[strongSwan] Connection to cisco ezvpn server - how to disable strongswan to send a cert-req in AM1?

Olivier PELERIN olivier_pelerin at hotmail.com
Fri Jul 6 17:29:39 CEST 2012


Playing around on Strongswan, I try to connect an easyvpn client to an easyvpn server.


I see strongswan sending a cert-req in the first packet of Aggressive mode.
*Jul  6 15:26:38.265: ISAKMP: Aggressive Mode packet contents (flags 0, len 426):
*Jul  6 15:26:38.265:           SA payload
*Jul  6 15:26:38.265:             PROPOSAL
*Jul  6 15:26:38.265:               TRANSFORM
*Jul  6 15:26:38.265:               TRANSFORM
*Jul  6 15:26:38.265:           KE payload
*Jul  6 15:26:38.265:           NONCE payload
*Jul  6 15:26:38.265:           ID payload
*Jul  6 15:26:38.265:             ID_KEY_ID <ezvpn> port 0 protocol 0
*Jul  6 15:26:38.265:           CERT-REQ payload
*Jul  6 15:26:38.265:           VENDOR payload
*Jul  6 15:26:38.265:           VENDOR payload
*Jul  6 15:26:38.265:           VENDOR payload


How can I disable that?

# Add con:wnections here.
conn "ezvpn"
        keyexchange=ikev1
        ikelifetime=1440m
        keylife=60m
        aggressive=yes
        ike=aes-sha-modp1024
        esp=aes128-sha1
        xauth=client
        left=1.1.1.1
        leftid=@#65:7a:76:70:6e:1f
        leftsourceip=%config
        authby=xauthpsk
        leftauth2=xauth
        right=10.1.1.254
        rightid=10.1.1.254
        rightsubnet=0.0.0.0/0
        xauth_identity=cisco_user
        auto=add

 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120706/6d01139d/attachment.html>


More information about the Users mailing list