Has anyone gotten GVC (Global VPN Client, NOT Net Extender!!!!) to work with strongSwan?
rustycar54
Newbie ✭
I only run Linux in the office. I am trying to help a client/friend with their system, and need remote access to his network. He does not need access in to my computer, and I only plan to use one computer to access his network. He runs the GVC version (ipsec) of the SonicWall VPN.
I have managed to get the Shared Secret to 'work', but now I (think I) need to send my username and password. Here's the syslog entries (slightly modified, removing a bit of identifying info) from the apparently successful connection attempt:
Mar 18 16:16:49 rusty-Alienware-17-R4 charon: 04[CFG] received stroke: add connection 'paris-to-vr'
Mar 18 16:16:49 rusty-Alienware-17-R4 charon: 04[CFG] added configuration 'paris-to-vr'
Mar 18 16:16:49 rusty-Alienware-17-R4 charon: 06[CFG] received stroke: initiate 'paris-to-vr'
Mar 18 16:16:49 rusty-Alienware-17-R4 charon: 06[IKE] initiating IKE_SA paris-to-vr[1] to vvv.vvv.vvv.vvv
Mar 18 16:16:49 rusty-Alienware-17-R4 charon: 06[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Mar 18 16:16:49 rusty-Alienware-17-R4 charon: 06[NET] sending packet: from 192.168.1.33[500] to vvv.vvv.vvv.vvv[500] (336 bytes)
Mar 18 16:16:53 rusty-Alienware-17-R4 charon: 07[IKE] retransmit 1 of request with message ID 0
Mar 18 16:16:53 rusty-Alienware-17-R4 charon: 07[NET] sending packet: from 192.168.1.33[500] to vvv.vvv.vvv.vvv[500] (336 bytes)
Mar 18 16:17:00 rusty-Alienware-17-R4 charon: 10[IKE] retransmit 2 of request with message ID 0
Mar 18 16:17:00 rusty-Alienware-17-R4 charon: 10[NET] sending packet: from 192.168.1.33[500] to vvv.vvv.vvv.vvv[500] (336 bytes)
Mar 18 16:17:01 rusty-Alienware-17-R4 CRON[248808]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Mar 18 16:17:13 rusty-Alienware-17-R4 charon: 16[IKE] retransmit 3 of request with message ID 0
Mar 18 16:17:13 rusty-Alienware-17-R4 charon: 16[NET] sending packet: from 192.168.1.33[500] to vvv.vvv.vvv.vvv[500] (336 bytes)
Mar 18 16:17:36 rusty-Alienware-17-R4 charon: 15[IKE] retransmit 4 of request with message ID 0
Mar 18 16:17:36 rusty-Alienware-17-R4 charon: 15[NET] sending packet: from 192.168.1.33[500] to vvv.vvv.vvv.vvv[500] (336 bytes)
Mar 18 16:18:18 rusty-Alienware-17-R4 charon: 03[IKE] retransmit 5 of request with message ID 0
Mar 18 16:18:18 rusty-Alienware-17-R4 charon: 03[NET] sending packet: from 192.168.1.33[500] to vvv.vvv.vvv.vvv500] (336 bytes)
<comment - I'm guessing this is where I shut down ipsec right at this point below>
Mar 18 16:18:42 rusty-Alienware-17-R4 charon: 00[DMN] signal of type SIGINT received. Shutting down
Mar 18 16:18:42 rusty-Alienware-17-R4 charon: 00[IKE] destroying IKE_SA in state CONNECTING without notification
(I removed the startup info, can submit if anyone needs it)
while it was in the 'sending packet' phase above, I asked the computer:
Sat Mar 18 16:16:10 RustyC ~/VirtualBox VMs $ sudo ipsec status
[sudo] password for rusty:
Security Associations (0 up, 1 connecting):
paris-to-vr[1]: CONNECTING, 192.168.1.33[%any]...vvv.vvv.vvv.vvv[%any]
Sat Mar 18 16:17:17 RustyC ~/VirtualBox VMs $
Which implies I'm not fully 'up' yet.
Can someone point me to the next step(s)? I'm guessing maybe l2p? I tried adding 'rightauth2=xauth-generic and xauth_identity=MyUserName to my ipsec.conf and didn't see any obvious changes to the syslog between the 2 attempts. (my ipsec.secrets file says:
remote_vr_ip %any : PSK <mykey>
MyUserName : XAUTH <myPassword>
So, what am I missing? Thanks!
(Notes - besides the first paragraph's info, I don't care if my local computer is ONLY able to access his network when the VPN is up. So I just need my local PC on his LAN so I can access 2 different computers on it.)
Answers
I also tried using the Mac instructions in https://www.sonicwall.com/support/knowledge-base/l2tp-vpn-configuration-on-mac-os-x/170505942152169/ and all I get there is failure to connect (NOTE - I am only the user, I can't change the server configs). I'm wondering where the user name gets put into the environment for the Mac attempt...
Should I also say that I cannot connect to the Global VPN server from a windows GVC? Probably. I can't. When I hit 'enable' it asks for my username and password, which I then enter. As I remember, it went to 'connected' for a moment and then 'disabled'. If I enter BAD username/password pair, I get a different reaction ('invalid password', or something like that).
Other things I probably should have mentioned before:
Linux is Linux Mint 20.2, up to date as of last month.
Mac is running OS X El Capitan 10.11.6
And I just discovered a nice little error message at the bottom of my Windows GVC attempt:
<date/time etc> The downloaded policy configuration contains no destination networks.
<date/time etc> The policy downloaded from the firewall is invalid or incomplete. Contact your network administrator.
Gag, wish I'd seen that 20 hours ago! ;-)
I've initiated a discussion with my 'network administrator' about this. Will report back if that is the only thing keeping my windows, Linux, AND Mac attempts from working....
I have configured strongwan in a ubuntu 20.04 to connect to the WAN group VPN and worked correctly with the info below. You may have to modify it a bit for your case but should help hopefully