[strongSwan] strongswan without client certifikate
Thomas
jk at c.vu
Wed Dec 3 22:59:05 CET 2014
Hi Noel, Hi Imarn
thanks for your answers!
Any idea whats the best authentication method for username/password only
on client-side?
EAP-MD5?
The client should be able to connect via windows ikev2 native clients,
the strongswan android-app,
and the native clients from osx/ios.
Best
Thomas
Am 03.12.2014 19:40, schrieb Imran Akbar:
> Hey Thomas,
> Seems like we're in the same boat. Which client are you using to
connect?
> I'm going to try that config on my own gateway and see if works for me.
> I'm also looking at this example for PSK authentication:
http://www.strongswan.org/uml/testresults/ikev2/rw-psk-ipv4/
>
> yours,
> imarn
>
> On Wed, Dec 3, 2014 at 10:13 AM, Noel Kuntze <noel at familie-kuntze.de
<mailto:noel at familie-kuntze.de>> wrote:
>
>
> Hello Thomas,
>
> Using something like you already have in the conn win7 section will do.
> Just don't set any authentication method for the client, that needs
> certificates or psk and you're golden.
> Assuming of course your client is configured the right way, of course.
>
> Mit freundlichen Grüßen/Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
> Am 03.12.2014 um 14:54 schrieb Thomas:
> > Hi,
>
> > I'm trying to setup strongswan to acceppt only username and password as
> > logincredentials.
> > So, the client do not need any certificate, only his username and
> password.
> > Is there any way to do that ?
>
>
> > My actual ipsec.conf is this:
>
> > config setup
>
> > conn ios
> > keyexchange=ikev1
> > authby=xauthrsasig
> > xauth=server
> > left=%defaultroute
> > leftsubnet=0.0.0.0/0 <http://0.0.0.0/0>
> > leftfirewall=yes
> > leftcert=serverCert.pem
> > right=%any
> > rightsubnet=10.0.0.0/24 <http://10.0.0.0/24>
> > rightsourceip=10.0.0.0/24 <http://10.0.0.0/24>
> > rightcert=clientCert.pem
> > auto=add
>
> > conn android
> > keyexchange=ikev2
> > left=%defaultroute
> > leftauth=pubkey
> > leftsubnet=0.0.0.0/0 <http://0.0.0.0/0>
> > leftcert=serverCert.pem
> > right=%any
> > rightauth=pubkey
> > rightsourceip=10.0.0.0/24 <http://10.0.0.0/24>
> > rightcert=clientCert.pem
> > auto=add
>
> > conn win7
> > keyexchange=ikev2
> > ike=aes256-sha1-modp1024!
> > esp=aes256-sha1!
> > dpdaction=clear
> > dpddelay=300s
> > rekey=no
> > left=%any
> > leftsubnet=0.0.0.0/0 <http://0.0.0.0/0>
> > leftauth=pubkey
> > leftcert=serverCert.pem
> > right=%any
> > rightsourceip=10.0.0.0/24 <http://10.0.0.0/24>
> > rightauth=eap-mschapv2
> > rightsendcert=never
> > eap_identity=%any
> > auto=add
>
> > _______________________________________________
> > Users mailing list
> > Users at lists.strongswan.org <mailto:Users at lists.strongswan.org>
> > https://lists.strongswan.org/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org <mailto:Users at lists.strongswan.org>
> https://lists.strongswan.org/mailman/listinfo/users
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20141203/fb94e5cd/attachment.html>
More information about the Users
mailing list