I have not tested the configuration in swanctl.conf yet, but my goal is to move away from configuration files so I can dynamically add/remove connections remotely. I will add it in to see if perhaps my dictionary has a syntax issue.
The output of `ipsec statusall`: test: %any...%any IKEv1/2 test: local: [xxxxx.amazonaws.com] uses public key authentication test: cert: "C=US, O=xxxxx, CN=xxxxxx.amazonaws.com" test: remote: uses XAuth authentication: any test: remote: [C=US, O=xxxxxx, CN=test] uses public key authentication test: child: 31.13.69.80/32 === dynamic TUNNEL I have loaded in the serverCert/key and caCert/key using the vici commands as well. All returned a successfull completion message and are listed in `ipsec listcerts`. Additionally I loaded in a value for the xAuth connection. Best, Sam On Wed, Feb 25, 2015 at 11:49 AM, Martin Willi <[email protected]> wrote: > Hi, > > > I have attempted to create the same configuration using a call to the > VICI > > with this dictionary: > > Have you tried to configure that in swanctl.conf to avoid any problems > with your "dictionary"? Here such an XAuth configuration works fine when > defined in swanctl.conf. > > > This keeps returning this error: `1 config found, none that allow > > xAuthInitRSA using MainMode` > > Not sure what exactly goes on. Can you confirm the the connection has > been successfully loaded. What's the output of "ipsec statusall" (or > "swanctl --list-conns")? > > > 'vips' : ['10.0.0.5'], > > This is probably not what you want, "vips" requests a virtual IP. Use > the "pools" keyword and the appropriate "pools" section to define > virtual IP pools, refer to swanctl.conf(5) for details. This is probably > not the root cause of your issue, though. > > Regards > Martin > >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
