<div dir="ltr">Hello,<div class="gmail_signature"><div dir="ltr"></div></div>
<div><br></div><div>I am trying to translate an old ipsec.conf configuration to using the VICI interface. My old ipsec.conf configuration that is working completely normally is this:</div><div><br></div><div><div>config setup</div><div> </div><div>conn %default</div><div> keyexchange=ikev1</div><div> authby=xauthrsasig</div><div> xauth=server</div><div> left=%defaultroute</div><div> leftsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a></div><div> leftid=xxxxxxx</div><div> leftcert=serverCert.pem</div><div> leftsendcert=yes</div><div> leftfirewall=yes</div><div> leftauth=rsa</div><div> rightauth=rsa</div><div> rightauth2=xauth</div><div> dpdaction=clear</div><div> auto=add</div></div><div><br></div><div>conn ios</div><div> rightid="C=US, O=xxxxxx, CN=test"</div><div> rightsourceip=10.0.0.5</div><div><br></div><div>I have attempted to create the same configuration using a call to the VICI with this dictionary:</div><div><br></div><div><div> { 'test':</div><div> {</div><div> 'version' : 1,</div><div> 'vips' : ['10.0.0.5'],</div><div> 'local' : {</div><div> 'id' : 'xxxxxxxxx',</div><div> 'auth' : 'pubkey', </div><div> 'certs' : [serverCert]</div><div> },</div><div> 'remote': {</div><div> 'auth' : 'pubkey',</div><div> 'id' : 'C=US, O=xxxxxx, CN=test'</div><div> },</div><div> 'remote2': {</div><div> 'auth': 'xauth'</div><div> },</div><div> 'children': {</div><div> 'test' : {</div><div> 'local_ts' : ['<a href="http://0.0.0.0/0'">0.0.0.0/0'</a>],</div><div> 'remote_ts' : ['dynamic']</div><div> }</div><div> }</div><div> }</div><div> }</div></div><div><br></div><div>This keeps returning this error: `1 config found, none that allow xAuthInitRSA using MainMode`</div><div><br></div><div>Not sure how to modify this configuration to work correctly. I have tried a number of different combinations with the same message. Any help would be appreciated.</div><div><br></div><div>Sam</div><div><br></div><div><br></div><div><br></div></div>