Strongswan – Connecting PSK & EAP Simultaneously

ikev1ikev2strongswan

I have successfully setup strongswan on a virtual Server. I basically have two kinds of configurations

  1. Using EAP (username/password for Android Strongswan Client).
  2. PSK (for IOS devices using built in VPN client)

I am able to connect more than one IOS devices to the server using PSK.

Now the problem is as soon as i connect an android device to the server using EAP, android connects but the prior connected IOS devices get disconnected. And i am not able to connect any IOS device as long asan android device is connected.

Moreover, if i try to connect another android device to strongswan, when a android device is connected already , the already connected device gets disconnected.

I am not sure why is this happening. Attached is my ipsec.conf and ipsec.secret file. 

# IPSEC.secrets 
: PSK strongswan
: RSA /root/strongswan/private/vpnHostKey.pem
john %any : EAP "john"

Ipsec.conf

config setup
    charondebug="ike 1, knl 1, cfg 0"
    uniqueids=never

conn AndroidCon
    auto=add
    compress=no
    type=tunnel
    keyexchange=ikev2
    fragmentation=yes
    forceencaps=yes
    ike=aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-mo$
    esp=aes128gcm16-ecp256,aes256gcm16-ecp384,aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096$
    dpdaction=clear
    dpddelay=300s
    rekey=no
    left=%any
    leftid=%defaultroute
    leftcert=/root/strongswan/certs/vpnHostCert.pem
    leftsendcert=always
    leftsubnet=0.0.0.0/0
    right=%any
    rightid=%any
    rightauth=eap-mschapv2
    rightdns=8.8.8.8,8.8.4.4
    rightsourceip=10.10.10.0/24
    rightsendcert=never
    eap_identity=%identity


conn CiscoIPSec #IOS
    keyexchange=ike
    leftsendcert=never
    ike=aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-mo$
     esp=aes128gcm16-ecp256,aes256gcm16-ecp384,aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp409$
    forceencaps=yes
    authby=psk
    xauth=server
    auto=add
    right=%any
    rightid=%any
    rightdns=8.8.8.8,8.8.4.4
    rightsourceip=10.10.10.0/24
    eap_identity=%any
    leftsubnet=0.0.0.0/0

Note: On IOS side, i am not using any certificate or profiles.

Desired result: IOS and android devices should be able to establish a connection at a time.

Many Thanks!

Best Answer

This has been resolved. Still not sure why it happened.

The psk and username in my secrets file was same i.e, 'John'.

After i changed the psk to something else ,not similar to username of an EAP, it worked.

Related Topic