search

SpiderLabs / ikeforce

234 stars 72 forks source link

Problem with the final step #6

Open fed17 opened 7 years ago

fed17 commented 7 years ago

I'm running root@test:/home/soc/ikeforce# python ikeforce.py 192.168.1.9 -b -i 3000 -k abc123 -u fed -w t.txt -t 5 2 65001 2 After that the final debug message is --------------------Received Packet Number: 2--------------------

Duplicate of packet 1, discarding Duplicate packet count: 1

I'm testing my openswan server with config and secrets ipsec.secrets 192.168.1.9 %any : PSK "abc123" 192.168.1.9 @3000: PSK "abc123" @fed : XAUTH "aaa" ipsec.config conn iketest leftxauthserver=yes pfs=yes

rekey=no

    leftmodecfgserver=yes
    rightmodecfgclient=yes
    #modecfgpull=yes

    rightid=@3000
    rightxauthclient=yes
    left=192.168.1.9
    leftid=@moon.strongswan.org
    leftsubnet=10.1.0.0/24
    right=%any
    authby=secret
    ike=3des-sha;modp1024
    aggrmode=yes
    auth=esp
    esp=3des-sha1
    auto=add

Ikeforce is working while searching for groupID, correct ID was found but it doesn't work with the password Could you help me? Thank you

f0cker commented 7 years ago

can you paste the output with debugging enabled using -d?

fed17 commented 7 years ago

out.txt

f0cker commented 7 years ago

anything in the strongswan logs? it should be sending an xauth authentication request from the strongswan side next. Maybe xauth is not setup correctly in the strongswan config.

fed17 commented 7 years ago

2017-05-09 13 54 59

fed17 commented 7 years ago

as I understood from different tutorials, I should only enable leftxauthserver, rightxauthclient and add @username : XAUTH "pass" in secrets' file

f0cker commented 7 years ago

the strongswan logs will be your best bet, let me know if I can help any further. you can also test a connection with -c which should do all of the IKE negotiation and provide you with the details to use for ESP. however, bear in mind it's just for testing so there's limited capabilities without adding to the code

3000 commented 7 years ago

Hi!

Looks like i've been added to your project by mistake! My username is 3000 on github.

Can you please remove me from this notification/thread?

Thanks! Stuart

On Tue, May 9, 2017 at 10:20 PM, f0cker notifications@github.com wrote:

the strongswan logs will be your best bet, let me know if I can help any further. you can also test a connection with -c which should do all of the IKE negotiation and provide you with the details to use for ESP. however, bear in mind it's just for testing so there's limited capabilities without adding to the code

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/SpiderLabs/ikeforce/issues/6#issuecomment-300145932, or mute the thread https://github.com/notifications/unsubscribe-auth/AA6onIG23vubqtIGRSN_EBALqCb6fNIGks5r4Fn8gaJpZM4NSypI .