1

I need to set up a connection to VPN server with Libreswan. I can't use strongswan, since they are not working well together when installed on the same OC.

My system is Linux Debian 10 (Buster) Kernel version: 4.19.0-17

I already have a working L2TP/IPSec VPN connection, so dont want to install additional software.

When I scan remote VPN with ike-scan, server responses with next:

Handshake returned:HDR=(CKY-R=574aa700c8ed7aa6, IKEv2) SA=(Encr=AES_CBC,KeyLength=128 Integ=HMAC_SHA1_96 Prf=HMAC_SHA1 DH_Group=2:modp1024) KeyExchange(132 bytes) Nonce(32 bytes) Notification(4 bytes)

This looks like libreswan can support the connection. When I try to start new connection I added into ipsec.conf, I got next:

002 "ikev2-srv" #1: constructed local IKE proposals for ikev2-srv (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128,HMAC_SHA1_96;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128,HMAC_SHA1_96;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256 (default)
133 "ikev2-srv" #1: STATE_PARENT_I1: sent v2I1, expected v2R1
002 "ikev2-srv" #1: WARNING: connection ikev2-srv PSK length of 8 bytes is too short for sha PRF in FIPS mode (10 bytes required)

Question is: how to configure mentioned Ikev2 vpn connection with libreswan? I got login / pass and server ip and nothing more. Also , my pass is smaller than it is expected(according to output).

0

You must log in to answer this question.