[strongSwan] IKEv1 PSK with group name?

Tony Zhou tonytzhou at gmail.com
Fri May 3 18:00:26 CEST 2013

Hi Martin,

I suppose it's adding "aggressive=yes" into the section? I tried that 
but strongswan gives out the same result...

Also, I did put enabling aggressive mode into strongswan.conf otherwise 
it won't allow me to connect (log will say aggressive mode is disabled)


On 5/3/2013 11:40 AM, Martin Willi wrote:
> Hi,
>> 12[IKE] client.ip.address is initiating a Aggressive Mode IKE_SA
>> 12[CFG] looking for XAuthInitPSK peer configs matching server.ip.address...client.ip.address[group]
>> 12[IKE] no peer config found
> I don't see the "aggressive" keyword in your ipsec.conf. Have you set
> it? man ipsec.conf for details.
> Also, to support Aggressive Mode PSK as responder, you'll have to
> confirm you are aware of the security implications and enable "weakSwan"
> mode using
>      charon.i_dont_care_about_security_and_use_aggressive_mode_psk
> in strongswan.conf, see that manpage for details.
> Regards
> Martin

More information about the Users mailing list