[strongSwan] xAuth request for VICI
sam at 80pct.com
Wed Feb 25 18:07:51 CET 2015
I have not tested the configuration in swanctl.conf yet, but my goal is to
move away from configuration files so I can dynamically add/remove
connections remotely. I will add it in to see if perhaps my dictionary has
a syntax issue.
The output of `ipsec statusall`:
test: %any...%any IKEv1/2
test: local: [xxxxx.amazonaws.com] uses public key authentication
test: cert: "C=US, O=xxxxx, CN=xxxxxx.amazonaws.com"
test: remote: uses XAuth authentication: any
test: remote: [C=US, O=xxxxxx, CN=test] uses public key authentication
test: child: 18.104.22.168/32 === dynamic TUNNEL
I have loaded in the serverCert/key and caCert/key using the vici commands
as well. All returned a successfull completion message and are listed in
Additionally I loaded in a value for the xAuth connection.
On Wed, Feb 25, 2015 at 11:49 AM, Martin Willi <martin at strongswan.org>
> > I have attempted to create the same configuration using a call to the
> > with this dictionary:
> Have you tried to configure that in swanctl.conf to avoid any problems
> with your "dictionary"? Here such an XAuth configuration works fine when
> defined in swanctl.conf.
> > This keeps returning this error: `1 config found, none that allow
> > xAuthInitRSA using MainMode`
> Not sure what exactly goes on. Can you confirm the the connection has
> been successfully loaded. What's the output of "ipsec statusall" (or
> "swanctl --list-conns")?
> > 'vips' : ['10.0.0.5'],
> This is probably not what you want, "vips" requests a virtual IP. Use
> the "pools" keyword and the appropriate "pools" section to define
> virtual IP pools, refer to swanctl.conf(5) for details. This is probably
> not the root cause of your issue, though.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users