[strongSwan] Strongswan with Cisco Client
Claude Tompers
claude.tompers at restena.lu
Thu May 20 08:32:48 CEST 2010
Hello,
I'm trying to get a strongswan VPN server running with a Cisco client. I have already tried lots of different configurations on the strongswan side, but I always get the following error :
/var/log/messages :
May 20 08:26:12 vpn6-test pluto[9572]: packet from 192.168.3.53:54554: initial Main Mode message received on 192.168.1.13:500 but no connection has been authorized with policy=PUBKEY+XAUTHRSASIG+XAUTHSERVER
Is there anything special to configure ?
Here's my ipsec.conf:
# basic configuration
ca vpnca
cacert=VPNCA-cacert.pem
auto=add
config setup
plutostart=yes
charonstart=no
charondebug="net 0"
nat_traversal=yes
# Add connections here.
conn %default
ike=aes256-sha1-modp1024
esp=aes256-sha1
dpdaction=clear
dpddelay=300s
rekey=no
left=%any
leftcert=vpncert.pem
leftid="C=LU, ST=Luxembourg, L=Luxembourg, O=Fondation RESTENA, OU=IT, CN=vpn6-pub.restena.lu, E=claude.tompers at restena.lu"
leftauth=pubkey
right=%any
rightsourceip=192.168.120.128/25
auto=add
conn cisco-vpn
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
type=tunnel
pfs=no
modeconfig=push
rightauth=xauthrsasig
xauth=server
---
and my ipsec.secrets:
: RSA vpncert-key.pem
: XAUTH claude "verysecretpassword"
---
Thanks in advance for any answers.
kind regards,
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100520/a4d1296d/attachment.pgp>
More information about the Users
mailing list