[HOWTO] configuration example for lancom host to ubuntu 16.04 vpn client

ahowto-lancom-vpn-ubuntu-client.md

lancom LANCOM R883+ and ubuntu 16.04 Linux strongSwan U5.3.5/K5.1.15-050115-generic

IKEV2C_0USER.ini is the configuration as exported by the lancom config tool-

how to bring up the route

ipsec up con1@host1

(optional) lookup the route in table 220

ip route list table 220

IKEV2C_0USER.ini

[PROFILE1]
Name=T-IKEV2C_0USER
ConnMedia=21
ConnMode=0
SeamRoaming=1
PriVoIP=1
Gateway=1.2.3.4
PFS=14
UseComp=0
IkeIdType=3
IkeIdStr=IKEV2C_0USER1@intern
Secret=reallysecretpassword
UseXAUTH=0
IpAddrAssign=0
IkeDhGroup=14
ExchMode=34
IKEv2Auth=2
IKEv2Policy=WIZ-AES256-SHA256
IPSEC-Policy=WIZ-AES256-SHA256
[IKEV2POLICY1]
Ikev2Name=WIZ-AES256-SHA256
Ikev2Crypt=6
Ikev2PRF=5
Ikev2IntAlgo=12
[IPSECPOLICY1]
IPSecName=WIZ-AES256-SHA256
IpsecCrypt=6
IpsecAuth=5

ipsec.conf

# /etc/ipsec.conf

config setup
	# strictcrlpolicy=yes
	# uniqueids = no

conn con1@host1
        keyexchange=ikev2
#        ike=aes256-sha256-modp2048!
#        esp=aes256-sha256!
        auto=add
        authby=psk
        left=%defaultroute
        leftid=IKEV2C_0USER1@intern
        leftauth=psk
#get the ip dynamically from the gateway
        leftsourceip=%config4, %config6
        right=1.2.3.4
        rightid=IKEV2C_0USER1@intern
        rightauth=psk
        rightsubnet=192.168.3.0/24

ipsec.secrets

#/etc/ipsec.secrets
IKEV2C_0USER1@intern : PSK "reallysecretpassword"

You get it right. Thanks. So my issue is somewhere else.

In my case, rereading the secrets solved the issues:

sudo ipsec rereadsecrets
sudo ipsec reload
sudo ipsec restart