On Thu, 7 Aug 2014, Gareth Williams wrote:
which I got from:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html
(para 4.7.8)
On NetworkManager's openSwan config, I've got the defaults, with the addition
of:
Gateway = <my server's hostname>
Group Name = <I don't know what goes here, but I have to put something>
That is a likely sign it does not support RSA/certificate authentication.
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
method=draft-ietf-ipsec-nat-t-ike-02/03, because port floating is off
Why is your NAT-T partially disabled?
Aug 07 06:53:03 <my FQDN> pluto[11098]: packet from x.y.77.197:500: initial
Aggressive Mode message from x.y.77.197 but no (wildcard) connection has been
configured with policy=PSK+XAUTH+AGGRESSIVE
Am I correct in assuming that the PSK+XAUTH+AGGRESSIVE is what NetworkManager
is trying to connect by? In which case, am I wasting time trying to connect
using X509 certs as per the website?
Probably :(
If someone has some cycles to add GUI support to NetworkManager-libreswan to add
support for RSA/Certs that would be great!
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
