For testing purposes, I want to setup an ipsec tunnel using IKEv1 or v2 (preferably v2) that does not require any authentication - so just using the protocol to agree on the secret-keys of the ipsec tunnel and skipping the authentication.
Is such an option even supported by the IKEv1 or v2 protocol? If so, how can I enable that in strongswan (what value do I need to set for leftauth
and rightauth
to enable this?)
For IKEv2, there is an extension defined in RFC 7619 that allows establishing IKE SAs in which only one side (similar to TLS) or neither side is authenticated. strongSwan currently does not support this. But you could try Libreswan, where the
null
authentication method enables it.