> rightcert=clientCert.pem > rightauth=xauth No need for a right cert, in Hybrid mode the client authenticates with XAuth only.
> hybridrsasig: remote: [C=JP, O=Strongswan, CN=client] uses XAuth > authentication: any Your configuration requires a remote identity "C=JP, O=Strongswan, CN=client", read from the certificate. > Jun 19 17:58:35 13[CFG] looking for HybridInitRSA peer configs > matching 192.168.246.210...192.168.248.101[192.168.248.101] But your client sends "192.168.248.101" as IKE identity. If you remove the rightcert option, you can define a rightid=192.168.248.101, or even rightid=%any. > I will give it a try with a client that used "Hybrid" authentication > without RSA and see if this works. Hybrid mode is only defined with DSS or RSA as responder authentication in [1]. We don't support DSS signatures, and no responder public key authentication at all would be very insecure. Regards Martin [1]http://tools.ietf.org/html/draft-ietf-ipsec-isakmp-hybrid-auth-05 _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
