I am trying to configure an ipsec (strongswan) vpn client to connect to my ISP-provided router's VPN.
I only have a username and password, no certificates.
In the documentation the provided (https://support-pro.free.fr/comment-se-connecter-au-vpn-depuis-mon-peripherique-android/) it says they use IKEv2 EAP protocol.
Could someone give me an example linux config for my /etc/ipsec.conf that would work with that ?
Here is my naive minimal config:
config setup
charondebug="ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2, 0"
conn proxym
keyexchange=ikev2
authby=psk
left=192.168.1.42
right=<remote ip>
eap_identity=<username i created in the vpn server>
auto=add
And the error I get:
sudo ipsec up proxym
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] sending packet: from 192.168.1.42[500] to [500] (1036 bytes) received packet: from [500] to 192.168.1.42[500] (280 bytes) parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256 local host is behind NAT, sending keep alives remote host is behind NAT sending cert request for "C=US, O=Internet Security Research Group, CN=ISRG Root X1" authentication of '192.168.1.42' (myself) with pre-shared key no shared key found for '192.168.1.42' - '' establishing connection 'proxym' failed
And my /etc/ipsec.secrets
<user> : EAP "PASS"
192.168.1.42 <remote ip> : EAP "PASS"
thank you in advance
authby=psk
withleftauth=eap
andrightauth=pubkey
(the latter is the default and works under the assumption that the router uses a certificate by Let's Encrypt).