[strongSwan] IKEv1 PSK with group name?

Martin Willi martin at strongswan.org
Fri May 3 17:40:41 CEST 2013


Hi,

> 12[IKE] client.ip.address is initiating a Aggressive Mode IKE_SA
> 12[CFG] looking for XAuthInitPSK peer configs matching server.ip.address...client.ip.address[group]
> 12[IKE] no peer config found

I don't see the "aggressive" keyword in your ipsec.conf. Have you set
it? man ipsec.conf for details.

Also, to support Aggressive Mode PSK as responder, you'll have to
confirm you are aware of the security implications and enable "weakSwan"
mode using
    charon.i_dont_care_about_security_and_use_aggressive_mode_psk
in strongswan.conf, see that manpage for details.

Regards
Martin





More information about the Users mailing list