In cisco vpn client you cannot change encryption settings. It should
negotiate autmatically one of both sides supported methods, but it
does not. I tried also dump traffic and the only thing I see is
request from host and answer no proposal chosen from server. Add log
from cisco vpn client, but I am not sure if it helps.
5 08:59:19.441 07/14/14 Sev=Warning/2 IKE/0xE300009B
Invalid SPI size (PayloadNotify:116)
6 08:59:19.441 07/14/14 Sev=Warning/3 IKE/0xA3000058
Received malformed message or negotiation no longer active (message
id: 0x00000000)
7 08:59:24.927 07/14/14 Sev=Warning/2 IKE/0xA3000062
Attempted incoming connection from 192.168.110.53. Inbound connections
are not allowed.
8 08:59:30.003 07/14/14 Sev=Warning/2 IKE/0xA3000062
Attempted incoming connection from 192.168.110.53. Inbound connections
are not allowed.
9 08:59:35.066 07/14/14 Sev=Warning/2 IKE/0xA3000062
Attempted incoming connection from 192.168.110.53. Inbound connections
are not allowed.
So libreswan do not work with cisco vpn client group authentication. I
will try it with certificates and let you know if it work.
Peter
Citát Paul Wouters <[email protected]>:
On Fri, 11 Jul 2014, [email protected] wrote:
I followed config tutorial
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv1_XAUTH
with small modifications but cisco vpn client forces 1des
encryption which libreswan do not support anymore. Is there any
solution how to get it work with cisco vpn client?
That is a misconfiguration of that client. Please change its
configuration. The Cisco client supports 3DES and most certainly AES.
libreswan will never do 1DES, as it can be broken in hours on a $300
computer.
Everything works like a charm with shrew soft vpn client, but I
want to get it work with cisco vpn client. I would be wery glad for
every idea.
Look for some options to unset "1des" or "des".
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
