<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>
Playing around on Strongswan, I try to connect an easyvpn client to an easyvpn server.<br><br><br>I see strongswan sending a cert-req in the first packet of Aggressive mode.<br>*Jul  6 15:26:38.265: ISAKMP: Aggressive Mode packet contents (flags 0, len 426):<br>*Jul  6 15:26:38.265:           SA payload<br>*Jul  6 15:26:38.265:             PROPOSAL<br>*Jul  6 15:26:38.265:               TRANSFORM<br>*Jul  6 15:26:38.265:               TRANSFORM<br>*Jul  6 15:26:38.265:           KE payload<br>*Jul  6 15:26:38.265:           NONCE payload<br>*Jul  6 15:26:38.265:           ID payload<br>*Jul  6 15:26:38.265:             ID_KEY_ID <ezvpn> port 0 protocol 0<br>*Jul  6 15:26:38.265:           CERT-REQ payload<br>*Jul  6 15:26:38.265:           VENDOR payload<br>*Jul  6 15:26:38.265:           VENDOR payload<br>*Jul  6 15:26:38.265:           VENDOR payload<br><br><br>How can I disable that?<br><br># Add con:wnections here.<br>conn "ezvpn"<br>        keyexchange=ikev1<br>        ikelifetime=1440m<br>        keylife=60m<br>        aggressive=yes<br>        ike=aes-sha-modp1024<br>        esp=aes128-sha1<br>        xauth=client<br>        left=1.1.1.1<br>        leftid=@#65:7a:76:70:6e:1f<br>        leftsourceip=%config<br>        authby=xauthpsk<br>        leftauth2=xauth<br>        right=10.1.1.254<br>        rightid=10.1.1.254<br>        rightsubnet=0.0.0.0/0<br>        xauth_identity=cisco_user<br>        auto=add<br><br>                                          </div></body>
</html>