yes, true, they are for openswan, my bad. I do not have a hand on the other side. Can't tell
On Fri, Jun 5, 2015 at 7:35 PM, Noel Kuntze <[email protected]> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Hello Alexandre, > > These options don't exist: > leftxauthclient=no > rightxauthserver=no > You described using those in one of your last emails. > What is the config on the other side? > > Mit freundlichen Grüßen/Kind Regards, > Noel Kuntze > > GPG Key ID: 0x63EC6658 > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > > Am 05.06.2015 um 19:29 schrieb Alexandre DEPREZ: > > Randy, > > > > I'll change if there is no other possibilities. > > > > As for the link you gave me, thank you for it. I did a lot of digging in > the documentation I could read. So far, nothing seems to work. > > > > > > Noel, > > > > version 2.0 > > > > config setup > > charonstart=no > > interfaces="%none" > > nat_traversal=no > > > > conn clear > > auto=ignore > > > > conn clear-or-private > > auto=ignore > > > > conn private-or-clear > > auto=ignore > > > > conn private > > auto=ignore > > > > conn block > > auto=ignore > > > > conn packetdefault > > auto=ignore > > > > conn %default > > keyexchange=ikev1 > > > > conn tunnel-1 > > left=a.a.a.a > > right=b.b.b.b > > leftsubnet=10.252.243.128/28 <http://10.252.243.128/28> > > rightsubnet=172.23.149.0/24 <http://172.23.149.0/24> > > leftsourceip=a.a.a.a > > ike=aes256-sha1-modp1024,aes128-sha1-modp1024! > > ikelifetime=86400s > > dpddelay=15s > > dpdtimeout=30s > > dpdaction=restart > > esp=aes256-sha1! > > keylife=3600s > > rekeymargin=540s > > type=tunnel > > authby=secret > > pfs=no > > compress=no > > auto=start > > keyingtries=%forever > > > > > > Also, I didnt get the imaginary configuration option part ? > > > > Thanks > > > > > > > > > > On Fri, Jun 5, 2015 at 7:20 PM, Noel Kuntze <[email protected] > <mailto:[email protected]>> wrote: > > > > > > Hello Alexandre, > > > > Please stop trying to use some imaginary configuration options and stick > to those > > on the man page of ipsec.conf. > > > > What is your complete ipsec.conf? Pay attention to conn %default, if you > have that, > > as it will beqeust its own options to _all_ other conns. > > > > > > > > Mit freundlichen Grüßen/Kind Regards, > > Noel Kuntze > > > > GPG Key ID: 0x63EC6658 > > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > > > > Am 05.06.2015 um 19:07 schrieb Alexandre DEPREZ: > > > Hi Randy, > > > > > I forgot to mention, i'm using this version: > > > > > Linux strongSwan U4.5.2/K3.2.0-4-amd64 > > > > > Here is it : > > > > > conn tunnel-1 > > > left=a.a.a.a > > > right=b.b.b.b > > > leftsubnet=10.252.243.128/28 <http://10.252.243.128/28> < > http://10.252.243.128/28> > > > rightsubnet=172.23.149.0/24 <http://172.23.149.0/24> < > http://172.23.149.0/24> > > > leftsourceip=a.a.a.a > > > ike=aes256-sha1-modp1024,aes128-sha1-modp1024! > > > ikelifetime=86400s > > > dpddelay=15s > > > dpdtimeout=30s > > > dpdaction=restart > > > esp=aes256-sha1! > > > keylife=3600s > > > rekeymargin=540s > > > type=tunnel > > > authby=secret > > > pfs=no > > > compress=no > > > auto=start > > > keyingtries=%forever > > > > > I also tried to use > > > > > leftxauthclient=no > > > rightxauthserver=no > > > > > No changes. > > > > > Thanks > > > > > > > > > > > > > On Fri, Jun 5, 2015 at 7:02 PM, Randy Wyatt <[email protected] > <mailto:[email protected]> <mailto:[email protected] <mailto: > [email protected]>>> wrote: > > > > > Please send a sanitized version of your configuration. xauth > should only be sent if you configured it to be sent. > > > > > On Fri, Jun 5, 2015 at 9:09 AM, Alexandre DEPREZ < > [email protected] <mailto:[email protected]> <mailto:[email protected] > <mailto:[email protected]>>> wrote: > > > > > Hi, > > > > > I'm using strongswan only for L2L VPN. > > > > > It's been some times now, I can not be the initiator of the > VPN because strongswan is always sending an XAUTH option in the phase 1 > establishment. > > > > > When the other side is not configured to receive remote user, > it's working but when it is, I'm receiving L2TP/IPsec or some other remote > access vpn protocols. > > > > > I can not wait for the other side to send me trafic in order > to be the responder. I tried to recompile strongswan removing xauth, but > it's not working. > > > > > Is there any configuration command I can use to force > strongswan not to send XAUTH ? > > > > > Thanks > > > > > Alex > > > > > > > > > > > > > > > _______________________________________________ > > > Users mailing list > > > [email protected] <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]>> > > > https://lists.strongswan.org/mailman/listinfo/users > > > > > > > > > > > -- > > > Randy W. Wyatt > > > [email protected] <mailto:[email protected]> <mailto: > [email protected] <mailto:[email protected]>> > > > Home: 858-309-5303 <tel:858-309-5303> <tel:858-309-5303 <tel: > 858-309-5303>> > > > Cell: 858-598-4421 <tel:858-598-4421> <tel:858-598-4421 <tel: > 858-598-4421>> > > > Fax: 858-408-7554 <tel:858-408-7554> <tel:858-408-7554 <tel: > 858-408-7554>> > > > > > > > > > > > > > _______________________________________________ > > > Users mailing list > > > [email protected] <mailto:[email protected]> > > > https://lists.strongswan.org/mailman/listinfo/users > > > > > > _______________________________________________ > > Users mailing list > > [email protected] <mailto:[email protected]> > > https://lists.strongswan.org/mailman/listinfo/users > > > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQIcBAEBCAAGBQJVcd3FAAoJEDg5KY9j7GZYL74P/j6DkBsYDrRHMnz/GXRf3Zp8 > nh4lP69UwtikWftw0LZFtpXJCrARa/4R3bX7E7vEGnwW5Gt0aTtx4PJEPGffS+Oy > KfDdcivIZhVL8GAGb6USYbpygcvzb1syoGOHj+6GTOVgTykHJr4eLxtCnIpNBXcg > fJexVxkZX6ETI13zXXh9Ysis1B14BSustWAxODuSJf3BbTvjMB+1rdpWsKnx3xR4 > sIVagIAdLeRoShFfCNj37JzfcwufKGqJ8OiyZrkIFR8Xv3JW1BaBMymTyWzy+aGj > WpBXlrLrXhYTftwYZ+CcjxmJMNUs+i+bP3dYZlZFKFyIxlG6WyhHYwd4s5IjzAaX > 6Sh6G7lpJLSSDcT+Wkvi06sLUvf+j8hT1cDyJUwVQkpcQGc6ibqZuAvDE+R+hGHG > 7l4qJri2HU6xOlUmNju+lbkGlQnKkdbqLwIC6WNXD1nvRWBnYgYsUVEzhfdliO2x > +OK8c/RSQAwDTiBi0BkZe1vP1uQ++w7/cB2ydEuHTPNbN37JDYByPop0oB9WRz92 > 4VsfhJ2ZgVptAPi9AEnLWak7ziIJljdFykokpm0Ee4YFfZEEJm8kZjryzcULYTFW > fF9Zgnl6pKOYH5BIzEX0wbkcDkFImtXN3CqjTHmjZraC2RFxkL+DnsjlM8bs9jmu > 7n7QSIDcWhrXQdAOhVuV > =RpI6 > -----END PGP SIGNATURE----- > >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
