Playing around on Strongswan, I try to connect an easyvpn client to an easyvpn
server.
I see strongswan sending a cert-req in the first packet of Aggressive mode.
*Jul 6 15:26:38.265: ISAKMP: Aggressive Mode packet contents (flags 0, len
426):
*Jul 6 15:26:38.265: SA payload
*Jul 6 15:26:38.265: PROPOSAL
*Jul 6 15:26:38.265: TRANSFORM
*Jul 6 15:26:38.265: TRANSFORM
*Jul 6 15:26:38.265: KE payload
*Jul 6 15:26:38.265: NONCE payload
*Jul 6 15:26:38.265: ID payload
*Jul 6 15:26:38.265: ID_KEY_ID <ezvpn> port 0 protocol 0
*Jul 6 15:26:38.265: CERT-REQ payload
*Jul 6 15:26:38.265: VENDOR payload
*Jul 6 15:26:38.265: VENDOR payload
*Jul 6 15:26:38.265: VENDOR payload
How can I disable that?
# Add con:wnections here.
conn "ezvpn"
keyexchange=ikev1
ikelifetime=1440m
keylife=60m
aggressive=yes
ike=aes-sha-modp1024
esp=aes128-sha1
xauth=client
left=1.1.1.1
leftid=@#65:7a:76:70:6e:1f
leftsourceip=%config
authby=xauthpsk
leftauth2=xauth
right=10.1.1.254
rightid=10.1.1.254
rightsubnet=0.0.0.0/0
xauth_identity=cisco_user
auto=add
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
