[strongSwan] trying to configure strongswan to act like a windows7 client
Andreas Steffen
andreas.steffen at strongswan.org
Mon Jul 11 13:48:51 CEST 2011
Hello Olivier,
modeconfig=push|pull
is an IKEv1 configuration option. Our IKEv2 implementation
currently supports push mode only. It is activated on the
client side by requesting a virtual IP:
leftsourceip=%config
Regards
Andreas
On 11.07.2011 13:32, Olivier PELERIN wrote:
> Thanks Martin.
>
> I had the answer in front of eyes and I did not saw it :-(
>
> Last question then:
>
> On win7, the Microsoft agilevpn client sends a config request for
>
> *Jul 11 11:25:41.485: Config-type: Config-request
> *Jul 11 11:25:41.485: Attrib type: ipv4-addr, length: 0
> *Jul 11 11:25:41.485: Attrib type: ipv4-dns, length: 0
> *Jul 11 11:25:41.485: Attrib type: ipv4-nbns, length: 0
> *Jul 11 11:25:41.485: Attrib type: unknown, length: 0
>
> I've added:
>
>
> I wonder how I could have the strongswan to do enable config pull? I've
> tried to add it manually but it did not do it.
>
>
> conn
> "cisco"
>
>
> left=10.1.1.1
>
>
> right=10.1.1.254
>
>
> keyexchange=ikev2
>
>
> ike=3des-sha1-modp1024
>
>
> esp=aes-sha1
>
>
> leftauth=eap-mschapv2
>
>
> leftid=cisco
>
>
> modeconfig=pull
>
> rightid="CN=10.1.1.254, OU=TAC, O=Cisco,
> C=BE"
>
>
> eap_identity=cisco
>
>
> auto=start
>
> mobike=no
> Cheers,
>
>> Subject: Re: [strongSwan] trying to configure strongswan to act like a
> windows7 client
>> From: martin at strongswan.org
>> To: olivier_pelerin at hotmail.com
>> CC: andreas.steffen at strongswan.org; users at lists.strongswan.org
>> Date: Mon, 11 Jul 2011 12:32:42 +0200
>>
>> Hi Olivier,
>>
>> > authentication of 'CN=10.1.1.254, OU=TAC, O=Cisco, C=BE' with EAP
> successful
>> > constraint check failed: identity 'C=BE, O=CISCO, OU=TAC,
> CN=10.1.1.254' required
>>
>> Your gateway identifies itself as 'CN=10.1.1.254, OU=TAC, O=Cisco,
>> C=BE', but your rightid configuration expects 'C=BE, O=CISCO, OU=TAC,
>> CN=10.1.1.254'. The order of RDNs in a distinguished name is relevant,
>> so please update the rightid parameter accordingly.
>>
>> Regards
>> Martin
>>
--
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list