[strongSwan] Setup client using main mode/draft-ietf-ipsec-nat-t-ike-02
dams.benoist at gmail.com
Mon Jun 17 09:08:50 CEST 2013
I did the changes you suggested.
I now get a "connection 'cnx' established successfully.
So it seems that the client and server now understand eachother.
I expected to have a new network interface.
Some threads are talking of an "ipsec" interface
but I have none.
So I just don't know how to use the connection.
Can you tell me what I have to do now
or point me to the right doc?
2013/6/11 Martin Willi <martin at strongswan.org>:
>> Encryption-Algorithm : 3DES-CBC
>> Hash-Algorithm : SHA
>> Alternate 1024-bit MODP group
> The IKE proposal uses 3des-sha1, the responder might not like our
> default set (aes128-sha1 or 3des-md5). You might try it with:
> But the default might work as well, depends on the responder what it
>> Authentication-Method : XAUTHInitRSA
> Looks like the responder expects RSA client authentication followed by
> an XAuth exchange. You can configure this using:
> Have a look at  for a complete example. Beside the
> certificate/private key from the PKCS#12 container, you'll need a
> password in ipsec.secrets.
More information about the Users