[strongSwan] How to configure Strongswan4.6.4/5.x with "IPSec Hybrid authentication with RSA" support
martin at strongswan.org
Tue Jun 19 11:37:23 CEST 2012
No need for a right cert, in Hybrid mode the client authenticates with
> hybridrsasig: remote: [C=JP, O=Strongswan, CN=client] uses XAuth authentication: any
Your configuration requires a remote identity "C=JP, O=Strongswan,
CN=client", read from the certificate.
> Jun 19 17:58:35 13[CFG] looking for HybridInitRSA peer configs
> matching 192.168.246.210...192.168.248.101[192.168.248.101]
But your client sends "192.168.248.101" as IKE identity. If you remove
the rightcert option, you can define a rightid=192.168.248.101, or even
> I will give it a try with a client that used "Hybrid" authentication
> without RSA and see if this works.
Hybrid mode is only defined with DSS or RSA as responder authentication
in . We don't support DSS signatures, and no responder public key
authentication at all would be very insecure.
More information about the Users