[strongSwan] Setup client using main mode/draft-ietf-ipsec-nat-t-ike-02

Damien Benoist dams.benoist at gmail.com
Wed Jun 5 17:23:13 CEST 2013


I have to setup a vpn client on a linux (Debian).
I don't have much information from the server side.

It's a cisco, the administrators provide:
- a client setup for windows which uses
Cisco client "Cisco Systems VPN Client Version".
- a p12 and its password.
I can dump packets exchanged between the windows client
and the server. Here is what seems relevent to me:

    Exchange type: Identity Protection (Main Mode) (2)
    Type Payload: Security Association (1)
    Type Payload: Vendor ID (13) : XAUTH
    Type Payload: Vendor ID (13) : RFC 3706 DPD (Dead Peer Detection)
    Type Payload: Vendor ID (13) : Microsoft L2TP/IPSec VPN Client
    Type Payload: Vendor ID (13) : draft-ietf-ipsec-nat-t-ike-02\n
    Type Payload: Vendor ID (13) : CISCO-UNITY 1.0

I have tried to install the linux client provided by cisco.
But it seems outdated and it doesn't support recent kernels.
So it doesn't seem to be a good solution for the future.

At first I add tried vpnc, but it seems to not support main mode.

I have tried unsuccessfully to setup a strongswan client.
There are many possible parameters and my vpn
knowledge is really limited.

So before trying all possible combination of parameters,
or even trying to debug my configuration,
can someone confirm that strongswan can hanlde this VPN?

If so, is there an example confirguration file for this specific

Thanks for your help,

More information about the Users mailing list