Conceal

@chppppp so that should get me past the proposal? I think that’s phase 1.

@Warlord711 said:
What client do you guys use to connect ? I tried vpnc but seems not to connect at all

Edited: strongswan

@LegendarySpork said:
@chppppp so that should get me past the proposal? I think that’s phase 1.

yes!

Just to confirm:

yes, you can connect directly from your kali box! :lol:

@0xEA31 said:
Just to confirm:

yes, you can connect directly from your kali box! :lol:

yeah! it works!!

a little suggestion : try to filter the traffic you are interested in…

Here’s the ONLY reference with a sample I have found: https://help.datica.com/hc/en-us/articles/115005906626--Legacy-VPN-Client-Setup (scroll down to the Ubuntu section where it gives an example of charon-cmd syntax)

I still haven’t successfully gotten past the phase1 proposal even using the syntax noted there with the crypto parameters I got from ike-scan.

Edit: apparently charon-cmd (CLI tool associated with, but not identical to, the mighty waterfowl) is not sufficient. It supports m*** m*** so it gets slightly further than vpnc, but doesn’t support the right profiles.

@CiccioPas said:
a little suggestion : try to filter the traffic you are interested in…

I have experimented with left/rights****t a million diff ways but it never completes phase 2. What am I missing here?

@0xEA31, do we need to brute force to get the right configs? I mean specifically the s****t, in order to get the params the server is expecting. I ask because I tried all the obvious ones and I keep getting the same response.

Can someone PM with final selector required changes. This one killing me from long.

Edit: Got the tunnel up. Now working on next step
Edit: After getting ports feeling like lol. amazing box

Edit: rooted :slight_smile:

Learning IP***, the hard way… :smiley:

@fjv said:
Learning IP***, the hard way… :smiley:

ip*** in real life you have all the info before building :stuck_out_tongue:

This is not the way to learn ip***. The way to properly learn it is to set it up on both sides, knowing in advance the settings!

Having to use brute force tools to guess the settings, and then having to figure out the proper way to write the command, only to have it not working for something else we still don’t know, is just stupid…

I can confirm that it’s also not easy to use the ‘native client’ :slight_smile: I think I am stuck where most of you are or were.

Getting past phase 1 might be easier in a next-next-finish way, but after that you also tinker with the low-level config - and you might find less ‘examples’ and 'how-to’s than for Linux as typically you don’t need to make any changes there.

I know one common root cause for the error I see - I even remember when that feature was added by Microsoft many years ago - but the usual fix does not help. In some sense that root cause is a bit similar to the ‘double V**’ so I wonder if it should work at all with that client … The nested tunnels is also something not too easily replicated in a test environment. That stuff is tricky to troubleshoot even if you have full access at both sides of the connection :slight_smile:

[deleted unhelpful comment]

.

@jkr If you have references you’d care to share in IM I’d appreciate it. Otherwise I’m skipping it because I’m not getting anything out it at this point.

Edit: thanks for the IM! I still don’t know what I’m doing but I’m back to a learning-per-hour rate > 0 . Edit 2: and making progress. Still no user but I’ve learned some stuff and am confident I’ll get it eventually.

@n00kie said:

@Warlord711 said:
What client do you guys use to connect ? I tried vpnc but seems not to connect at all

charon-cmd

Dont think its possible using only charon-cmd. I think we need strongswan installed and configured properly. Charon-cmd only got predefined profiles and none on them matches here.

For me, it is very interesting to learn about the Linux clients. I am trying to translate what worked on Windows to Linux and vice versa.

@Warlord711 Thanks for the confirmation! I looked into this client and did not find the options to exactly replicate what already worked on Windows - but I was not sure if you can use some or all of the options of the ‘strong bird client’ also in charon.

@Warlord711 that’s a helpful bit of direction, thanks from all of us