Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Replies 1 reply
  • Subscribers 39 subscribers
  • Views 69 views
  • Users 0 members are here
Options
Suggested

I cannot connect to VPN using strongswan or ovpn on linux

Omotola Adeb

My server is Sophos Firewall XG125 (SFOS 17.5.16 MR-16-Build830). Sophos connect works perfectly but the .ovpn file downloaded(via user interface) will not connect. I also used the details from the .tgb to build a config file for strongswan, but didn't work. What can i do to establish a connection

My OVPN file

client
dev tun
proto udp
explicit-exit-notify
verify-x509-name "C=NG, ST=FCT, L=AB, O=ANA, OU=OU, CN=SophosApplianceCertificate_C1A0CATH7TQ9RD3, emailAddress=adminemail@mail.com"
resolv-retry infinite
nobind
persist-key
persist-tun
<ca>
-----BEGIN CERTIFICATE-----
(Insert your CA Certificate here)
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
(Insert your Client Certificate here)
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
(Insert your Private Key here)
-----END PRIVATE KEY-----
</key>
auth-user-pass # Ensure credentials are provided
cipher AES-128-CBC
data-ciphers AES-256-GCM:AES-128-GCM
auth SHA256
comp-lzo yes
auth-nocache
route-delay 4
verb 5
reneg-sec 86400
remote ServerIP 8443
remote 10.255.255.1 8443
remote 10.255.0.1 8443

my ipsec.conf

Parents
  • 0

    my ipsec.conf

    conn rmcnx6
    keyexchange=ikev2
    left=%any
    leftid=<your_local_id>
    leftauth=psk
    right=197.159.66.165
    rightauth=psk
    ike=aes256-sha256-modp2048 # Phase 1 proposal
    esp=aes256-sha256-modp2048 # Phase 2 proposal
    dpdaction=restart
    dpddelay=60s
    dpdtimeout=90s
    auto=start
    rightsubnet=0.0.0.0/0
    leftsourceip=%config

    ipsec.secret
    : PSK "<your_preshared_key>"


    error i get

    parsed IKE_SA_INIT response 0 [ N(NO_PROP) ] received NO_PROPOSAL_CHOSEN notify error establishing connection 'rmcnx6' failed

Reply
  • 0

    my ipsec.conf

    conn rmcnx6
    keyexchange=ikev2
    left=%any
    leftid=<your_local_id>
    leftauth=psk
    right=197.159.66.165
    rightauth=psk
    ike=aes256-sha256-modp2048 # Phase 1 proposal
    esp=aes256-sha256-modp2048 # Phase 2 proposal
    dpdaction=restart
    dpddelay=60s
    dpdtimeout=90s
    auto=start
    rightsubnet=0.0.0.0/0
    leftsourceip=%config

    ipsec.secret
    : PSK "<your_preshared_key>"


    error i get

    parsed IKE_SA_INIT response 0 [ N(NO_PROP) ] received NO_PROPOSAL_CHOSEN notify error establishing connection 'rmcnx6' failed

Children
No Data
Unfiltered HTML