[strongSwan] xAuth request for VICI

Sam Johnson sam at 80pct.com
Fri Feb 27 22:59:56 CET 2015

Ok, thanks for the information.

Two final (quick) questions:

1) Is there alternative for 'leftfirewall=yes' in the VICI interface to
automatically setup iptables rules?

2) What is the syntax for loading a secret in via VICI. My current format (
`load_shared({'type': 'xauth', 'data': 'test : XAUTH "test"'})` ) says it
loads successfully but does not authenticate.

Thank you for your helping getting this setup.



On Fri, Feb 27, 2015 at 4:19 AM, Martin Willi <martin at strongswan.org> wrote:

> Hi,
> > Your fix to use the ordered dictionary worked perfectly. Thank you very
> > much. It is now accepting vpn connections.
> Great. I'll check how we can mention that issue in the documentation.
> > Regarding the `vips` configuration, I thought that it was the replacement
> > for the `rightsourceip` option in ipsec.conf (obviously I misinterpreted
> > the documentation).
> No, the rightsourceip option is separated in swanctl.conf/vici to the
> pools and vips options for servers and clients, respectively.
> > It does work when I create a pool as you specified, but
> > if I want to give each connection a static pre-determined ip is there
> > anyway to do that other than creating a pool for each connection?
> No, currently there is no way to directly specify an address with the
> pools option. You have to use dedicated pools, or use a pool backend
> that supports static leases (attr-sql).
> Regards
> Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150227/f5dd4f3e/attachment.html>

More information about the Users mailing list