I'm in the exact same situation as sashok_bg here : I'm trying to access my Freebox pro VPN through Swanstrong client vpn on Debian.
So far, with what has been said in his converstation with ecdsa, and modifying my config file accordingly, I've managed to have this error :
initiating IKE_SA vpn-test[1] to <remote_ip>
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from <local_ip>[500] to <remote_ip>[500] (936 bytes)
received packet: from <remote_ip>[500] to <local_ip>[500] (280 bytes)
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ]
selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
local host is behind NAT, sending keep alives
remote host is behind NAT
sending cert request for "C=US, O=Let's Encrypt, CN=R3"
no IDi configured, fall back on IP address
establishing CHILD_SA vpn-test{1}
generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
sending packet: from <local_ip>[4500] to 8<remote_ip>[4500] (368 bytes)
received packet: from <remote_ip>[4500] to <local_ip>[4500] (80 bytes)
parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
received AUTHENTICATION_FAILED notify error
establishing connection 'vpn-test' failed
This is my ipsec.conf file :
config setup
charondebug="ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2, 0"
conn vpn-test
keyexchange=ikev2
leaftauth=eap
rightauth=pubkey
left=<local_ip>
right=<remote_ip>
eap_identity=<username>
auto=add
And this is what me ipsec.secrets file contains :
<username> : EAP "<pass>"
<local_ip> <remote_ip> : EAP "<pass>"
This is the "documentation" given by the ISP about the VPN : https://support-pro.free.fr/comment-se-connecter-au-vpn-depuis-mon-peripherique-android/
And I must say, this is the first time I set up an client vpn like that. I don't have access to logs or certs of the router vpn.
rightid=<hostname of your router>,leftid=<username>no issuer certificate found for "C=US, O=Let's Encrypt, CN=R3" issuer is "C=US, O=Internet Security Research Group, CN=ISRG Root X1" no trusted RSA public key found for <router_id> generating INFORMATIONAL request 2 [ N(AUTH_FAILED) ] sending packet: from <local_ip>[4500] to >remote_ip>[4500] (80 bytes) establishing connection 'vpn-test' failedISRG Root X1) in/etc/ipsec.d/cacerts/. If you have theca-certificatespackage installed on your Debian system, then you can copy it from/etc/ssl/certs/ISRG_Root_X1.pem. Otherwise, you can also download it from Let's Encrypt.