[strongSwan] trying to configure strongswan to act like a windows7 client

Andreas Steffen andreas.steffen at strongswan.org
Mon Jul 11 13:48:51 CEST 2011


Hello Olivier,

  modeconfig=push|pull

is an IKEv1 configuration option. Our IKEv2 implementation
currently supports push mode only. It is activated on the
client side by requesting a virtual IP:

  leftsourceip=%config

Regards

Andreas

On 11.07.2011 13:32, Olivier PELERIN wrote:
> Thanks Martin.
> 
> I had the answer in front of eyes and I did not saw it :-(
> 
> Last question then:
> 
> On win7, the Microsoft agilevpn client sends a config request for
> 
> *Jul 11 11:25:41.485: Config-type: Config-request
> *Jul 11 11:25:41.485: Attrib type: ipv4-addr, length: 0
> *Jul 11 11:25:41.485: Attrib type: ipv4-dns, length: 0
> *Jul 11 11:25:41.485: Attrib type: ipv4-nbns, length: 0
> *Jul 11 11:25:41.485: Attrib type: unknown, length: 0
> 
> I've added:
> 
> 
> I wonder how I could have the strongswan to do enable config pull? I've
> tried to add it manually but it did not do it.
> 
> 
> conn
> "cisco"                                                                                                                                                                                                                                
> 
>        
> left=10.1.1.1                                                                                                                                                                                                                       
> 
>        
> right=10.1.1.254                                                                                                                                                                                                                    
> 
>        
> keyexchange=ikev2                                                                                                                                                                                                                   
> 
>        
> ike=3des-sha1-modp1024                                                                                                                                                                                                              
> 
>        
> esp=aes-sha1                                                                                                                                                                                                                        
> 
>        
> leftauth=eap-mschapv2                                                                                                                                                                                                               
> 
>        
> leftid=cisco                                                                                                                                                                                                                        
> 
>        
> modeconfig=pull                                                                                                                                                                                                                     
> 
>         rightid="CN=10.1.1.254, OU=TAC, O=Cisco,
> C=BE"                                                                                                                                                                                      
> 
>        
> eap_identity=cisco                                                                                                                                                                                                                  
> 
>        
> auto=start                                                                                                                                                                                                                          
> 
>         mobike=no  
> Cheers,
> 
>> Subject: Re: [strongSwan] trying to configure strongswan to act like a
> windows7 client
>> From: martin at strongswan.org
>> To: olivier_pelerin at hotmail.com
>> CC: andreas.steffen at strongswan.org; users at lists.strongswan.org
>> Date: Mon, 11 Jul 2011 12:32:42 +0200
>>
>> Hi Olivier,
>>
>> > authentication of 'CN=10.1.1.254, OU=TAC, O=Cisco, C=BE' with EAP
> successful
>> > constraint check failed: identity 'C=BE, O=CISCO, OU=TAC,
> CN=10.1.1.254' required
>>
>> Your gateway identifies itself as 'CN=10.1.1.254, OU=TAC, O=Cisco,
>> C=BE', but your rightid configuration expects 'C=BE, O=CISCO, OU=TAC,
>> CN=10.1.1.254'. The order of RDNs in a distinguished name is relevant,
>> so please update the rightid parameter accordingly.
>>
>> Regards
>> Martin
>>


-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==




More information about the Users mailing list