Hi all, I am new to Strongswan,
just want to use Cisco VPN client to connect Strongswan but failed.
Used x509 authentication and enable --cisco-quirks , maybe I made a
wrong certs or wrong conf,
can you guys give me some advices? Thanks.
Bests,
-Kalaj
Kalaj wrote:
just want to use Cisco VPN client to connect Strongswan but failed.
Used x509 authentication and enable --cisco-quirks , maybe I made a
wrong certs or wrong conf,
can you guys give me some advices? Thanks.
Please provide more details that enable troubleshooting: log files and
my ipsec.conf
config setup
crlcheckinterval=180
nat_traversal=yes
charonstart=yes
strictcrlpolicy=no
plutostart=no
conn %default
ikelifetime=60m
keylife=20m
keyexchange=ikev2
rekeymargin=3m
keyingtries=1
Hi,
plutostart=no
keyexchange=ikev2
I'm not aware of any Cisco VPN client that speaks IKEv2. You'll have to
setup pluto and define a IKEv1 connection.
Regards
Martin
___
Users mailing list
Users@lists.strongswan.org
To: Martin Willi
Cc: users@lists.strongswan.org
Subject: Re: [strongSwan] Try to use Cisco VPN client
just try ikev1, but still the same error.
On Wed, Jan 6, 2010 at 11:02 PM, Martin Willi mar...@strongswan.org wrote:
Hi,
plutostart=no
keyexchange=ikev2
I'm not aware of any
[mailto:users-boun...@lists.strongswan.org] On Behalf Of Kalaj
Sent: Wednesday, January 06, 2010 9:09 AM
To: Martin Willi
Cc: users@lists.strongswan.org
Subject: Re: [strongSwan] Try to use Cisco VPN client
just try ikev1, but still the same error.
On Wed, Jan 6, 2010 at 11:02 PM, Martin Willi
Kalaj wrote:
conn %default
ikelifetime=60m
keylife=20m
keyexchange=ikev2
rekeymargin=3m
keyingtries=1
left=167.22.15.11
leftnexthop=167.22.15.1
leftcert=no2.crt
left...@test
leftsourceip=10.3.0.1
Thanks Daniel, here it it.
000 Status of IKEv1 pluto daemon (strongSwan 4.3.6dr5):
000 interface lo/lo ::1:500
000 interface lo/lo 127.0.0.1:4500
000 interface lo/lo 127.0.0.1:500
000 interface eth0/eth0 167.22.15.11:4500
000 interface eth0/eth0 167.22.15.11:500
000 interface eth0/eth0
cisco[3] 218.240.6.69:56131 #3: policy does not allow XAUTHInitRSA
authentication. Attribute OAKLEY_AUTHENTICATION_METHOD
Not sure if that helps, but have a look at:
http://www.strongswan.org/docs/readme4.htm#section_14.6
Try adding
authby=xauthrsasig
xauth=server
-Daniel
add
authby=xauthrsasig
xauth=server
the statusall became like below, but vpn client error, Reason 401: An
unrecognized error occurred while establishing the VPN connection.
000 Status of IKEv1 pluto daemon (strongSwan 4.3.6dr5):
000 interface lo/lo ::1:500
000 interface lo/lo 127.0.0.1:4500
000
I removed user/password pairs in /etc/ipsec.secrets 'cause cisco
vpn client only support x509 authentication... no user/password options.
On Thu, Jan 7, 2010 at 2:35 AM, Daniel Mentz
danielml+mailinglists.strongs...@sent.com wrote:
Kalaj wrote:
cisco[2] 218.240.6.69:49983 #2: peer requested
The following log messages is most relevant:
cisco[5] 218.240.6.69:56413 #5: next payload type of ISAKMP Hash
Payload has an unknown value: 197
I can't tell why the Cisco VPN client sends this type of payload. 197 is
vendor specific. Only the strongSwan developers can help in that
situation.
I use Cisco vpn client 5.0.
On Thu, Jan 7, 2010 at 3:18 AM, Daniel Mentz
danielml+mailinglists.strongs...@sent.com wrote:
The following log messages is most relevant:
cisco[5] 218.240.6.69:56413 #5: next payload type of ISAKMP Hash Payload
has an unknown value: 197
I can't tell why the
13 matches
Mail list logo