Hello Andreas, Yes, that was it. It's still not working completely, but it now seems to me to be an authenication issue with my generated certificates. I will first try to solve this issue myself before crying for help on the mailing list again. ;)
Thanks very much for your help regards, Claude On Thursday 20 May 2010 11:32:33 Andreas Steffen wrote: > Hello Claude, > > I think I found the problem. The IKEv1 pluto daemon does not > support > > left=%any > > You must set > > left=%defaultroute > > since we haven't implemented dynamic determination of the > outbound network interface based on the route yet. > > Regards > > Andreas > > On 20.05.2010 09:30, Claude Tompers wrote: > > Hello Andreas, > > > > I already had 'authby=xauthrsasig' during some previous tests, and I set it > > now again. Sadly no difference. > > The 'modeconfig=push' did not change anything either. > > > > kind regards, > > Claude > > > > > > On Thursday 20 May 2010 09:21:13 Andreas Steffen wrote: > >> Dear Claude, > >> > >> I'm not sure if leftauth|rightout works with IKEv1. > >> Better set > >> > >> authby=xauthrsasig > >> > >> as in our example scenario: > >> > >> http://www.strongswan.org/uml/testresults44/ikev1/xauth-rsa-mode-config/moon.ipsec.conf > >> > >> The Cisco VPN client does not expect Mode Config push mode in > >> conjunction with XAUTH, so omit the modeconfig=push statement. > >> > >> Regards > >> > >> Andreas > >> > >> > >> On 05/20/2010 08:32 AM, Claude Tompers wrote: > >>> Hello, > >>> > >>> I'm trying to get a strongswan VPN server running with a Cisco client. I > >>> have already tried lots of different configurations on the strongswan > >>> side, but I always get the following error : > >>> > >>> /var/log/messages : > >>> > >>> May 20 08:26:12 vpn6-test pluto[9572]: packet from 192.168.3.53:54554: > >>> initial Main Mode message received on 192.168.1.13:500 but no connection > >>> has been authorized with policy=PUBKEY+XAUTHRSASIG+XAUTHSERVER > >>> > >>> Is there anything special to configure ? > >>> > >>> Here's my ipsec.conf: > >>> > >>> # basic configuration > >>> > >>> ca vpnca > >>> cacert=VPNCA-cacert.pem > >>> auto=add > >>> > >>> config setup > >>> plutostart=yes > >>> charonstart=no > >>> charondebug="net 0" > >>> nat_traversal=yes > >>> > >>> # Add connections here. > >>> > >>> conn %default > >>> ike=aes256-sha1-modp1024 > >>> esp=aes256-sha1 > >>> dpdaction=clear > >>> dpddelay=300s > >>> rekey=no > >>> left=%any > >>> leftcert=vpncert.pem > >>> leftid="C=LU, ST=Luxembourg, L=Luxembourg, O=Fondation RESTENA, > >>> OU=IT, CN=vpn6-pub.restena.lu, e=claude.tomp...@restena.lu" > >>> leftauth=pubkey > >>> right=%any > >>> rightsourceip=192.168.120.128/25 > >>> auto=add > >>> > >>> conn cisco-vpn > >>> ikelifetime=60m > >>> keylife=20m > >>> rekeymargin=3m > >>> keyingtries=1 > >>> type=tunnel > >>> pfs=no > >>> modeconfig=push > >>> rightauth=xauthrsasig > >>> xauth=server > >>> > >>> --- > >>> > >>> and my ipsec.secrets: > >>> > >>> : RSA vpncert-key.pem > >>> > >>> : XAUTH claude "verysecretpassword" > >>> > >>> --- > >>> > >>> Thanks in advance for any answers. > >>> > >>> kind regards, > >>> Claude > > ====================================================================== > Andreas Steffen andreas.stef...@strongswan.org > strongSwan - the Linux VPN Solution! www.strongswan.org > Institute for Internet Technologies and Applications > University of Applied Sciences Rapperswil > CH-8640 Rapperswil (Switzerland) > ===========================================================[ITA-HSR]== > -- Claude Tompers Ingénieur réseau et système Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users