes256-sha256-modp2048,aes256-sha256-modp4096,aes256-sha384-ecp384,aes256-sha384-modp1024,aes256-sha384-modp1536,aes256-sha384-modp2048,aes256-sha384-modp4096,aes256gcm16-aes256gcm12-aes128gcm16-aes128gcm12-sha256-sha1-modp2048-modp4096-modp1024,3des-sha1-modp1024!
esp=aes128-aes256-sha1-sha256-modp2048-modp4096-modp1024,aes128-sha1,aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048,aes128-sha256,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-modp1536,aes128-sha256-modp2048,aes128gcm12-aes128gcm16-aes256gcm12-aes256gcm16-modp2048-modp4096-modp1024,aes128gcm16,aes128gcm16-ecp256,aes256-sha1,aes256-sha256,aes256-sha256-modp1024,aes256-sha256-modp1536,aes256-sha256-modp2048,aes256-sha256-modp4096,aes256-sha384,aes256-sha384-ecp384,aes256-sha384-modp1024,aes256-sha384-modp1536,aes256-sha384-modp2048,aes256-sha384-modp4096,aes256gcm16,aes256gcm16-ecp384,3des-sha1!
left=%defaultroute
leftauth=psk
leftsubnet=0.0.0.0/0
right=%any
rightauth=psk
rightauth2=xauth
rightsourceip=10.31.2.0/24
rekey=no
auto=add
顺便贴个Android的,同样是增加ike和esp,不增加我的Android手机也连接不上。

@fenguoerbian
Copy link

很关键,解决我连不上的问题~

刚好解决这个问题: 修改ipsec.conf 文件, 在"conn networkmanager-strongswan"下面增加ike=…… 和esp=……两行。 重启ipsec服务后就行了。 如下 conn networkmanager-strongswan keyexchange=ikev2 ike=aes256-sha256-modp2048,3des-sha1-modp2048,aes256-sha1-modp2048! esp=aes128-sha256 left=%defaultroute leftauth=pubkey leftsubnet=0.0.0.0/0 leftcert=server.cert.pem right=%any rightauth=pubkey rightsourceip=10.31.2.0/24 rightcert=client.cert.pem auto=add

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jackytang @Dca3fu3 @fenguoerbian @py-friend