<div dir="ltr">Randy,<div><br></div><div>I'll change if there is no other possibilities. </div><div><br></div><div>As for the link you gave me, thank you for it. I did a lot of digging in the documentation I could read. So far, nothing seems to work. </div><div><br></div><div><br></div><div>Noel,</div><div><br></div><div><div>version 2.0</div><div><br></div><div>config setup</div><div> charonstart=no</div><div> interfaces="%none"</div><div> nat_traversal=no</div><div><br></div><div>conn clear</div><div> auto=ignore</div><div><br></div><div>conn clear-or-private</div><div> auto=ignore</div><div><br></div><div>conn private-or-clear</div><div> auto=ignore</div><div><br></div><div>conn private</div><div> auto=ignore</div><div><br></div><div>conn block</div><div> auto=ignore</div><div><br></div><div>conn packetdefault</div><div> auto=ignore</div><div><br></div><div>conn %default</div><div> keyexchange=ikev1</div></div><div><br></div><div><div style="font-size:12.8000001907349px">conn tunnel-1</div><div style="font-size:12.8000001907349px"> left=a.a.a.a</div><div style="font-size:12.8000001907349px"> right=b.b.b.b</div><div style="font-size:12.8000001907349px"> leftsubnet=<a href="http://10.252.243.128/28" target="_blank">10.252.243.128/28</a></div><div style="font-size:12.8000001907349px"> rightsubnet=<a href="http://172.23.149.0/24" target="_blank">172.23.149.0/24</a></div><div style="font-size:12.8000001907349px"> leftsourceip=a.a.a.a</div><div style="font-size:12.8000001907349px"> ike=aes256-sha1-modp1024,aes128-sha1-modp1024!</div><div style="font-size:12.8000001907349px"> ikelifetime=86400s</div><div style="font-size:12.8000001907349px"> dpddelay=15s</div><div style="font-size:12.8000001907349px"> dpdtimeout=30s</div><div style="font-size:12.8000001907349px"> dpdaction=restart</div><div style="font-size:12.8000001907349px"> esp=aes256-sha1!</div><div style="font-size:12.8000001907349px"> keylife=3600s</div><div style="font-size:12.8000001907349px"> rekeymargin=540s</div><div style="font-size:12.8000001907349px"> type=tunnel</div><div style="font-size:12.8000001907349px"> authby=secret</div><div style="font-size:12.8000001907349px"> pfs=no</div><div style="font-size:12.8000001907349px"> compress=no</div><div style="font-size:12.8000001907349px"> auto=start</div><div style="font-size:12.8000001907349px"> keyingtries=%forever</div></div><div style="font-size:12.8000001907349px"><br></div><div style="font-size:12.8000001907349px"><br></div><div style="font-size:12.8000001907349px">Also, I didnt get the imaginary configuration option part ?</div><div style="font-size:12.8000001907349px"><br></div><div style="font-size:12.8000001907349px">Thanks </div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jun 5, 2015 at 7:20 PM, Noel Kuntze <span dir="ltr"><<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA256<br>
<br>
Hello Alexandre,<br>
<br>
Please stop trying to use some imaginary configuration options and stick to those<br>
on the man page of ipsec.conf.<br>
<br>
What is your complete ipsec.conf? Pay attention to conn %default, if you have that,<br>
as it will beqeust its own options to _all_ other conns.<br>
<br>
<br>
<br>
Mit freundlichen Grüßen/Kind Regards,<br>
Noel Kuntze<br>
<br>
GPG Key ID: 0x63EC6658<br>
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658<br>
<span class=""><br>
Am 05.06.2015 um 19:07 schrieb Alexandre DEPREZ:<br>
> Hi Randy,<br>
><br>
> I forgot to mention, i'm using this version:<br>
><br>
> Linux strongSwan U4.5.2/K3.2.0-4-amd64<br>
><br>
> Here is it :<br>
><br>
> conn tunnel-1<br>
> left=a.a.a.a<br>
> right=b.b.b.b<br>
</span>> leftsubnet=<a href="http://10.252.243.128/28" target="_blank">10.252.243.128/28</a> <<a href="http://10.252.243.128/28" target="_blank">http://10.252.243.128/28</a>><br>
> rightsubnet=<a href="http://172.23.149.0/24" target="_blank">172.23.149.0/24</a> <<a href="http://172.23.149.0/24" target="_blank">http://172.23.149.0/24</a>><br>
<span class="">> leftsourceip=a.a.a.a<br>
> ike=aes256-sha1-modp1024,aes128-sha1-modp1024!<br>
> ikelifetime=86400s<br>
> dpddelay=15s<br>
> dpdtimeout=30s<br>
> dpdaction=restart<br>
> esp=aes256-sha1!<br>
> keylife=3600s<br>
> rekeymargin=540s<br>
> type=tunnel<br>
> authby=secret<br>
> pfs=no<br>
> compress=no<br>
> auto=start<br>
> keyingtries=%forever<br>
><br>
> I also tried to use<br>
><br>
> leftxauthclient=no<br>
> rightxauthserver=no<br>
><br>
> No changes.<br>
><br>
> Thanks<br>
><br>
><br>
><br>
><br>
><br>
</span><span class="">> On Fri, Jun 5, 2015 at 7:02 PM, Randy Wyatt <<a href="mailto:rwwyatt01@gmail.com">rwwyatt01@gmail.com</a> <mailto:<a href="mailto:rwwyatt01@gmail.com">rwwyatt01@gmail.com</a>>> wrote:<br>
><br>
> Please send a sanitized version of your configuration. xauth should only be sent if you configured it to be sent.<br>
><br>
</span><span class="">> On Fri, Jun 5, 2015 at 9:09 AM, Alexandre DEPREZ <<a href="mailto:alex@madrouter.com">alex@madrouter.com</a> <mailto:<a href="mailto:alex@madrouter.com">alex@madrouter.com</a>>> wrote:<br>
><br>
> Hi,<br>
><br>
> I'm using strongswan only for L2L VPN.<br>
><br>
> It's been some times now, I can not be the initiator of the VPN because strongswan is always sending an XAUTH option in the phase 1 establishment.<br>
><br>
> When the other side is not configured to receive remote user, it's working but when it is, I'm receiving L2TP/IPsec or some other remote access vpn protocols.<br>
><br>
> I can not wait for the other side to send me trafic in order to be the responder. I tried to recompile strongswan removing xauth, but it's not working.<br>
><br>
> Is there any configuration command I can use to force strongswan not to send XAUTH ?<br>
><br>
> Thanks<br>
><br>
> Alex<br>
><br>
><br>
><br>
><br>
><br>
><br>
> _______________________________________________<br>
> Users mailing list<br>
</span>> <a href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a> <mailto:<a href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a>><br>
<span class="">> <a href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a><br>
><br>
><br>
><br>
><br>
> --<br>
> Randy W. Wyatt<br>
</span>> <a href="mailto:rwwyatt01@gmail.com">rwwyatt01@gmail.com</a> <mailto:<a href="mailto:rwwyatt01@gmail.com">rwwyatt01@gmail.com</a>><br>
> Home: <a href="tel:858-309-5303" value="+18583095303">858-309-5303</a> <tel:<a href="tel:858-309-5303" value="+18583095303">858-309-5303</a>><br>
> Cell: <a href="tel:858-598-4421" value="+18585984421">858-598-4421</a> <tel:<a href="tel:858-598-4421" value="+18585984421">858-598-4421</a>><br>
> Fax: <a href="tel:858-408-7554" value="+18584087554">858-408-7554</a> <tel:<a href="tel:858-408-7554" value="+18584087554">858-408-7554</a>><br>
<span class="">><br>
><br>
><br>
><br>
><br>
> _______________________________________________<br>
> Users mailing list<br>
> <a href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a><br>
> <a href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a><br>
<br>
</span>-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v2<br>
<br>
iQIcBAEBCAAGBQJVcdpuAAoJEDg5KY9j7GZYAiQP+QHal5QcmqYAJjujqR9K4/NC<br>
cFc/Z534PtAp6nie8FD3oD5h1445eSgCQTmZk5eIr05dJJbnvljEk8T7Mbz7n2gX<br>
MMqkhhPMTQ8Avh5inwYRrYy+IcFMxpzC/8cIGVh+y+rXB4At0PkyXe2BRBI6yHFD<br>
tqf4ICjH6igJB4/K7iUM7sbCPmONhY9gw0s0PpVCCTNfbthXJT8rUvUOZGIjH7ij<br>
kLpQg6qur1uRydjCf+sEc1IwvtqQn/yqEylyq7m6ZvKLniv2HcZXnCpx/4fx5+9I<br>
Js7Z0kY5LOkxbCBXovdGMq2hiWtaT79OOq6SDX13Y35Qzg35E8kCHPzr9ZKoWwPl<br>
MxfC118jGldQunFUKKkxCfFbs3Wk2zKuL7Jim69Rt5ZUkG7AcurjpxtKSai0Ykx7<br>
NtSzw/HHSJSP7BtTlvqSlPObvYwToCGrCpulBicQpILCSRh7z5Bfs4c0QqYORAFL<br>
fEqPI1DIkc6eouOQlVq0xyRyrWWsEHdp925IFYwUMtv84weznCjgTFxu0lMn0Qfu<br>
h0xRPnMbgyV+9cl0ep7vLIlXfA0wj/2q2YYS4YDZzeGT4xrHFBBdgdBmpr+zmyBS<br>
UG68nxM9WBPZA8cPitBVJvoqVOIqaSqPgkhMOXr4HRBDNfUwmAFgP54UUPog/FeG<br>
yxdpnj70XGOy/vOvV72e<br>
=R3S5<br>
-----END PGP SIGNATURE-----<br>
<div class="HOEnZb"><div class="h5"><br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a><br>
<a href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a></div></div></blockquote></div><br></div>