strong-swan & strong-Man integration issue

[SonnyMargwe]

i cant see strongswan connected clients in strongMan panel

[LarsTi]

Hey there, afaik you can only see those connections loaded via StrongMan. If you have connections loaded via file, those are not visible to StrongMan.

Kind regards

[SonnyMargwe]

Thanks for the reply. So there is any way i can connect my modified strongswan android app to strongMan panel? so as to manage my clients who are connected via android app

[LarsTi]

If you configure the clients on your strongMan directly, you should see them. Every Connection loaded via strongMan is monitored and visible by strongMan.

[SonnyMargwe]

well understood... so no way i can load connections from strongswan client (eg. android, iOS or Desktop application) in strongMan??

[LarsTi]

I am a bit confused. Do you manage your mobile connections via strongMan? Those configs reside in you mobile devices, they are not configured in strongswan, but in the ipsec stack of your device. strongMan only configures your strongSwan. If you connect two strongMan with each other, you would be able to configure the configs on each side. In case of android, iOS you only configure the server-side config for the connection in strongMan, the clientside config has to be done on the client (or via a file, but those can't be created by strongMan). Hope that helps.

[SonnyMargwe]

@LarsTi Receive with thanks.. Here is the whole progress of what i have done so far for better understanding on what i mean. I bought Ubuntu server via Digital Ocean for strongswan configuration ( https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-20-04) and use the CA to connect to my Phone. Recently i installed strongMan so as to Manage my mobile connection. But i'm getting difficulties as i don't see and connection via strongMan , i tried to configure a client withing strongMan via its Client side but steal no any connection visible and when i try switching on a client i'm getting this ERROR "SA can't be initiated! Command failed: b"establishing CHILD_SA 'VPN1111' failed"

[tobiasbrunner]

i tried to configure a client withing strongMan via its Client side

You misunderstood that feature. It's to configure strongMan as a client to connect to a server. Connections to which roadwarrior clients can connect to are configured in the "Server" section.

[SonnyMargwe]

@tobiasbrunner thanks for the reply perhaps i misunderstood the strongMan Project, please can you assist me with little intro on how strongMan can be configured soon after its installation for its better functionality. Because i'm little confused here..

[tobiasbrunner]

What exactly confuses you? Did you read the README and the documentation inside the application?

[SonnyMargwe]

What exactly confuses you? YES i did, perhaps i didn't understand it well. Let me start from the beginning. During installation i got these error is that okay or?????

python setup.py install Start strongMan installation

• Virtualenv
• Requirements
• Database migration Delete strongMan/db.sqlite3 [Errno 2] No such file or directory: '/home/user/strongMan/strongMan/db.sqlite3'
• Static files

[tobiasbrunner]

Already pointed you to #133 in #138.

[SonnyMargwe]

seen thanks, so i have i project on my localhost and its ruining via localhost:1515, i uploaded CA and Sever certificates generated in strongswan configuration, i created pool and EAP secrets but when i try to connect client in client section i got this error " SA can't be initiated! Command failed: b"establishing CHILD_SA 'admin' failed "

[tobiasbrunner]

Again, you are not connecting a client in the client section, but you are connecting strongMan itself as a client to a configured server. To connect an Android client you'd configure a Server connection and then configure the client app accordingly to initiate the connection from there (the Client section of strongMan will never be used for this scenario).

[SonnyMargwe]

deeply understood thanks so much, so at server section can i see android client connections after being connected to it??

[tobiasbrunner]

Yes, but, as @LarsTi already mentioned, only if they are connected to a connection loaded by strongMan (i.e. it does not list SAs for connections defined in e.g. swanctl.conf).

[SonnyMargwe]

I got you thanks.. so to connect android client to a connection loaded by strongMan i should create EAP secrets in strongMan and use EAP secrets credential and CA used in strongMan server section configuration to connect it or there is another way to connect android client to a connection loaded bt strongMan.?????

[tobiasbrunner]

What other way do you have in mind?

[SonnyMargwe]

I don't have thus why i asked..!! because I don't see any SAs in it when i connect my android phone with a loaded strongMan server connection. serverNEW.pdf

[tobiasbrunner]

Check the log (on client and server).

[SonnyMargwe]

At server side it is empty and client side i got these error ( received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built

| admin | failed to establish CHILD_SA, keeping IKE_SA )

[tobiasbrunner]

You should see a corresponding message in the server log (maybe check the system log or configure your own debug logging for the daemon).

[SonnyMargwe]

MUCH thanks for your time i think i'll handle it from here. But for my suggestion i think it'll be better to have a video that shows and explain on how to install, config and use of strongMan project. Thanks