Sorry I am not following, pretty new to this so please be patient and walk me through this. Keeping with left = local and right = remote. The client (left) attempts to initiative an XAuth/RSA, passing its cert (DN C=US, O=BSI, [email protected]) even though my I have leftauth2=xauth that is nor sufficient? Should I set left=xauth ? And for rightid=10.0.11.160, I should set this to the DN? Thanks again for any insight.
________________________________________ Jude Oliver Support 1100 Poydras St. Suite 1230 New Orleans, LA 70163 Main Office: 504-529-8869 [email protected] www.blanchardsystems.com <http://www.blanchardsystems.com/> ----------------------------------------------------- Join Blanchard Systems 2016 Tips and Tricks Training Webinars Check out the Blanchard Systems 2015 FREE monthly Tips & Tricks training webinars. Click Here <http://www.blanchardsystems.com/events/> to view the schedule and register for one of our upcoming events. On 4/18/16, 10:23 AM, "Tobias Brunner" <[email protected]> wrote: >Hi Jude, > >> Any insights into what I am missing in my setup, my hope is that this is >> just some simple newbie mistake I am doing. > >Try reading the log: > >> Apr 18 09:45:42 RH7Standard charon: 12[CFG] looking for XAuthInitRSA >>peer configs matching 10.0.11.200...10.0.11.160[C=US, O=BSI, >>[email protected]] > >The client wants to initiate an XAuth/RSA connection (with its >certificate's subject DN as identity). However, your config specifies: > >> leftauth=psk >> rightauth=psk >> rightauth2=xauth > >That is, you configured XAuth/PSK. You also set: > >> rightid=10.0.11.160 > >Which wouldn't match that subject DN even if the authentication methods >were the same. > >You might want to have a look at [1]. > >Regards, >Tobias > >[1] https://wiki.strongswan.org/projects/strongswan/wiki/IOS_%28Apple%29 > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
