[strongSwan] xauth forced in site-to-site

Alexandre DEPREZ alex at madrouter.com
Fri Jun 5 19:07:50 CEST 2015


Hi Randy,

I forgot to mention, i'm using this version:

Linux strongSwan U4.5.2/K3.2.0-4-amd64

Here is it :

conn tunnel-1
        left=a.a.a.a
        right=b.b.b.b
        leftsubnet=10.252.243.128/28
        rightsubnet=172.23.149.0/24
        leftsourceip=a.a.a.a
        ike=aes256-sha1-modp1024,aes128-sha1-modp1024!
        ikelifetime=86400s
        dpddelay=15s
        dpdtimeout=30s
        dpdaction=restart
        esp=aes256-sha1!
        keylife=3600s
        rekeymargin=540s
        type=tunnel
        authby=secret
        pfs=no
        compress=no
        auto=start
        keyingtries=%forever

I also tried to use

        leftxauthclient=no
        rightxauthserver=no

No changes.

Thanks





On Fri, Jun 5, 2015 at 7:02 PM, Randy Wyatt <rwwyatt01 at gmail.com> wrote:

> Please send a sanitized version of your configuration.  xauth should only
> be sent if you configured it to be sent.
>
> On Fri, Jun 5, 2015 at 9:09 AM, Alexandre DEPREZ <alex at madrouter.com>
> wrote:
>
>> Hi,
>>
>> I'm using strongswan only for L2L VPN.
>>
>> It's been some times now, I can not be the initiator of the VPN because
>> strongswan is always sending an XAUTH option in the phase 1 establishment.
>>
>> When the other side is not configured to receive remote user, it's
>> working but when it is, I'm receiving L2TP/IPsec or some other remote
>> access vpn protocols.
>>
>> I can not wait for the other side to send me trafic in order to be the
>> responder. I tried to recompile strongswan removing xauth, but it's not
>> working.
>>
>> Is there any configuration command I can use to force strongswan not to
>> send XAUTH ?
>>
>> Thanks
>>
>> Alex
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
>>
>
>
>
> --
> Randy W. Wyatt
> rwwyatt01 at gmail.com
> Home: 858-309-5303
> Cell: 858-598-4421
> Fax: 858-408-7554
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150605/e3401db8/attachment.html>


More information about the Users mailing list