ikeforce icon indicating copy to clipboard operation
ikeforce copied to clipboard

Published 20 hours ago verified publisher icon SpiderLabs

Problem with the final step

Open fed17 opened this issue 7 years ago • 7 comments

I'm running root@test:/home/soc/ikeforce# python ikeforce.py 192.168.1.9 -b -i 3000 -k abc123 -u fed -w t.txt -t 5 2 65001 2 After that the final debug message is --------------------Received Packet Number: 2--------------------

Duplicate of packet 1, discarding Duplicate packet count: 1

I'm testing my openswan server with config and secrets ipsec.secrets 192.168.1.9 %any : PSK "abc123" 192.168.1.9 @3000: PSK "abc123" @fed : XAUTH "aaa" ipsec.config conn iketest leftxauthserver=yes pfs=yes #rekey=no leftmodecfgserver=yes rightmodecfgclient=yes #modecfgpull=yes

    rightid=@3000
    rightxauthclient=yes
    left=192.168.1.9
    [email protected]
    leftsubnet=10.1.0.0/24
    right=%any
    authby=secret
    ike=3des-sha;modp1024
    aggrmode=yes
    auth=esp
    esp=3des-sha1
    auto=add

Ikeforce is working while searching for groupID, correct ID was found but it doesn't work with the password Could you help me? Thank you

fed17 avatar May 06 '17 14:05 fed17

can you paste the output with debugging enabled using -d?

f0cker avatar May 09 '17 10:05 f0cker

out.txt

fed17 avatar May 09 '17 10:05 fed17

anything in the strongswan logs? it should be sending an xauth authentication request from the strongswan side next. Maybe xauth is not setup correctly in the strongswan config.

f0cker avatar May 09 '17 10:05 f0cker

2017-05-09 13 54 59

fed17 avatar May 09 '17 10:05 fed17

as I understood from different tutorials, I should only enable leftxauthserver, rightxauthclient and add @username : XAUTH "pass" in secrets' file

fed17 avatar May 09 '17 11:05 fed17

the strongswan logs will be your best bet, let me know if I can help any further. you can also test a connection with -c which should do all of the IKE negotiation and provide you with the details to use for ESP. however, bear in mind it's just for testing so there's limited capabilities without adding to the code

f0cker avatar May 09 '17 12:05 f0cker

Hi!

Looks like i've been added to your project by mistake! My username is 3000 on github.

Can you please remove me from this notification/thread?

Thanks! Stuart

On Tue, May 9, 2017 at 10:20 PM, f0cker [email protected] wrote:

the strongswan logs will be your best bet, let me know if I can help any further. you can also test a connection with -c which should do all of the IKE negotiation and provide you with the details to use for ESP. however, bear in mind it's just for testing so there's limited capabilities without adding to the code

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/SpiderLabs/ikeforce/issues/6#issuecomment-300145932, or mute the thread https://github.com/notifications/unsubscribe-auth/AA6onIG23vubqtIGRSN_EBALqCb6fNIGks5r4Fn8gaJpZM4NSypI .

3000 avatar May 10 '17 02:05 3000