[strongSwan] strongswan & Cisco VPN client

Petr Linke petr at novicom.cz
Thu Jun 10 13:20:20 CEST 2010


Hi,
I try to get work together Strongswan (v. 4.3.6) & Cisco VPN client
(v. 5.0.08.290).
When the Cisco client try to connect to the Strongswan, the connection is
refused by Strongswan and in log are the messages:

preparse_isakmp_policy: peer requests PUBKEY+XAUTHRSASIG+XAUTHSERVER
authentication
initial Main Mode message received on a.b.c.d but no connection has been
authorized with policy=PUBKEY+XAUTHRSASIG+XAUTHSERVER.

I looked in mailing lists, and I know, that this problem with Cisco VPN
client was here in past, but the final result ?

Maybe the problem is, that the Cisco VPN client request the policy
PUBKEY+XAUTHRSASIG+XAUTHSERVER, but Strongswan has the policy:
ENCRYPT+TUNNEL+PFS+XAUTHRSASIG+XAUTHSERVER - so the requested policy did
not fit the Strongswan policy.

I don't know, how I can set in Strongswan the policy
PUBKEY+XAUTHRSASIG+XAUTHSERVER,
because when I use On Strongswan in the connection description:
authby=xauthrsasig
xauth=server
the Strogwan policy for this connection will be
...+XAUTHRSASIG+XAUTHSERVER, without PUBKEY

The policy ...+PUBKEY I receive with: "authby=RSASIG".

So my question is, how I can set on Strongswan the policy
PUBKEY+XAUTHRSASIG+XAUTHSERVER. I think, that this is impossible, because
the authentication method "rsasig" and "xauthrsasig" are mutual exclusive.

If somebody had success with connection Cisco VPN client to
Strongswan, give me please information.

Thank you for answer, Petr





More information about the Users mailing list