Hi Olivier, try the new notation
leftauth=psk rightauth=psk leftauth2=xauth and a certificate request should not be sent. If it is still the case then this must be fixed. In that case try as a workaround rightsendcert=no Regards Andreas On 07/06/2012 05:29 PM, Olivier PELERIN wrote: > Playing around on Strongswan, I try to connect an easyvpn client to an > easyvpn server. > > > I see strongswan sending a cert-req in the first packet of Aggressive mode. > *Jul 6 15:26:38.265: ISAKMP: Aggressive Mode packet contents (flags 0, > len 426): > *Jul 6 15:26:38.265: SA payload > *Jul 6 15:26:38.265: PROPOSAL > *Jul 6 15:26:38.265: TRANSFORM > *Jul 6 15:26:38.265: TRANSFORM > *Jul 6 15:26:38.265: KE payload > *Jul 6 15:26:38.265: NONCE payload > *Jul 6 15:26:38.265: ID payload > *Jul 6 15:26:38.265: ID_KEY_ID <ezvpn> port 0 protocol 0 > *Jul 6 15:26:38.265: CERT-REQ payload > *Jul 6 15:26:38.265: VENDOR payload > *Jul 6 15:26:38.265: VENDOR payload > *Jul 6 15:26:38.265: VENDOR payload > > > How can I disable that? > > # Add con:wnections here. > conn "ezvpn" > keyexchange=ikev1 > ikelifetime=1440m > keylife=60m > aggressive=yes > ike=aes-sha-modp1024 > esp=aes128-sha1 > xauth=client > left=1.1.1.1 > leftid=@#65:7a:76:70:6e:1f > leftsourceip=%config > authby=xauthpsk > leftauth2=xauth > right=10.1.1.254 > rightid=10.1.1.254 > rightsubnet=0.0.0.0/0 > xauth_identity=cisco_user > auto=add ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
