[strongSwan] Strongswan with Cisco Client

Andreas Steffen andreas.steffen at strongswan.org
Thu May 20 09:21:13 CEST 2010


Dear Claude,

I'm not sure if leftauth|rightout works with IKEv1.
Better set

   authby=xauthrsasig

as in our example scenario:

http://www.strongswan.org/uml/testresults44/ikev1/xauth-rsa-mode-config/moon.ipsec.conf

The Cisco VPN client does not expect Mode Config push mode in
conjunction with XAUTH, so omit the modeconfig=push statement.

Regards

Andreas


On 05/20/2010 08:32 AM, Claude Tompers wrote:
> Hello,
>
> I'm trying to get a strongswan VPN server running with a Cisco client. I have already tried lots of different configurations on the strongswan side, but I always get the following error :
>
> /var/log/messages :
>
> May 20 08:26:12 vpn6-test pluto[9572]: packet from 192.168.3.53:54554: initial Main Mode message received on 192.168.1.13:500 but no connection has been authorized with policy=PUBKEY+XAUTHRSASIG+XAUTHSERVER
>
> Is there anything special to configure ?
>
> Here's my ipsec.conf:
>
> # basic configuration
>
> ca vpnca
>          cacert=VPNCA-cacert.pem
>          auto=add
>
> config setup
>          plutostart=yes
>          charonstart=no
>          charondebug="net 0"
>          nat_traversal=yes
>
> # Add connections here.
>
> conn %default
>          ike=aes256-sha1-modp1024
>          esp=aes256-sha1
>          dpdaction=clear
>          dpddelay=300s
>          rekey=no
>          left=%any
>          leftcert=vpncert.pem
>          leftid="C=LU, ST=Luxembourg, L=Luxembourg, O=Fondation RESTENA, OU=IT, CN=vpn6-pub.restena.lu, E=claude.tompers at restena.lu"
>          leftauth=pubkey
>          right=%any
>          rightsourceip=192.168.120.128/25
>          auto=add
>
> conn cisco-vpn
>          ikelifetime=60m
>          keylife=20m
>          rekeymargin=3m
>          keyingtries=1
>          type=tunnel
>          pfs=no
>          modeconfig=push
>          rightauth=xauthrsasig
>          xauth=server
>
> ---
>
> and my ipsec.secrets:
>
> : RSA vpncert-key.pem
>
> : XAUTH claude        "verysecretpassword"
>
> ---
>
> Thanks in advance for any answers.
>
> kind regards,
> Claude
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users


-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==




More information about the Users mailing list