[strongSwan] xAuth request for VICI

Sam Johnson sam at 80pct.com
Wed Feb 25 18:07:51 CET 2015

I have not tested the configuration in swanctl.conf yet, but my goal is to
move away from configuration files so I can dynamically add/remove
connections remotely. I will add it in to see if perhaps my dictionary has
a syntax issue.

The output of `ipsec statusall`:

test:  %any...%any  IKEv1/2
test:   local:  [xxxxx.amazonaws.com] uses public key authentication
test:    cert:  "C=US, O=xxxxx, CN=xxxxxx.amazonaws.com"
test:   remote: uses XAuth authentication: any
test:   remote: [C=US, O=xxxxxx, CN=test] uses public key authentication
test:   child: === dynamic TUNNEL

I have loaded in the serverCert/key and caCert/key using the vici commands
as well. All returned a successfull completion message and are listed in
`ipsec listcerts`.
Additionally I loaded in a value for the xAuth connection.



On Wed, Feb 25, 2015 at 11:49 AM, Martin Willi <martin at strongswan.org>

> Hi,
> > I have attempted to create the same configuration using a call to the
> > with this dictionary:
> Have you tried to configure that in swanctl.conf to avoid any problems
> with your "dictionary"? Here such an XAuth configuration works fine when
> defined in swanctl.conf.
> > This keeps returning this error: `1 config found, none that allow
> > xAuthInitRSA using MainMode`
> Not sure what exactly goes on. Can you confirm the the connection has
> been successfully loaded. What's the output of "ipsec statusall" (or
> "swanctl --list-conns")?
> >                 'vips' : [''],
> This is probably not what you want, "vips" requests a virtual IP. Use
> the "pools" keyword and the appropriate "pools" section to define
> virtual IP pools, refer to swanctl.conf(5) for details. This is probably
> not the root cause of your issue, though.
> Regards
> Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150225/9c5e0aec/attachment.html>

More information about the Users mailing list