[strongSwan] strongswan without client certifikate

Imran Akbar skunkwerk at gmail.com
Wed Dec 3 19:40:32 CET 2014


Hey Thomas,
    Seems like we're in the same boat.  Which client are you using to
connect?
I'm going to try that config on my own gateway and see if works for me.
I'm also looking at this example for PSK authentication:
http://www.strongswan.org/uml/testresults/ikev2/rw-psk-ipv4/

yours,
imarn

On Wed, Dec 3, 2014 at 10:13 AM, Noel Kuntze <noel at familie-kuntze.de> wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello Thomas,
>
> Using something like you already have in the conn win7 section will do.
> Just don't set any authentication method for the client, that needs
> certificates or psk and you're golden.
> Assuming of course your client is configured the right way, of course.
>
> Mit freundlichen Grüßen/Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
> Am 03.12.2014 um 14:54 schrieb Thomas:
> > Hi,
> >
> > I'm trying to setup strongswan to acceppt only username and password as
> > logincredentials.
> > So, the client do not need any certificate, only his username and
> password.
> > Is there any way to do that ?
> >
> >
> > My actual ipsec.conf is this:
> >
> > config setup
> >
> > conn ios
> >         keyexchange=ikev1
> >         authby=xauthrsasig
> >         xauth=server
> >         left=%defaultroute
> >         leftsubnet=0.0.0.0/0
> >         leftfirewall=yes
> >         leftcert=serverCert.pem
> >         right=%any
> >         rightsubnet=10.0.0.0/24
> >         rightsourceip=10.0.0.0/24
> >         rightcert=clientCert.pem
> >         auto=add
> >
> > conn android
> >         keyexchange=ikev2
> >         left=%defaultroute
> >         leftauth=pubkey
> >         leftsubnet=0.0.0.0/0
> >         leftcert=serverCert.pem
> >         right=%any
> >         rightauth=pubkey
> >         rightsourceip=10.0.0.0/24
> >         rightcert=clientCert.pem
> >         auto=add
> >
> > conn win7
> >         keyexchange=ikev2
> >         ike=aes256-sha1-modp1024!
> >         esp=aes256-sha1!
> >         dpdaction=clear
> >         dpddelay=300s
> >         rekey=no
> >         left=%any
> >         leftsubnet=0.0.0.0/0
> >         leftauth=pubkey
> >         leftcert=serverCert.pem
> >         right=%any
> >         rightsourceip=10.0.0.0/24
> >         rightauth=eap-mschapv2
> >         rightsendcert=never
> >         eap_identity=%any
> >         auto=add
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.strongswan.org
> > https://lists.strongswan.org/mailman/listinfo/users
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJUf1K8AAoJEDg5KY9j7GZYlFQQAJEq0mQtoMfqdtIoknSMRG1s
> Wmn1Ly1IGGf1kr0dlvbouCKWYog9jNG30KoMXzTGupNOAoUa6HOpdcre4EOsTeZW
> /yDzR350dIEXyfO9xX5fY50+sj1A/R4FmzDcNWmXQmHxLy2O6P2WT0AYJm7aGdQ3
> 6g25RBir7RE/jkYg+VzxmtIU0REk69bwdxGdhCU4ZgU7ytoVJqBlEma7s5P/EfxQ
> oSm8mHkVY0aHK2jh33Mfkl39C2WXoR5UGtRm2eueazjqsQPVj+9lPv8wPyRsQSI5
> kwbiq+rDo/N7lnf4PJZTrX6GIBD5qgkLCBYh9eaoCyWSNRSnYOHiuBybAdc+GBge
> 4kXHDHiVEAQmgOTSCstBa6nMPw2qyvh1pJDMBNjpmN5avBDwZpUEvpMEDr0pDNsQ
> drHFKEW03HVfcJUdc9MwunzGF92K13OEiHnXaklLRvXP6t9HYjpuZg4qwFP+Yoyb
> N43a7/r5FHs3SjUtS1Bhi9Z+5lYgBOLdxqCsONSIETGsFpW+YARMD7eT0x2P4lez
> 7KaR4jA4A4eTaH0msKQpOMMjhkAL1T7UzNdhFpNMKYtkAw2fjpcipzN9rV+Ju5Ll
> 0FpnwxwwJhdsfdlv+Q3Pqmxsd40gRmL8zGsi6hbNKX/FfR0NmM/VmDu87JFUSxbB
> KEZhoNDpn4Hk32OUyxyW
> =VwFb
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141203/034eed46/attachment-0001.html>


More information about the Users mailing list