Connect Strongswan/VPN-Client (Debian) to IPSec/L2TP Server (Windows 2012) – AUTHENTIFICATION_FAILED


I am trying to connect my Debian Stretch box with a network running Windows-Only machines. There is a node there that acts as a VPN Server that runs Windows Server 2012R2. I am able to connect to it via L2TP VPN from both my Windows and my Mac machine, so even though I don’t like the setup – it seems to be working. It’s dumb easy configured without certs with a simple PSK. But all my many hours of trying to get it connected with a Debian box failed today 🙁 I have tried every possible config modifications I found on the web… Here is the shortest one I am trying now getting always the same error at the end (PSK is correct):

ipsec.conf:

config setup conn %default     authby=secret conn intp     left=%any     leftfirewall=no     right=server_hostname     rightfirewall=yes     type=tunnel     auto=add 

ipsec.secrets

include /var/lib/strongswan/ipsec.secrets.inc : PSK VALID_PSK 

ipsec up intp

initiating IKE_SA intp[1] to 194.84.28.242 generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] sending packet: from 144.76.196.175[500] to 194.84.28.242[500] (1300 bytes) received packet: from 194.84.28.242[500] to 144.76.196.175[500] (38 bytes) parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ] peer didn't accept DH group MODP_3072, it requested MODP_1024 initiating IKE_SA intp[1] to 194.84.28.242 generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] sending packet: from 144.76.196.175[500] to 194.84.28.242[500] (1044 bytes) received packet: from 194.84.28.242[500] to 144.76.196.175[500] (360 bytes) parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) V V ] received MS NT5 ISAKMPOAKLEY v9 vendor ID received MS-Negotiation Discovery Capable vendor ID remote host is behind NAT no IDi configured, fall back on IP address authentication of '144.76.196.175' (myself) with pre-shared key establishing CHILD_SA intp generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(ADD_6_ADDR) N(EAP_ONLY) ] sending packet: from 144.76.196.175[4500] to 194.84.28.242[4500] (412 bytes) received packet: from 194.84.28.242[4500] to 144.76.196.175[4500] (68 bytes) parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ] received AUTHENTICATION_FAILED notify error establishing connection 'intp' failed 

Please help 🙂