[strongSwan] Setup client using main mode/draft-ietf-ipsec-nat-t-ike-02
Martin Willi
martin at strongswan.org
Tue Jun 11 11:59:33 CEST 2013
Damien,
> Encryption-Algorithm : 3DES-CBC
> Hash-Algorithm : SHA
> Alternate 1024-bit MODP group
The IKE proposal uses 3des-sha1, the responder might not like our
default set (aes128-sha1 or 3des-md5). You might try it with:
ike=3des-sha1-modp1024!
But the default might work as well, depends on the responder what it
allows.
> Authentication-Method : XAUTHInitRSA
Looks like the responder expects RSA client authentication followed by
an XAuth exchange. You can configure this using:
leftauth=pubkey
leftauth2=xauth
Have a look at [1] for a complete example. Beside the
certificate/private key from the PKCS#12 container, you'll need a
password in ipsec.secrets.
Regards
Martin
[1]http://www.strongswan.org/uml/testresults/ikev1/xauth-rsa/index.html
More information about the Users
mailing list