[strongSwan] questions on syslog output; linux server/mac client RSA certificate auth
Cindy Moore
ctmoore at cs.ucsd.edu
Fri Dec 19 02:40:42 CET 2014
Well, I found that switching to Cisco IPsec for the vpn type in the
Mac vpn setup and just using xauth-pam worked.
I'm torn between jumping up and down with joy and banging my head on the desk.
The one thing I'm battling now is that it seems to drop the connection
after about 30 minutes. Is this a known thing? I'm sitting on a
connection now to get good syslog info.
On Thu, Dec 18, 2014 at 12:32 AM, Martin Willi <martin at strongswan.org> wrote:
> Cindy,
>
>> 15[CFG] looking for a child config for vpn_ip/32[udp/l2f] === client_ip/32[udp/62338]
>>
>> Looks for a child config, doesn't find one, what's going on here?
>
> Your client tries to negotiate a traffic selector for L2TP, most likely
> because it is configured to use L2TP over IPsec. In this mode an L2TP
> daemon handles the tunneling, strongSwan only protects the L2TP traffic.
>
> If you want to use plain IPsec, try to configure "Cisco IPsec" on your
> Mac client. This mode uses IKEv1 with XAuth authentication, and is most
> likely preferable.
>
>> Maybe I'm just being dense, but what is "Main Mode"?
>
> Main Mode is a Phase 1 exchange in IKEv1 to establish an ISAKMP-SA.
>
> I recommend to get some literature about IPsec and IKE; understanding
> the basic concepts of these protocols is very helpful in configuring
> strongSwan, especially if it comes to interoperability with other
> software.
>
> Kind regards
> Martin
>
More information about the Users
mailing list