<div dir="ltr">Hey Thomas,<div>    Seems like we're in the same boat.  Which client are you using to connect?</div><div>I'm going to try that config on my own gateway and see if works for me.</div><div>I'm also looking at this example for PSK authentication: <a href="http://www.strongswan.org/uml/testresults/ikev2/rw-psk-ipv4/">http://www.strongswan.org/uml/testresults/ikev2/rw-psk-ipv4/</a></div><div><br></div><div>yours,</div><div>imarn</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Dec 3, 2014 at 10:13 AM, Noel Kuntze <span dir="ltr"><<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA256<br>
<br>
Hello Thomas,<br>
<br>
Using something like you already have in the conn win7 section will do.<br>
Just don't set any authentication method for the client, that needs certificates or psk and you're golden.<br>
Assuming of course your client is configured the right way, of course.<br>
<br>
Mit freundlichen Grüßen/Regards,<br>
Noel Kuntze<br>
<br>
GPG Key ID: 0x63EC6658<br>
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658<br>
<br>
Am 03.12.2014 um 14:54 schrieb Thomas:<br>
<div><div class="h5">> Hi,<br>
><br>
> I'm trying to setup strongswan to acceppt only username and password as<br>
> logincredentials.<br>
> So, the client do not need any certificate, only his username and password.<br>
> Is there any way to do that ?<br>
><br>
><br>
> My actual ipsec.conf is this:<br>
><br>
> config setup<br>
><br>
> conn ios<br>
>         keyexchange=ikev1<br>
>         authby=xauthrsasig<br>
>         xauth=server<br>
>         left=%defaultroute<br>
>         leftsubnet=<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a><br>
>         leftfirewall=yes<br>
>         leftcert=serverCert.pem<br>
>         right=%any<br>
>         rightsubnet=<a href="http://10.0.0.0/24" target="_blank">10.0.0.0/24</a><br>
>         rightsourceip=<a href="http://10.0.0.0/24" target="_blank">10.0.0.0/24</a><br>
>         rightcert=clientCert.pem<br>
>         auto=add<br>
><br>
> conn android<br>
>         keyexchange=ikev2<br>
>         left=%defaultroute<br>
>         leftauth=pubkey<br>
>         leftsubnet=<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a><br>
>         leftcert=serverCert.pem<br>
>         right=%any<br>
>         rightauth=pubkey<br>
>         rightsourceip=<a href="http://10.0.0.0/24" target="_blank">10.0.0.0/24</a><br>
>         rightcert=clientCert.pem<br>
>         auto=add<br>
><br>
> conn win7<br>
>         keyexchange=ikev2<br>
>         ike=aes256-sha1-modp1024!<br>
>         esp=aes256-sha1!<br>
>         dpdaction=clear<br>
>         dpddelay=300s<br>
>         rekey=no<br>
>         left=%any<br>
>         leftsubnet=<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a><br>
>         leftauth=pubkey<br>
>         leftcert=serverCert.pem<br>
>         right=%any<br>
>         rightsourceip=<a href="http://10.0.0.0/24" target="_blank">10.0.0.0/24</a><br>
>         rightauth=eap-mschapv2<br>
>         rightsendcert=never<br>
>         eap_identity=%any<br>
>         auto=add<br>
><br>
> _______________________________________________<br>
> Users mailing list<br>
> <a href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a><br>
> <a href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a><br>
<br>
</div></div>-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v2<br>
<br>
iQIcBAEBCAAGBQJUf1K8AAoJEDg5KY9j7GZYlFQQAJEq0mQtoMfqdtIoknSMRG1s<br>
Wmn1Ly1IGGf1kr0dlvbouCKWYog9jNG30KoMXzTGupNOAoUa6HOpdcre4EOsTeZW<br>
/yDzR350dIEXyfO9xX5fY50+sj1A/R4FmzDcNWmXQmHxLy2O6P2WT0AYJm7aGdQ3<br>
6g25RBir7RE/jkYg+VzxmtIU0REk69bwdxGdhCU4ZgU7ytoVJqBlEma7s5P/EfxQ<br>
oSm8mHkVY0aHK2jh33Mfkl39C2WXoR5UGtRm2eueazjqsQPVj+9lPv8wPyRsQSI5<br>
kwbiq+rDo/N7lnf4PJZTrX6GIBD5qgkLCBYh9eaoCyWSNRSnYOHiuBybAdc+GBge<br>
4kXHDHiVEAQmgOTSCstBa6nMPw2qyvh1pJDMBNjpmN5avBDwZpUEvpMEDr0pDNsQ<br>
drHFKEW03HVfcJUdc9MwunzGF92K13OEiHnXaklLRvXP6t9HYjpuZg4qwFP+Yoyb<br>
N43a7/r5FHs3SjUtS1Bhi9Z+5lYgBOLdxqCsONSIETGsFpW+YARMD7eT0x2P4lez<br>
7KaR4jA4A4eTaH0msKQpOMMjhkAL1T7UzNdhFpNMKYtkAw2fjpcipzN9rV+Ju5Ll<br>
0FpnwxwwJhdsfdlv+Q3Pqmxsd40gRmL8zGsi6hbNKX/FfR0NmM/VmDu87JFUSxbB<br>
KEZhoNDpn4Hk32OUyxyW<br>
=VwFb<br>
-----END PGP SIGNATURE-----<br>
<div class="HOEnZb"><div class="h5"><br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a><br>
<a href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a></div></div></blockquote></div><br></div>