0

I've bought a VPS server and configured stronswan VPN. I was able to configure VPN on my Windows laptop(usinf certificate provided by Strongswan Web UI) and my android smartphon(configuration is provided by Strongswan Web UI) but I was not able to configure it on my router(TP-Link Archer AX55).

The dialog for configuring VPN looks like:

enter image description here

and I choose L2TP/IPSec. Then I see: enter image description here

I have no idea what should I type in a field to IPSec Pre-Shared Key

First of all I want to know if problem on router side configuration or on VPN service configuration. I've read this topic but I had no luck so let me share my configs here:

/etc/ipsec.conf:

config setup
    charondebug="ike 1, knl 1, cfg 0"
    uniqueids=no

conn ikev2-vpn
    auto=add
    compress=no
    type=tunnel
    keyexchange=ikev2
    fragmentation=yes
    forceencaps=yes

    dpdaction=clear
    dpddelay=300s
    rekey=no

    left=%any
    leftid=193.42.113.35
    leftcert=server-cert.pem
    leftsendcert=always
    #leftsendcert=never
    leftsubnet=0.0.0.0/0

    right=%any
    rightid=%any
    rightauth=eap-mschapv2
    rightsourceip=10.123.0.0/24
    rightdns=8.8.8.8,9.9.9.9
    rightsendcert=never

    eap_identity=%identity

    ike=chacha20poly1305-sha512-curve25519-prfsha512,aes256gcm16-sha384-prfsha384-ecp384,aes256-sha>
    esp=chacha20poly1305-sha512,aes256gcm16-ecp384,aes256-sha256,aes256-sha1,3des-sha1!

/etc/ipsec.secrets:

: PSK "test"
: RSA "server-key.pem"
usr775 : EAP "my_password"

How can I can configure my router ?

gstackoverflow
  • 101
  • 2
  • Note that your current strongSwan config is for IKEv2 with plain IPsec/ESP, while your router is only able to configure an L2TP/IPsec connection that is most likely created with IKEv1. So that requires a matching config on the server that works with IKEv1, PSK and L2TP and additionally requires setting up/configuring an L2TP daemon on the server (that's where the username/password will apply in this case). – ecdsa Dec 05 '22 at 09:30

1 Answers1

0

The IPSec Pre-Shared Key (PSK) is a shared secret that is used to authenticate the VPN connection between the client and the server. In your configuration, the PSK is defined as "test" in the /etc/ipsec.secrets file. This means that you will need to enter "test" in the IPSec Pre-Shared Key field in the router's VPN configuration.

It is important to note that the PSK is case-sensitive, so you will need to enter it exactly as it appears in the /etc/ipsec.secrets file. If you are still unable to connect to the VPN, it is possible that the problem is with the router's configuration or with the VPN server itself. You may need to check the router's documentation or contact the manufacturer for assistance with troubleshooting the issue. Additionally, you may want to check the logs on the VPN server to see if there are any error messages that could provide further insight into the problem.

vpnhelpcouk
  • 1
  • 1