-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello Alexandre,
Please stop trying to use some imaginary configuration options and stick to those on the man page of ipsec.conf. What is your complete ipsec.conf? Pay attention to conn %default, if you have that, as it will beqeust its own options to _all_ other conns. Mit freundlichen Grüßen/Kind Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 Am 05.06.2015 um 19:07 schrieb Alexandre DEPREZ: > Hi Randy, > > I forgot to mention, i'm using this version: > > Linux strongSwan U4.5.2/K3.2.0-4-amd64 > > Here is it : > > conn tunnel-1 > left=a.a.a.a > right=b.b.b.b > leftsubnet=10.252.243.128/28 <http://10.252.243.128/28> > rightsubnet=172.23.149.0/24 <http://172.23.149.0/24> > leftsourceip=a.a.a.a > ike=aes256-sha1-modp1024,aes128-sha1-modp1024! > ikelifetime=86400s > dpddelay=15s > dpdtimeout=30s > dpdaction=restart > esp=aes256-sha1! > keylife=3600s > rekeymargin=540s > type=tunnel > authby=secret > pfs=no > compress=no > auto=start > keyingtries=%forever > > I also tried to use > > leftxauthclient=no > rightxauthserver=no > > No changes. > > Thanks > > > > > > On Fri, Jun 5, 2015 at 7:02 PM, Randy Wyatt <[email protected] > <mailto:[email protected]>> wrote: > > Please send a sanitized version of your configuration. xauth should only > be sent if you configured it to be sent. > > On Fri, Jun 5, 2015 at 9:09 AM, Alexandre DEPREZ <[email protected] > <mailto:[email protected]>> wrote: > > Hi, > > I'm using strongswan only for L2L VPN. > > It's been some times now, I can not be the initiator of the VPN > because strongswan is always sending an XAUTH option in the phase 1 > establishment. > > When the other side is not configured to receive remote user, it's > working but when it is, I'm receiving L2TP/IPsec or some other remote access > vpn protocols. > > I can not wait for the other side to send me trafic in order to be > the responder. I tried to recompile strongswan removing xauth, but it's not > working. > > Is there any configuration command I can use to force strongswan not > to send XAUTH ? > > Thanks > > Alex > > > > > > > _______________________________________________ > Users mailing list > [email protected] <mailto:[email protected]> > https://lists.strongswan.org/mailman/listinfo/users > > > > > -- > Randy W. Wyatt > [email protected] <mailto:[email protected]> > Home: 858-309-5303 <tel:858-309-5303> > Cell: 858-598-4421 <tel:858-598-4421> > Fax: 858-408-7554 <tel:858-408-7554> > > > > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVcdpuAAoJEDg5KY9j7GZYAiQP+QHal5QcmqYAJjujqR9K4/NC cFc/Z534PtAp6nie8FD3oD5h1445eSgCQTmZk5eIr05dJJbnvljEk8T7Mbz7n2gX MMqkhhPMTQ8Avh5inwYRrYy+IcFMxpzC/8cIGVh+y+rXB4At0PkyXe2BRBI6yHFD tqf4ICjH6igJB4/K7iUM7sbCPmONhY9gw0s0PpVCCTNfbthXJT8rUvUOZGIjH7ij kLpQg6qur1uRydjCf+sEc1IwvtqQn/yqEylyq7m6ZvKLniv2HcZXnCpx/4fx5+9I Js7Z0kY5LOkxbCBXovdGMq2hiWtaT79OOq6SDX13Y35Qzg35E8kCHPzr9ZKoWwPl MxfC118jGldQunFUKKkxCfFbs3Wk2zKuL7Jim69Rt5ZUkG7AcurjpxtKSai0Ykx7 NtSzw/HHSJSP7BtTlvqSlPObvYwToCGrCpulBicQpILCSRh7z5Bfs4c0QqYORAFL fEqPI1DIkc6eouOQlVq0xyRyrWWsEHdp925IFYwUMtv84weznCjgTFxu0lMn0Qfu h0xRPnMbgyV+9cl0ep7vLIlXfA0wj/2q2YYS4YDZzeGT4xrHFBBdgdBmpr+zmyBS UG68nxM9WBPZA8cPitBVJvoqVOIqaSqPgkhMOXr4HRBDNfUwmAFgP54UUPog/FeG yxdpnj70XGOy/vOvV72e =R3S5 -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
