Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Installing VPN

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
carthago
Posts: 4
Joined: 2018-04-09 18:31

Installing VPN

#1 Post by carthago »

I am trying configuring VPN with IKEv2 on debian 9.3.0 stretch . i tried to find plugin d-plugin-eap-mschapv2
in main repos. but there was no. so i downloaded the deb file from sid download page installed it with Gdebi and now my vpn connection give me this

server requested EAP_IDENTITY (id 0x00), sending 'hasdrubal2'
generating IKE_AUTH request 2 [ EAP/RES/ID ]
sending packet: from 10.0.0.136[4500] to 46.166.179.54[4500] (112 bytes)
received packet: from 46.166.179.54[4500] to 10.0.0.136[4500] (128 bytes)
parsed IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]
server requested EAP_MSCHAPV2 authentication (id 0x01)
generating IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]
sending packet: from 10.0.0.136[4500] to 46.166.179.54[4500] (160 bytes)
received packet: from 46.166.179.54[4500] to 10.0.0.136[4500] (96 bytes)
parsed IKE_AUTH response 3 [ EAP/FAIL ]
received EAP_FAILURE, EAP authentication failed
generating INFORMATIONAL request 4 [ N(AUTH_FAILED) ]
sending packet: from 10.0.0.136[4500] to 46.166.179.54[4500] (96 bytes)
establishing connection 'hide-nl' failed


i guess it is because of this plugin? any ideas where can i get this plugin for strecth or why cant i log on to vpn?

jibberjabber
Posts: 162
Joined: 2016-01-10 16:58

Re: Installing VPN

#2 Post by jibberjabber »

debian 9.3.0 stretch ====
so i downloaded the deb file from sid download page
Should have read first, along with other documentation:
https://wiki.debian.org/DontBreakDebian
Repositories that can create a FrankenDebian if used with Debian Stable:

Debian testing release (currently buster)

Debian unstable release (also known as sid)

Ubuntu, Mint or other derivative repositories are not compatible with Debian!
Ubuntu PPAs
==================
any ideas where can i get this plugin for strecth
There might be something in the backports, I would have to do some searches for you, or you could do the searches, the Debian documentation also has information on using backports.
d-plugin-eap-mschapv2 for Debian 9 in Debian repositories

===============
How to use Debian Backports
written by HelpBot#8453
Alias jibberjabber
I am sorry, my english is not that good, and I sometimes have other problems,so my response might not be perfect.
N5RLX > "Jibber jabber ,all day and all night, jibber jabber jibber jabber"

carthago
Posts: 4
Joined: 2018-04-09 18:31

Re: Installing VPN

#3 Post by carthago »

i installed ibcharon-extra-plugins (5.5.1-4+deb9u1) already but i could not find the strongswan-plugin-eap-mschapv2. Sid plugin i cannot find in the synaptics. have this error of authentification on the server.Any ideas why i have this error?

carthago
Posts: 4
Joined: 2018-04-09 18:31

Re: Installing VPN

#4 Post by carthago »

ok i reinstalled all these packages with lower version from strecth (disabling sid repository)
now i have this
root@debian:~# ipsec restart
Stopping strongSwan IPsec...
Starting strongSwan 5.5.1 IPsec [starter]...
root@debian:~# ipsec up hide-nl
initiating IKE_SA hide-nl[1] to 46.166.179.50
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from 10.0.0.136[500] to 46.166.179.50[500] (1444 bytes)
received packet: from 46.166.179.50[500] to 10.0.0.136[500] (60 bytes)
parsed IKE_SA_INIT response 0 [ N(COOKIE) ]
initiating IKE_SA hide-nl[1] to 46.166.179.50
generating IKE_SA_INIT request 0 [ N(COOKIE) SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from 10.0.0.136[500] to 46.166.179.50[500] (1476 bytes)
received packet: from 46.166.179.50[500] to 10.0.0.136[500] (38 bytes)
parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
peer didn't accept DH group MODP_3072, it requested ECP_521
initiating IKE_SA hide-nl[1] to 46.166.179.50
generating IKE_SA_INIT request 0 [ N(COOKIE) SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from 10.0.0.136[500] to 46.166.179.50[500] (1224 bytes)
received packet: from 46.166.179.50[500] to 10.0.0.136[500] (385 bytes)
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
local host is behind NAT, sending keep alives
received 2 cert requests for an unknown ca
no IDi configured, fall back on IP address
establishing CHILD_SA hide-nl
generating IKE_AUTH request 1 [ IDi CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
sending packet: from 10.0.0.136[4500] to 46.166.179.50[4500] (368 bytes)
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(1/11) ]
received fragment #1 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(2/11) ]
received fragment #2 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(3/11) ]
received fragment #3 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(4/11) ]
received fragment #4 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(5/11) ]
received fragment #5 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(6/11) ]
received fragment #6 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(7/11) ]
received fragment #7 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(8/11) ]
received fragment #8 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(9/11) ]
received fragment #9 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(10/11) ]
received fragment #10 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (148 bytes)
parsed IKE_AUTH response 1 [ EF(11/11) ]
received fragment #11 of 11, reassembling fragmented IKE message
parsed IKE_AUTH response 1 [ IDr CERT CERT AUTH EAP/REQ/ID ]
received end entity cert "C=MY, ST=Wilayah Persekutuan, L=Labuan, O=eVenture Limited, CN=*.hide.me"
received issuer cert "C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA"
using certificate "C=MY, ST=Wilayah Persekutuan, L=Labuan, O=eVenture Limited, CN=*.hide.me"
using untrusted intermediate certificate "C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA"
checking certificate status of "C=MY, ST=Wilayah Persekutuan, L=Labuan, O=eVenture Limited, CN=*.hide.me"
requesting ocsp status from 'http://ocsp.digicert.com' ...
ocsp response correctly signed by "C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA"
ocsp response is valid: until Apr 16 19:26:52 2018
certificate status is good
no issuer certificate found for "C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA"
no trusted RSA public key found for 'C=MY, ST=Wilayah Persekutuan, L=Labuan, O=eVenture Limited, CN=*.hide.me'
generating INFORMATIONAL request 2 [ N(AUTH_FAILED) ]
sending packet: from 10.0.0.136[4500] to 46.166.179.50[4500] (96 bytes)
establishing connection 'hide-nl' failed

Post Reply