Thanks Martin.
I had the answer in front of eyes and I did not saw it :-(
Last question then:
On win7, the Microsoft agilevpn client sends a config request for
*Jul 11 11:25:41.485: Config-type: Config-request
*Jul 11 11:25:41.485: Attrib type: ipv4-addr, length: 0
*Jul 11 11:25:41.485: Attrib type: ipv4-dns, length: 0
*Jul 11 11:25:41.485: Attrib type: ipv4-nbns, length: 0
*Jul 11 11:25:41.485: Attrib type: unknown, length: 0
I've added:
I wonder how I could have the strongswan to do enable config pull? I've tried to add it manually but it did not do it.
conn "cisco"
left=10.1.1.1
right=10.1.1.254
keyexchange=ikev2
ike=3des-sha1-modp1024
esp=aes-sha1
leftauth=eap-mschapv2
leftid=cisco
modeconfig=pull
rightid="CN=10.1.1.254, OU=TAC, O=Cisco, C=BE"
eap_identity=cisco
auto=start
mobike=no
Cheers,
> Subject: Re: [strongSwan] trying to configure strongswan to act like a windows7 client
> From: martin at strongswan.org
> To: olivier_pelerin at hotmail.com
> CC: andreas.steffen at strongswan.org; users at lists.strongswan.org
> Date: Mon, 11 Jul 2011 12:32:42 +0200
>
> Hi Olivier,
>
> > authentication of 'CN=10.1.1.254, OU=TAC, O=Cisco, C=BE' with EAP successful
> > constraint check failed: identity 'C=BE, O=CISCO, OU=TAC, CN=10.1.1.254' required
>
> Your gateway identifies itself as 'CN=10.1.1.254, OU=TAC, O=Cisco,
> C=BE', but your rightid configuration expects 'C=BE, O=CISCO, OU=TAC,
> CN=10.1.1.254'. The order of RDNs in a distinguished name is relevant,
> so please update the rightid parameter accordingly.
>
> Regards
> Martin
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110711/cd27cf5b/attachment.html>