[strongSwan] Connection to cisco ezvpn server - how to disable strongswan to send a cert-req in AM1?
Olivier PELERIN
olivier_pelerin at hotmail.com
Fri Jul 6 17:29:39 CEST 2012
Playing around on Strongswan, I try to connect an easyvpn client to an easyvpn server.
I see strongswan sending a cert-req in the first packet of Aggressive mode.
*Jul 6 15:26:38.265: ISAKMP: Aggressive Mode packet contents (flags 0, len 426):
*Jul 6 15:26:38.265: SA payload
*Jul 6 15:26:38.265: PROPOSAL
*Jul 6 15:26:38.265: TRANSFORM
*Jul 6 15:26:38.265: TRANSFORM
*Jul 6 15:26:38.265: KE payload
*Jul 6 15:26:38.265: NONCE payload
*Jul 6 15:26:38.265: ID payload
*Jul 6 15:26:38.265: ID_KEY_ID <ezvpn> port 0 protocol 0
*Jul 6 15:26:38.265: CERT-REQ payload
*Jul 6 15:26:38.265: VENDOR payload
*Jul 6 15:26:38.265: VENDOR payload
*Jul 6 15:26:38.265: VENDOR payload
How can I disable that?
# Add con:wnections here.
conn "ezvpn"
keyexchange=ikev1
ikelifetime=1440m
keylife=60m
aggressive=yes
ike=aes-sha-modp1024
esp=aes128-sha1
xauth=client
left=1.1.1.1
leftid=@#65:7a:76:70:6e:1f
leftsourceip=%config
authby=xauthpsk
leftauth2=xauth
right=10.1.1.254
rightid=10.1.1.254
rightsubnet=0.0.0.0/0
xauth_identity=cisco_user
auto=add
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120706/6d01139d/attachment.html>
More information about the Users
mailing list