I have not tested the configuration in swanctl.conf yet, but my goal is to
move away from configuration files so I can dynamically add/remove
connections remotely. I will add it in to see if perhaps my dictionary has
a syntax issue.

The output of `ipsec statusall`:

test:  %any...%any  IKEv1/2
test:   local:  [xxxxx.amazonaws.com] uses public key authentication
test:    cert:  "C=US, O=xxxxx, CN=xxxxxx.amazonaws.com"
test:   remote: uses XAuth authentication: any
test:   remote: [C=US, O=xxxxxx, CN=test] uses public key authentication
test:   child:  31.13.69.80/32 === dynamic TUNNEL

I have loaded in the serverCert/key and caCert/key using the vici commands
as well. All returned a successfull completion message and are listed in
`ipsec listcerts`.
Additionally I loaded in a value for the xAuth connection.

Best,

Sam

On Wed, Feb 25, 2015 at 11:49 AM, Martin Willi <[email protected]>
wrote:

> Hi,
>
> > I have attempted to create the same configuration using a call to the
> VICI
> > with this dictionary:
>
> Have you tried to configure that in swanctl.conf to avoid any problems
> with your "dictionary"? Here such an XAuth configuration works fine when
> defined in swanctl.conf.
>
> > This keeps returning this error: `1 config found, none that allow
> > xAuthInitRSA using MainMode`
>
> Not sure what exactly goes on. Can you confirm the the connection has
> been successfully loaded. What's the output of "ipsec statusall" (or
> "swanctl --list-conns")?
>
> >                 'vips' : ['10.0.0.5'],
>
> This is probably not what you want, "vips" requests a virtual IP. Use
> the "pools" keyword and the appropriate "pools" section to define
> virtual IP pools, refer to swanctl.conf(5) for details. This is probably
> not the root cause of your issue, though.
>
> Regards
> Martin
>
>
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to