Thanks Martin. I had the answer in front of eyes and I did not saw it :-(
Last question then:
On win7, the Microsoft agilevpn client sends a config request for
*Jul 11 11:25:41.485: Config-type: Config-request
*Jul 11 11:25:41.485: Attrib type: ipv4-addr, length: 0
*Jul 11 11:25:41.485: Attrib type: ipv4-dns, length: 0
*Jul 11 11:25:41.485: Attrib type: ipv4-nbns, length: 0
*Jul 11 11:25:41.485: Attrib type: unknown, length: 0
I've added:
I wonder how I could have the strongswan to do enable config pull? I've tried
to add it manually but it did not do it.
conn "cisco"
left=10.1.1.1
right=10.1.1.254
keyexchange=ikev2
ike=3des-sha1-modp1024
esp=aes-sha1
leftauth=eap-mschapv2
leftid=cisco
modeconfig=pull
rightid="CN=10.1.1.254, OU=TAC, O=Cisco, C=BE"
eap_identity=cisco
auto=start
mobike=no
Cheers,
> Subject: Re: [strongSwan] trying to configure strongswan to act like a
> windows7 client
> From: [email protected]
> To: [email protected]
> CC: [email protected]; [email protected]
> Date: Mon, 11 Jul 2011 12:32:42 +0200
>
> Hi Olivier,
>
> > authentication of 'CN=10.1.1.254, OU=TAC, O=Cisco, C=BE' with EAP successful
> > constraint check failed: identity 'C=BE, O=CISCO, OU=TAC, CN=10.1.1.254'
> > required
>
> Your gateway identifies itself as 'CN=10.1.1.254, OU=TAC, O=Cisco,
> C=BE', but your rightid configuration expects 'C=BE, O=CISCO, OU=TAC,
> CN=10.1.1.254'. The order of RDNs in a distinguished name is relevant,
> so please update the rightid parameter accordingly.
>
> Regards
> Martin
>
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
