I am trying configuring VPN with IKEv2 on debian 9.3.0 stretch . i tried to find plugin d-plugin-eap-mschapv2
in main repos. but there was no. so i downloaded the deb file from sid download page installed it with Gdebi and now my vpn connection give me this
server requested EAP_IDENTITY (id 0x00), sending 'hasdrubal2'
generating IKE_AUTH request 2 [ EAP/RES/ID ]
sending packet: from 10.0.0.136[4500] to 46.166.179.54[4500] (112 bytes)
received packet: from 46.166.179.54[4500] to 10.0.0.136[4500] (128 bytes)
parsed IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]
server requested EAP_MSCHAPV2 authentication (id 0x01)
generating IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]
sending packet: from 10.0.0.136[4500] to 46.166.179.54[4500] (160 bytes)
received packet: from 46.166.179.54[4500] to 10.0.0.136[4500] (96 bytes)
parsed IKE_AUTH response 3 [ EAP/FAIL ]
received EAP_FAILURE, EAP authentication failed
generating INFORMATIONAL request 4 [ N(AUTH_FAILED) ]
sending packet: from 10.0.0.136[4500] to 46.166.179.54[4500] (96 bytes)
establishing connection 'hide-nl' failed
i guess it is because of this plugin? any ideas where can i get this plugin for strecth or why cant i log on to vpn?
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Installing VPN
-
- Posts: 162
- Joined: 2016-01-10 16:58
Re: Installing VPN
Should have read first, along with other documentation:debian 9.3.0 stretch ====
so i downloaded the deb file from sid download page
https://wiki.debian.org/DontBreakDebian
==================Repositories that can create a FrankenDebian if used with Debian Stable:
Debian testing release (currently buster)
Debian unstable release (also known as sid)
Ubuntu, Mint or other derivative repositories are not compatible with Debian!
Ubuntu PPAs
There might be something in the backports, I would have to do some searches for you, or you could do the searches, the Debian documentation also has information on using backports.any ideas where can i get this plugin for strecth
d-plugin-eap-mschapv2 for Debian 9 in Debian repositories
===============
How to use Debian Backports
written by HelpBot#8453
Alias jibberjabber
I am sorry, my english is not that good, and I sometimes have other problems,so my response might not be perfect.
Alias jibberjabber
I am sorry, my english is not that good, and I sometimes have other problems,so my response might not be perfect.
N5RLX > "Jibber jabber ,all day and all night, jibber jabber jibber jabber"
Re: Installing VPN
i installed ibcharon-extra-plugins (5.5.1-4+deb9u1) already but i could not find the strongswan-plugin-eap-mschapv2. Sid plugin i cannot find in the synaptics. have this error of authentification on the server.Any ideas why i have this error?
Re: Installing VPN
ok i reinstalled all these packages with lower version from strecth (disabling sid repository)
now i have this
root@debian:~# ipsec restart
Stopping strongSwan IPsec...
Starting strongSwan 5.5.1 IPsec [starter]...
root@debian:~# ipsec up hide-nl
initiating IKE_SA hide-nl[1] to 46.166.179.50
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from 10.0.0.136[500] to 46.166.179.50[500] (1444 bytes)
received packet: from 46.166.179.50[500] to 10.0.0.136[500] (60 bytes)
parsed IKE_SA_INIT response 0 [ N(COOKIE) ]
initiating IKE_SA hide-nl[1] to 46.166.179.50
generating IKE_SA_INIT request 0 [ N(COOKIE) SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from 10.0.0.136[500] to 46.166.179.50[500] (1476 bytes)
received packet: from 46.166.179.50[500] to 10.0.0.136[500] (38 bytes)
parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
peer didn't accept DH group MODP_3072, it requested ECP_521
initiating IKE_SA hide-nl[1] to 46.166.179.50
generating IKE_SA_INIT request 0 [ N(COOKIE) SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from 10.0.0.136[500] to 46.166.179.50[500] (1224 bytes)
received packet: from 46.166.179.50[500] to 10.0.0.136[500] (385 bytes)
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
local host is behind NAT, sending keep alives
received 2 cert requests for an unknown ca
no IDi configured, fall back on IP address
establishing CHILD_SA hide-nl
generating IKE_AUTH request 1 [ IDi CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
sending packet: from 10.0.0.136[4500] to 46.166.179.50[4500] (368 bytes)
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(1/11) ]
received fragment #1 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(2/11) ]
received fragment #2 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(3/11) ]
received fragment #3 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(4/11) ]
received fragment #4 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(5/11) ]
received fragment #5 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(6/11) ]
received fragment #6 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(7/11) ]
received fragment #7 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(8/11) ]
received fragment #8 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(9/11) ]
received fragment #9 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(10/11) ]
received fragment #10 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (148 bytes)
parsed IKE_AUTH response 1 [ EF(11/11) ]
received fragment #11 of 11, reassembling fragmented IKE message
parsed IKE_AUTH response 1 [ IDr CERT CERT AUTH EAP/REQ/ID ]
received end entity cert "C=MY, ST=Wilayah Persekutuan, L=Labuan, O=eVenture Limited, CN=*.hide.me"
received issuer cert "C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA"
using certificate "C=MY, ST=Wilayah Persekutuan, L=Labuan, O=eVenture Limited, CN=*.hide.me"
using untrusted intermediate certificate "C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA"
checking certificate status of "C=MY, ST=Wilayah Persekutuan, L=Labuan, O=eVenture Limited, CN=*.hide.me"
requesting ocsp status from 'http://ocsp.digicert.com' ...
ocsp response correctly signed by "C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA"
ocsp response is valid: until Apr 16 19:26:52 2018
certificate status is good
no issuer certificate found for "C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA"
no trusted RSA public key found for 'C=MY, ST=Wilayah Persekutuan, L=Labuan, O=eVenture Limited, CN=*.hide.me'
generating INFORMATIONAL request 2 [ N(AUTH_FAILED) ]
sending packet: from 10.0.0.136[4500] to 46.166.179.50[4500] (96 bytes)
establishing connection 'hide-nl' failed
now i have this
root@debian:~# ipsec restart
Stopping strongSwan IPsec...
Starting strongSwan 5.5.1 IPsec [starter]...
root@debian:~# ipsec up hide-nl
initiating IKE_SA hide-nl[1] to 46.166.179.50
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from 10.0.0.136[500] to 46.166.179.50[500] (1444 bytes)
received packet: from 46.166.179.50[500] to 10.0.0.136[500] (60 bytes)
parsed IKE_SA_INIT response 0 [ N(COOKIE) ]
initiating IKE_SA hide-nl[1] to 46.166.179.50
generating IKE_SA_INIT request 0 [ N(COOKIE) SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from 10.0.0.136[500] to 46.166.179.50[500] (1476 bytes)
received packet: from 46.166.179.50[500] to 10.0.0.136[500] (38 bytes)
parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
peer didn't accept DH group MODP_3072, it requested ECP_521
initiating IKE_SA hide-nl[1] to 46.166.179.50
generating IKE_SA_INIT request 0 [ N(COOKIE) SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from 10.0.0.136[500] to 46.166.179.50[500] (1224 bytes)
received packet: from 46.166.179.50[500] to 10.0.0.136[500] (385 bytes)
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
local host is behind NAT, sending keep alives
received 2 cert requests for an unknown ca
no IDi configured, fall back on IP address
establishing CHILD_SA hide-nl
generating IKE_AUTH request 1 [ IDi CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
sending packet: from 10.0.0.136[4500] to 46.166.179.50[4500] (368 bytes)
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(1/11) ]
received fragment #1 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(2/11) ]
received fragment #2 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(3/11) ]
received fragment #3 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(4/11) ]
received fragment #4 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(5/11) ]
received fragment #5 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(6/11) ]
received fragment #6 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(7/11) ]
received fragment #7 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(8/11) ]
received fragment #8 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(9/11) ]
received fragment #9 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (532 bytes)
parsed IKE_AUTH response 1 [ EF(10/11) ]
received fragment #10 of 11, waiting for complete IKE message
received packet: from 46.166.179.50[4500] to 10.0.0.136[4500] (148 bytes)
parsed IKE_AUTH response 1 [ EF(11/11) ]
received fragment #11 of 11, reassembling fragmented IKE message
parsed IKE_AUTH response 1 [ IDr CERT CERT AUTH EAP/REQ/ID ]
received end entity cert "C=MY, ST=Wilayah Persekutuan, L=Labuan, O=eVenture Limited, CN=*.hide.me"
received issuer cert "C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA"
using certificate "C=MY, ST=Wilayah Persekutuan, L=Labuan, O=eVenture Limited, CN=*.hide.me"
using untrusted intermediate certificate "C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA"
checking certificate status of "C=MY, ST=Wilayah Persekutuan, L=Labuan, O=eVenture Limited, CN=*.hide.me"
requesting ocsp status from 'http://ocsp.digicert.com' ...
ocsp response correctly signed by "C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA"
ocsp response is valid: until Apr 16 19:26:52 2018
certificate status is good
no issuer certificate found for "C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA"
no trusted RSA public key found for 'C=MY, ST=Wilayah Persekutuan, L=Labuan, O=eVenture Limited, CN=*.hide.me'
generating INFORMATIONAL request 2 [ N(AUTH_FAILED) ]
sending packet: from 10.0.0.136[4500] to 46.166.179.50[4500] (96 bytes)
establishing connection 'hide-nl' failed