Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ikev2, anyone got it working?

negreuj67_
New Contributor
‎02-09-2011 06:50:AM
‎02-09-2011 06:50:AM

Re: ikev2, anyone got it working?

Hi,

User/PW Auth will be supported with 7.1. Can you please share strong swan config. I have the same SA config, but it does not work!

Regards

JS

0 Kudos
VincentM_
Occasional Contributor
‎03-03-2011 02:12:AM
‎03-03-2011 02:12:AM

Re: ikev2, anyone got it working?

Hi There,

I have the same problem as yours. So this makes me open a case this morning...

- Strongswan IKEv2 Client is working Fine on Linux (for both EAP-MSCHAPv2 and certificate authentication)

- But, I'am unable to connect with Windows 7: I've got a 13868 error on Windows 7. SSL VPN user logs shows that credentials are accepted and a IKEv2 Protocol error (IKEV2_NO_PROPOSAL_CHOSEN).

For info, on linux, my ipsec.conf contains the following:

# ipsec.conf - strongSwan IPsec configuration file
config setup
charonstart=yes
plutostart=yes

# Add connections here.
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2

conn sslvpn
leftauth=eap-mschapv2
leftid=<your username>
right=<your SSL VPN IP Address used for IKEv2>
rightid=%any
rightauth=rsasig
rightsubnet=<the subnet you want to have access>
auto=add
leftsourceip=%config

You should add the corresponding password on ipsec.secrets file:

<your username> : EAP "<your password>"

You should add the corresponding ROOT CA used for the SSL VPN certificate on the /etc/ipsec.d/cacerts folder.

On the SSL VPN, I use a local backend, with clear text password. Do not forget that only local auth (with clear text password option ) and Active Directory Backend are supported to do MSCHAPv2.

I hope that radius backend will be supported soon (all the EAP stuff is already on my radius server...).

Regards,

Vincent

0 Kudos
VincentM_
Occasional Contributor
‎03-04-2011 02:52:AM
‎03-04-2011 02:52:AM

Re: ikev2, anyone got it working?

Finally, I am able to connect with IKEv2 on Windows 7 Client.

I had to change something on my "Ressource profile":

I had to set "Network Connect" Transport mode to "ESP AES128/SHA1" (as shown on screenshot) "ESP AES128/MD5" is not working.

Now IKEv2 tunnels works on Windows 7 and Linux clients.

0 Kudos
oge_
Not applicable
‎04-18-2011 09:16:AM
‎04-18-2011 09:16:AM

Re: ikev2, anyone got it working?

Are certs still needed to do EAP user auth with IVE 7.1? Admin Guide has lttle on this and seems to merge EAP and Cert auth. I didn't do anything with certs and I'm getting following error from Windows 7 client "Error 13801: IKE auth credentials are unacceptable".

0 Kudos
zanyterp_
Respected Contributor
‎07-02-2013 12:32:PM
‎07-02-2013 12:32:PM

Re: ikev2, anyone got it working?

No, certificate authentication is no longer needed (starting with 7.1).

Have you verified the steps/instructions outlined here: KB21321?

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.