Installing VPN

Kernels & Hardware, configuring network, installing services

Installing VPN

Postby carthago » 2018-04-09 18:36

I am trying configuring VPN with IKEv2 on debian 9.3.0 stretch . i tried to find plugin d-plugin-eap-mschapv2
in main repos. but there was no. so i downloaded the deb file from sid download page installed it with Gdebi and now my vpn connection give me this

server requested EAP_IDENTITY (id 0x00), sending 'hasdrubal2'
generating IKE_AUTH request 2 [ EAP/RES/ID ]
sending packet: from 10.0.0.136[4500] to 46.166.179.54[4500] (112 bytes)
received packet: from 46.166.179.54[4500] to 10.0.0.136[4500] (128 bytes)
parsed IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]
server requested EAP_MSCHAPV2 authentication (id 0x01)
generating IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]
sending packet: from 10.0.0.136[4500] to 46.166.179.54[4500] (160 bytes)
received packet: from 46.166.179.54[4500] to 10.0.0.136[4500] (96 bytes)
parsed IKE_AUTH response 3 [ EAP/FAIL ]
received EAP_FAILURE, EAP authentication failed
generating INFORMATIONAL request 4 [ N(AUTH_FAILED) ]
sending packet: from 10.0.0.136[4500] to 46.166.179.54[4500] (96 bytes)
establishing connection 'hide-nl' failed


i guess it is because of this plugin? any ideas where can i get this plugin for strecth or why cant i log on to vpn?
carthago
 
Posts: 4
Joined: 2018-04-09 18:31

Re: Installing VPN

Postby jibberjabber » 2018-04-09 19:00

debian 9.3.0 stretch ====
so i downloaded the deb file from sid download page


Should have read first, along with other documentation:
https://wiki.debian.org/DontBreakDebian
Repositories that can create a FrankenDebian if used with Debian Stable:

Debian testing release (currently buster)

Debian unstable release (also known as sid)

Ubuntu, Mint or other derivative repositories are not compatible with Debian!
Ubuntu PPAs

==================
any ideas where can i get this plugin for strecth

There might be something in the backports, I would have to do some searches for you, or you could do the searches, the Debian documentation also has information on using backports.
d-plugin-eap-mschapv2 for Debian 9 in Debian repositories

===============
How to use Debian Backports
written by HelpBot#8453
Alias jibberjabber
I am sorry, my english is not that good, and I sometimes have other problems,so my response might not be perfect.
N5RLX > "Jibber jabber ,all day and all night, jibber jabber jibber jabber"
jibberjabber
 
Posts: 111
Joined: 2016-01-10 16:58

Re: Installing VPN

Postby carthago » 2018-04-09 19:21

i installed ibcharon-extra-plugins (5.5.1-4+deb9u1) already but i could not find the strongswan-plugin-eap-mschapv2. Sid plugin i cannot find in the synaptics. have this error of authentification on the server.Any ideas why i have this error?
carthago
 
Posts: 4
Joined: 2018-04-09 18:31

Re: Installing VPN

Postby carthago » 2018-04-09 19:34

ok i reinstalled all these packages with lower version from strecth (disabling sid repository)
now i have this
root@debian:~# ipsec restart
Stopping strongSwan IPsec...
Starting strongSwan 5.5.1 IPsec [starter]...
root@debian:~# ipsec up hide-nl
initiating IKE_SA hide-nl[1] to 46.166.179.50
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from 10.0.0.136[500] to 46.166.179.50[500] (1444 bytes)
received packet: from 46.166.179.50[500] to 10.0.0.136[500] (60 bytes)
parsed IKE_SA_INIT response 0 [ N(COOKIE) ]
initiating IKE_SA hide-nl[1] to 46.166.179.50
generating IKE_SA_INIT request 0 [ N(COOKIE) SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from 10.0.0.136[500] to 46.166.179.50[500] (1476 bytes)
received packet: from 46.166.179.50[500] to 10.0.0.136[500] (38 bytes)
parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
peer didn't accept DH group MODP_3072, it requested ECP_521
initiating IKE_SA hide-nl[1] to 46.166.179.50
generating IKE_SA_INIT request 0 [ N(COOKIE) SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from 10.0.0.136[500] to 46.166.179.50[500] (1224 bytes)
received packet: from 46.166.179.50[500] to 10.0.0.136[500] (385 bytes)
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
local host is behind NAT, sending keep alives
received 2 cert requests for an unknown ca
no IDi configured, fall back on IP address
establishing CHILD_SA hide-nl
generating IKE_AUTH request 1 [ IDi CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
sending packet: from 10.0.0.136[4500] to 46.166.179.50[4500] (368 bytes)
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(1/11) ]
received fragment #1 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(2/11) ]
received fragment #2 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(3/11) ]
received fragment #3 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(4/11) ]
received fragment #4 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(5/11) ]
received fragment #5 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(6/11) ]
received fragment #6 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(7/11) ]
received fragment #7 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(8/11) ]
received fragment #8 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(9/11) ]
received fragment #9 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(10/11) ]
received fragment #10 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (148 bytes)
parsed IKE_AUTH response 1 [ EF(11/11) ]
received fragment #11 of 11, reassembling fragmented IKE message
parsed IKE_AUTH response 1 [ IDr CERT CERT AUTH EAP/REQ/ID ]
received end entity cert "C=MY, ST=Wilayah Persekutuan, L=Labuan, O=eVenture Limited, CN=*.hide.me"
received issuer cert "C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA"
using certificate "C=MY, ST=Wilayah Persekutuan, L=Labuan, O=eVenture Limited, CN=*.hide.me"
using untrusted intermediate certificate "C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA"
checking certificate status of "C=MY, ST=Wilayah Persekutuan, L=Labuan, O=eVenture Limited, CN=*.hide.me"
requesting ocsp status from 'http://ocsp.digicert.com' ...
ocsp response correctly signed by "C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA"
ocsp response is valid: until Apr 16 19:26:52 2018
certificate status is good
no issuer certificate found for "C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA"
no trusted RSA public key found for 'C=MY, ST=Wilayah Persekutuan, L=Labuan, O=eVenture Limited, CN=*.hide.me'
generating INFORMATIONAL request 2 [ N(AUTH_FAILED) ]
sending packet: from 10.0.0.136[4500] to 46.166.179.50[4500] (96 bytes)
establishing connection 'hide-nl' failed
carthago
 
Posts: 4
Joined: 2018-04-09 18:31


Return to System configuration

Who is online

Users browsing this forum: No registered users and 5 guests

fashionable