[strongSwan] strongswan without client certifikate
Noel Kuntze
noel at familie-kuntze.de
Wed Dec 3 19:13:16 CET 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello Thomas,
Using something like you already have in the conn win7 section will do.
Just don't set any authentication method for the client, that needs certificates or psk and you're golden.
Assuming of course your client is configured the right way, of course.
Mit freundlichen Grüßen/Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 03.12.2014 um 14:54 schrieb Thomas:
> Hi,
>
> I'm trying to setup strongswan to acceppt only username and password as
> logincredentials.
> So, the client do not need any certificate, only his username and password.
> Is there any way to do that ?
>
>
> My actual ipsec.conf is this:
>
> config setup
>
> conn ios
> keyexchange=ikev1
> authby=xauthrsasig
> xauth=server
> left=%defaultroute
> leftsubnet=0.0.0.0/0
> leftfirewall=yes
> leftcert=serverCert.pem
> right=%any
> rightsubnet=10.0.0.0/24
> rightsourceip=10.0.0.0/24
> rightcert=clientCert.pem
> auto=add
>
> conn android
> keyexchange=ikev2
> left=%defaultroute
> leftauth=pubkey
> leftsubnet=0.0.0.0/0
> leftcert=serverCert.pem
> right=%any
> rightauth=pubkey
> rightsourceip=10.0.0.0/24
> rightcert=clientCert.pem
> auto=add
>
> conn win7
> keyexchange=ikev2
> ike=aes256-sha1-modp1024!
> esp=aes256-sha1!
> dpdaction=clear
> dpddelay=300s
> rekey=no
> left=%any
> leftsubnet=0.0.0.0/0
> leftauth=pubkey
> leftcert=serverCert.pem
> right=%any
> rightsourceip=10.0.0.0/24
> rightauth=eap-mschapv2
> rightsendcert=never
> eap_identity=%any
> auto=add
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJUf1K8AAoJEDg5KY9j7GZYlFQQAJEq0mQtoMfqdtIoknSMRG1s
Wmn1Ly1IGGf1kr0dlvbouCKWYog9jNG30KoMXzTGupNOAoUa6HOpdcre4EOsTeZW
/yDzR350dIEXyfO9xX5fY50+sj1A/R4FmzDcNWmXQmHxLy2O6P2WT0AYJm7aGdQ3
6g25RBir7RE/jkYg+VzxmtIU0REk69bwdxGdhCU4ZgU7ytoVJqBlEma7s5P/EfxQ
oSm8mHkVY0aHK2jh33Mfkl39C2WXoR5UGtRm2eueazjqsQPVj+9lPv8wPyRsQSI5
kwbiq+rDo/N7lnf4PJZTrX6GIBD5qgkLCBYh9eaoCyWSNRSnYOHiuBybAdc+GBge
4kXHDHiVEAQmgOTSCstBa6nMPw2qyvh1pJDMBNjpmN5avBDwZpUEvpMEDr0pDNsQ
drHFKEW03HVfcJUdc9MwunzGF92K13OEiHnXaklLRvXP6t9HYjpuZg4qwFP+Yoyb
N43a7/r5FHs3SjUtS1Bhi9Z+5lYgBOLdxqCsONSIETGsFpW+YARMD7eT0x2P4lez
7KaR4jA4A4eTaH0msKQpOMMjhkAL1T7UzNdhFpNMKYtkAw2fjpcipzN9rV+Ju5Ll
0FpnwxwwJhdsfdlv+Q3Pqmxsd40gRmL8zGsi6hbNKX/FfR0NmM/VmDu87JFUSxbB
KEZhoNDpn4Hk32OUyxyW
=VwFb
-----END PGP SIGNATURE-----
More information about the Users
mailing list