[strongSwan] Connection to cisco ezvpn server - how to disable strongswan to send a cert-req in AM1?
Andreas Steffen
andreas.steffen at strongswan.org
Sat Jul 7 07:27:00 CEST 2012
Hi Olivier,
try the new notation
leftauth=psk
rightauth=psk
leftauth2=xauth
and a certificate request should not be sent. If it is still the case
then this must be fixed. In that case try as a workaround
rightsendcert=no
Regards
Andreas
On 07/06/2012 05:29 PM, Olivier PELERIN wrote:
> Playing around on Strongswan, I try to connect an easyvpn client to an
> easyvpn server.
>
>
> I see strongswan sending a cert-req in the first packet of Aggressive mode.
> *Jul 6 15:26:38.265: ISAKMP: Aggressive Mode packet contents (flags 0,
> len 426):
> *Jul 6 15:26:38.265: SA payload
> *Jul 6 15:26:38.265: PROPOSAL
> *Jul 6 15:26:38.265: TRANSFORM
> *Jul 6 15:26:38.265: TRANSFORM
> *Jul 6 15:26:38.265: KE payload
> *Jul 6 15:26:38.265: NONCE payload
> *Jul 6 15:26:38.265: ID payload
> *Jul 6 15:26:38.265: ID_KEY_ID <ezvpn> port 0 protocol 0
> *Jul 6 15:26:38.265: CERT-REQ payload
> *Jul 6 15:26:38.265: VENDOR payload
> *Jul 6 15:26:38.265: VENDOR payload
> *Jul 6 15:26:38.265: VENDOR payload
>
>
> How can I disable that?
>
> # Add con:wnections here.
> conn "ezvpn"
> keyexchange=ikev1
> ikelifetime=1440m
> keylife=60m
> aggressive=yes
> ike=aes-sha-modp1024
> esp=aes128-sha1
> xauth=client
> left=1.1.1.1
> leftid=@#65:7a:76:70:6e:1f
> leftsourceip=%config
> authby=xauthpsk
> leftauth2=xauth
> right=10.1.1.254
> rightid=10.1.1.254
> rightsubnet=0.0.0.0/0
> xauth_identity=cisco_user
> auto=add
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list