Project

General

Profile

Issue #3292

Change config to accept connection with username + password (with psk)

Added by Kirti Jain 8 months ago. Updated 8 months ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
configuration
Affected version:
5.8.1
Resolution:

Description

Hi,
I have read and configure strongswan with this article
https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-18-04-2

On client, This one works with username + password + certificate.

I need to change configuration so server can accept client connection with just username + password (with or without psk)

I know this is silly question for experts but I am not a server expert. I own a IOS client lib which works on Ikev2 with username + password (with or without psk).
So I am trying to setup server for same.

My ipsec.conf and ipsec.secrets is identical as mentioned in article. It would be helpful if someone can suggest changes from current state of config.

History

#1 Updated by Tobias Brunner 8 months ago

  • Status changed from New to Feedback

Just skip steps 2 and 3 in that tutorial (creating a custom CA and server certificate) and get the server certificate from a CA the client already trusts (i.e. a commercial one or Let's Encrypt).

#2 Updated by Kirti Jain 8 months ago

Hi,
Thanks for reply, but can't it work without certificate at all. I am exploring option where client can just send username + password.
Or preshared key if not possible with only username and password.

#3 Updated by Tobias Brunner 8 months ago

Thanks for reply, but can't it work without certificate at all. I am exploring option where client can just send username + password.

The client doesn't require a certificate. The server does. The client only has to install a certificate if the server certificate is issued by a certificate authority (CA) the client doesn't know/trust yet.

Also available in: Atom PDF