<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
</head>
<body class='hmmessage'><div dir='ltr'>
Thanks Martin.<br><br>I had the answer in front of eyes and I did not saw it :-( <br><br>Last question then:<br><br>On win7, the Microsoft agilevpn client sends a config request for<br><br>*Jul 11 11:25:41.485: Config-type: Config-request<br>
*Jul 11 11:25:41.485: Attrib type: ipv4-addr, length: 0<br>
*Jul 11 11:25:41.485: Attrib type: ipv4-dns, length: 0<br>
*Jul 11 11:25:41.485: Attrib type: ipv4-nbns, length: 0<br>
*Jul 11 11:25:41.485: Attrib type: unknown, length: 0<BR>
<br>I've added:<br><br><br>I wonder how I could have the strongswan to do enable config pull? I've tried to add it manually but it did not do it.<br><br><br>conn "cisco" <br> left=10.1.1.1 <br> right=10.1.1.254 <br> keyexchange=ikev2 <br> ike=3des-sha1-modp1024 <br> esp=aes-sha1 <br> leftauth=eap-mschapv2 <br> leftid=cisco <br> modeconfig=pull <br> rightid="CN=10.1.1.254, OU=TAC, O=Cisco, C=BE" <br> eap_identity=cisco <br> auto=start <br> mobike=no <br>Cheers,<br><br><div>> Subject: Re: [strongSwan] trying to configure strongswan to act like a windows7 client<br>> From: martin@strongswan.org<br>> To: olivier_pelerin@hotmail.com<br>> CC: andreas.steffen@strongswan.org; users@lists.strongswan.org<br>> Date: Mon, 11 Jul 2011 12:32:42 +0200<br>> <br>> Hi Olivier,<br>> <br>> > authentication of 'CN=10.1.1.254, OU=TAC, O=Cisco, C=BE' with EAP successful<br>> > constraint check failed: identity 'C=BE, O=CISCO, OU=TAC, CN=10.1.1.254' required <br>> <br>> Your gateway identifies itself as 'CN=10.1.1.254, OU=TAC, O=Cisco,<br>> C=BE', but your rightid configuration expects 'C=BE, O=CISCO, OU=TAC,<br>> CN=10.1.1.254'. The order of RDNs in a distinguished name is relevant,<br>> so please update the rightid parameter accordingly.<br>> <br>> Regards<br>> Martin<br>> <br></div> </div></body>
</html>