[strongSwan] IKEv1 PSK with group name?
Tony Zhou
tonytzhou at gmail.com
Fri May 3 18:00:26 CEST 2013
Hi Martin,
I suppose it's adding "aggressive=yes" into the section? I tried that
but strongswan gives out the same result...
Also, I did put enabling aggressive mode into strongswan.conf otherwise
it won't allow me to connect (log will say aggressive mode is disabled)
Thanks,
TZ
On 5/3/2013 11:40 AM, Martin Willi wrote:
> Hi,
>
>> 12[IKE] client.ip.address is initiating a Aggressive Mode IKE_SA
>> 12[CFG] looking for XAuthInitPSK peer configs matching server.ip.address...client.ip.address[group]
>> 12[IKE] no peer config found
>
> I don't see the "aggressive" keyword in your ipsec.conf. Have you set
> it? man ipsec.conf for details.
>
> Also, to support Aggressive Mode PSK as responder, you'll have to
> confirm you are aware of the security implications and enable "weakSwan"
> mode using
> charon.i_dont_care_about_security_and_use_aggressive_mode_psk
> in strongswan.conf, see that manpage for details.
>
> Regards
> Martin
>
More information about the Users
mailing list