[strongSwan] xAuth request for VICI
Sam Johnson
sam at 80pct.com
Wed Feb 25 17:13:48 CET 2015
Hello,
I am trying to translate an old ipsec.conf configuration to using the VICI
interface. My old ipsec.conf configuration that is working completely
normally is this:
config setup
conn %default
keyexchange=ikev1
authby=xauthrsasig
xauth=server
left=%defaultroute
leftsubnet=0.0.0.0/0
leftid=xxxxxxx
leftcert=serverCert.pem
leftsendcert=yes
leftfirewall=yes
leftauth=rsa
rightauth=rsa
rightauth2=xauth
dpdaction=clear
auto=add
conn ios
rightid="C=US, O=xxxxxx, CN=test"
rightsourceip=10.0.0.5
I have attempted to create the same configuration using a call to the VICI
with this dictionary:
{ 'test':
{
'version' : 1,
'vips' : ['10.0.0.5'],
'local' : {
'id' : 'xxxxxxxxx',
'auth' : 'pubkey',
'certs' : [serverCert]
},
'remote': {
'auth' : 'pubkey',
'id' : 'C=US, O=xxxxxx, CN=test'
},
'remote2': {
'auth': 'xauth'
},
'children': {
'test' : {
'local_ts' : ['0.0.0.0/0'],
'remote_ts' : ['dynamic']
}
}
}
}
This keeps returning this error: `1 config found, none that allow
xAuthInitRSA using MainMode`
Not sure how to modify this configuration to work correctly. I have tried a
number of different combinations with the same message. Any help would be
appreciated.
Sam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150225/7b7aab25/attachment.html>
More information about the Users
mailing list