[strongSwan] IKEv1 PSK with group name?

Martin Willi martin at strongswan.org
Fri May 3 17:40:41 CEST 2013


> 12[IKE] client.ip.address is initiating a Aggressive Mode IKE_SA
> 12[CFG] looking for XAuthInitPSK peer configs matching server.ip.address...client.ip.address[group]
> 12[IKE] no peer config found

I don't see the "aggressive" keyword in your ipsec.conf. Have you set
it? man ipsec.conf for details.

Also, to support Aggressive Mode PSK as responder, you'll have to
confirm you are aware of the security implications and enable "weakSwan"
mode using
in strongswan.conf, see that manpage for details.


More information about the Users mailing list