Клиент ikev2.

[Waik]

Всем привет. Нуждаюсь в вашей помощи. 

Развернул на vps VPN сервер Strongswan. 

Хочу через кинетик к нему подключиться. Перепробовал самые различные конфиги. Даже сделал так ( по совету пост😞 Настроил сервер ikev2 на кинетике, скопировал файл конфигурации ipsec.conf, с него на VPS - результата нет. 

Проверял на телефоне - все ок, подключение на этой конфигурации  через приложение strongswan к серверу есть. 

Телефон и кинетик в одной сети.

Конфиг  ipsec.conf strongswan

config setup
       charondebug = "asn 1, cfg 1, chd 1, dmn 1, enc 0, esp 1, ike 1, imc 1, imv 1, job 1, knl 1, lib 1, mgr 1, net 0, pts 1, tls 1, tnc 1"
conn VirtualIPServerIKE2
        keyingtries = 1
        margintime = 20s
        rekeyfuzz = 100%
        closeaction = none
        ike = aes128-sha256-modp1024,aes128-sha256-modp2048,aes128-sha256-ecp384,aes128-sha256-ecp256,aes128-sha1-modp1024,aes128-sha1-modp2048,aes128-sha1-ecp384,aes128-sha1-ecp256,aes256-sha256-modp1024,aes256-sha256-modp2048,aes256-s$
        ikelifetime = 28800s
        keyexchange = ikev2
        mobike = no
        esp = aes128-sha1,aes128-sha2_256,aes256-sha1,aes256-sha2_256!
        lifetime = 28800s
        dpdaction = clear
        dpddelay = 20s
        dpdtimeout = 60s
        leftid=ипсервера
        leftauth = pubkey
        leftcert=debian.pem
        leftsendcert = always
        rightid = %any
        rightauth = eap-mschapv2
        eap_identity=%any
        type = tunnel
        left = %any
        right = %any
        leftsubnet = 0.0.0.0/0
        reauth = no
        rightsubnet = %dynamic
        rightsourceip=10.10.10.0/24
        rightdns=8.8.8.8,8.8.4.4
        auto = add
        rekey = no
        forceencaps = yes

Лог кинетика

[I] Mar 19 11:26:21 ipsec: 06[CFG] received stroke: terminate 'IKE0[*]' 
[I] Mar 19 11:26:21 ipsec: 06[CFG] no IKE_SA named 'IKE0' found 
[I] Mar 19 11:26:21 ndm: IpSec::Configurator: crypto map "IKE0" shutdown complete. 
[I] Mar 19 11:26:21 ipsec: 05[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts' 
[I] Mar 19 11:26:22 ndm: Core::System::Configuration: configuration saved. 
[I] Mar 19 11:26:23 ndm: Network::Interface::Base: "IKE0": interface is up. 
[I] Mar 19 11:26:23 ndm: Core::System::Configuration: saving (http/rci). 
[I] Mar 19 11:26:24 ndm: IpSec::Interface::Ike: "IKE0": secure tunnel is down: retry to resolve remote endpoint. 
[I] Mar 19 11:26:25 ndm: Network::Interface::Tunnel: "IKE0": resolved destination ипсервера (ипсервера). 
[I] Mar 19 11:26:25 ndm: Network::Interface::Tunnel: "IKE0": use interface FastEthernet0/Vlan2 as source. 
[I] Mar 19 11:26:25 ndm: Network::Interface::Ip: "IKE0": IP address cleared. 
[I] Mar 19 11:26:25 ndm: Network::Interface::Tunnel: "IKE0": resolved source 10.10.10.14. 
[I] Mar 19 11:26:25 ipsec: 05[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts' 
[I] Mar 19 11:26:25 ipsec: 05[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts' 
[I] Mar 19 11:26:25 ipsec: 05[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts' 
[I] Mar 19 11:26:25 ipsec: 05[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls' 
[I] Mar 19 11:26:26 ndm: Network::Interface::Tunnel: "IKE0": added host route to tunnel destination endpoint ипсервера via 10.10.10.1. 
[I] Mar 19 11:26:26 ndm: IpSec::Manager: "IKE0": IP secure connection was added. 
[I] Mar 19 11:26:26 ndm: IpSec::Interface::Ike: "IKE0": updating client IP secure configuration. 
[I] Mar 19 11:26:27 ndm: Core::System::Configuration: configuration saved. 
[I] Mar 19 11:26:28 ndm: IpSec::Manager: create IPsec reconfiguration transaction... 
[I] Mar 19 11:26:28 ndm: IpSec::Manager: add config for crypto map "IKE0". 
[I] Mar 19 11:26:28 ndm: IpSec::Manager: add config for crypto map "VirtualIPServerIKE2". 
[I] Mar 19 11:26:28 ndm: IpSec::Manager: IPsec reconfiguration transaction was created. 
[I] Mar 19 11:26:28 ndm: IpSec::Configurator: start applying IPsec configuration. 
[I] Mar 19 11:26:28 ndm: IpSec::Configurator: IPsec configuration applying is done. 
[I] Mar 19 11:26:28 ndm: IpSec::Configurator: start reloading IKE keys task. 
[I] Mar 19 11:26:28 ipsec: 08[CFG] rereading secrets 
[I] Mar 19 11:26:28 ipsec: 08[CFG] loading secrets 
[I] Mar 19 11:26:28 ipsec: 08[CFG]   loaded IKE secret for ипсервера  
[I] Mar 19 11:26:28 ipsec: 08[CFG]   loaded EAP secret for Keen 
[I] Mar 19 11:26:28 ipsec: 08[CFG]   loaded NTLM secret for admin 
[I] Mar 19 11:26:28 ndm: IpSec::Configurator: reloading IKE keys task done. 
[I] Mar 19 11:26:28 ndm: Core::Server: started Session /var/run/ndm.core.socket. 
[I] Mar 19 11:26:28 ndm: IpSec::Configurator: start reloading IPsec config task. 
[I] Mar 19 11:26:28 ndm: Core::Session: client disconnected. 
[I] Mar 19 11:26:28 ndm: IpSec::IpSecNetfilter: start reloading netfilter configuration... 
[I] Mar 19 11:26:28 ndm: IpSec::IpSecNetfilter: netfilter configuration reloading is done. 
[I] Mar 19 11:26:28 ndm: IpSec::Configurator: reloading IPsec config task done. 
[I] Mar 19 11:26:28 ipsec: 05[CFG] received stroke: initiate 'IKE0' 
[I] Mar 19 11:26:28 ipsec: 05[CFG] no config named 'IKE0' 
[I] Mar 19 11:26:28 ndm: IpSec::Configurator: "IKE0": crypto map initialized. 
[I] Mar 19 11:26:29 ipsec: 08[CFG] rereading ca certificates from '/tmp/ipsec/ipsec.d/cacerts' 
[I] Mar 19 11:26:32 ipsec: 08[CFG] rereading aa certificates from '/tmp/ipsec/ipsec.d/aacerts' 
[I] Mar 19 11:26:32 ipsec: 08[CFG] rereading ocsp signer certificates from '/tmp/ipsec/ipsec.d/ocspcerts' 
[I] Mar 19 11:26:32 ipsec: 08[CFG] rereading attribute certificates from '/tmp/ipsec/ipsec.d/acerts' 
[I] Mar 19 11:26:32 ipsec: 08[CFG] rereading crls from '/tmp/ipsec/ipsec.d/crls' 

Изменено 19 марта, 2022 пользователем Waik

[Goga777]

Вам в итоге удалось запустить ikev2 клиент на кинетике с подключением к ipsec ikev2 vps серверу ?