New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Could not connect with Strongswan client for android #4
Comments
Is your eeePC definitely connected to the network (e.g. can you This kind of thing can be tricky to diagnose from far away ... |
Thanks for your help. Yes the machine is connected to the LAN and WAN. Also the strongswan shows trying to communicate with my external IP(I connected strongswn using no-ip address) but no response from my eeepc. During running the script, it asks me to enter hostanme which must resolve to this machine. I entered my no-ip domain address. Is that correct or it means something else? Thank you. |
Can you clarify what you mean by a 'no-ip domain address’?
The host needs to be something you can get a public SSL certificate for (e.g. vpn.example.com <http://vpn.example.com/>).
Otherwise you will probably have to manually create a self-signed server certificate, and then distribute your CA cert to all clients.
That’s out of scope for this script, and not something I can guide you through, but I know there are other tutorials out there that cover this.
… On 5 Jan 2017, at 16:47, Semsem8519 ***@***.***> wrote:
Thanks for your help. Yes the machine is connected to the LAN and WAN. Also the strongswan shows trying to communicate with my external IP(I connected strongswn using no-ip address). During running the script, it asks me to enter hostanme which must resolve to this machine. I entered my no-ip domain address. Is that correct or it means something else? Thank you.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub <#4 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAIpNKtBCu3o0h57fvLAJ_AGjhGiDfZ9ks5rPR6dgaJpZM4Lb3Wp>.
|
I mean I have a dynamic ip address updater provided by no-ip.com so that my hostname always reflects changes to my IP address provided by my Internet service provider(ISP). I will try and type the hostname as default http://vpn.examle.com and report later. Thanks. |
OK — a no-ip.com <http://no-ip.com/> address might work in principle, but Let’s Encrypt have a limit on the number of subdomains that can be registered (IIRC it’s 20 per week), so it’s possible that other people are exhausting that and then you can’t get your certificate.
Don’t type vpn.example.com <http://vpn.example.com/> as the host — that was only an example!
… On 5 Jan 2017, at 16:56, Semsem8519 ***@***.***> wrote:
I mean I have a dynamic ip address updater provided by no-ip.com so that my hostname always reflects changes to my IP address provided by my Internet service provider(ISP). I will try and type the hostname as default http://vpn.examle.com <http://vpn.examle.com/> and report later. Thanks.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub <#4 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAIpNPwyerXKskmPDoO2AVYA9dMpZ3_9ks5rPSDEgaJpZM4Lb3Wp>.
|
I still dont know from where I can get a hostname? Can you provide a hint like a link please? Thanks. |
You would need to register a domain name (with e.g. AWS, GoDaddy, Domain Monster), and probably then set up a CNAME record that aliases your no-ip.com <http://no-ip.com/> domain name.
… On 5 Jan 2017, at 17:14, Semsem8519 ***@***.***> wrote:
I still dont know from where I can get a public hostname? Can you provide a hint like a link please? Thanks.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub <#4 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAIpNAdaEgneGo45UtKh9Z6_SvH98s76ks5rPSTqgaJpZM4Lb3Wp>.
|
Thank you. Is there a command to delete the files previously generated by the script and start from scratch? |
No — I always run this on a VPS where it's easy to blow it away and start with a fresh distro install. If all you need to do is request an alternative certificate then these commands from the middle section should do it (you will need to manually
I can't guarantee that's all you need, though ... |
I reinstalled Lubuntu 16.10 32bit and run setup script again. This time I am getting this
Network interface: wlp2s0 === Configuring firewall === Chain INPUT (policy ACCEPT) Chain FORWARD (policy ACCEPT) Chain OUTPUT (policy ACCEPT) === Configuring RSA certificates === You should register before running non-interactively, or provide --agree-tos and --email <email_address> flags |
I made an account with Godaddy and made a CNAME record to point to my no-ip.com hostname. |
Silly me I made a typo in email. Tried it again and got
Network interface: wlp2s0 === Configuring firewall === Chain INPUT (policy ACCEPT) Chain FORWARD (policy ACCEPT) Chain OUTPUT (policy ACCEPT) === Configuring RSA certificates === IMPORTANT NOTES:
=== Configuring VPN === net.ipv4.ip_forward = 1 === User === adduser: The user |
If I use my internal IP address in the hostname field of strongswan android's client, I get this log of error. Connecting with my external IP fails all the time. Are there other ports to forward beside 22/443? |
I opened port 500 and 4500 UDP and now the strongswan client is connected. Thank you very much for your help. Just one request please. Do you know if I can use Android native VPN client instead of strongswan app? The reason I want this because Android supports always-on VPN connection whereas strongswan app does not. I need this feature because I want to talk to my family from abroad with whatsapp as the calling feature is blocked there without VPN and I need to maintain VPN connection all the time because they may not know how to connect to it when it disconnects. |
Glad you got this working (though a bit confused, because my script already opens 500 and 4500 for UDP). Afraid the built-in Android VPN client doesn't yet support IKEv2 AFAIK. |
Sorry I meant I forwarded those ports in my router to my server machine local ip address. |
Oh, great. :) |
Sorry I forgot to ask, while running the setup, we are asked to create a login user with a strong password, since a client is not using these info to login to the server, then what use they serve? Thanks |
The user name and password can be used to log in to the server via SSH. |
Hi,
I installed this on a nearly fresh install of Lubuntu 16.10 32bit ASUS eeepc notebook. The installation was seemingly successful as a congratulations massage appeared at the end. However tring to login with stromgswan client hangs on connecting and then fails with server unreachable. The strongswan log shows that the server is not resonding to packets sent from the client. I did not use this machine for anything else like iptables and etc. I also opened ports for both 22,443 tcp/udp but no change. I feel lost and I appreciate any help to overcome this issue. Thank you so much for the script.
Sami
The text was updated successfully, but these errors were encountered: