[strongSwan] xAuth request for VICI
Sam Johnson
sam at 80pct.com
Fri Feb 27 22:59:56 CET 2015
Ok, thanks for the information.
Two final (quick) questions:
1) Is there alternative for 'leftfirewall=yes' in the VICI interface to
automatically setup iptables rules?
2) What is the syntax for loading a secret in via VICI. My current format (
`load_shared({'type': 'xauth', 'data': 'test : XAUTH "test"'})` ) says it
loads successfully but does not authenticate.
Thank you for your helping getting this setup.
Best,
Sam
On Fri, Feb 27, 2015 at 4:19 AM, Martin Willi <martin at strongswan.org> wrote:
> Hi,
>
> > Your fix to use the ordered dictionary worked perfectly. Thank you very
> > much. It is now accepting vpn connections.
>
> Great. I'll check how we can mention that issue in the documentation.
>
> > Regarding the `vips` configuration, I thought that it was the replacement
> > for the `rightsourceip` option in ipsec.conf (obviously I misinterpreted
> > the documentation).
>
> No, the rightsourceip option is separated in swanctl.conf/vici to the
> pools and vips options for servers and clients, respectively.
>
> > It does work when I create a pool as you specified, but
> > if I want to give each connection a static pre-determined ip is there
> > anyway to do that other than creating a pool for each connection?
>
> No, currently there is no way to directly specify an address with the
> pools option. You have to use dedicated pools, or use a pool backend
> that supports static leases (attr-sql).
>
> Regards
> Martin
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150227/f5dd4f3e/attachment.html>
More information about the Users
mailing list