Home / server / Questions / 1080312
In Process
Pavan Kumar
Asked: 2021-10-13 05:26:54 +0800 CST

how to allow ipsec connection only with pre shared key authentication and rest of connections should be rejected

  • 772

l2tpd configuration file :

remote access vpn configuration conn L2TP-PSK authby=psk pfs=no rekey=no keyingtries=3 keyexchange=ikev1 forceencaps=yes leftfirewall=yes leftnexthop=%defaultroute type=transport

    # ----------------------------------------------------------
    # The VPN server.
    #
    # Allow incoming connections on the external network interface.
    # If you want to use a different interface or if there is no
    # defaultroute, you can use:   left=your.ip.addr.ess
    #
left=10.102.222.125
    #
leftprotoport=17/1701
    # If you insist on supporting non-updated Windows clients,
    # you can use:    leftprotoport=17/%any
    #
    # ----------------------------------------------------------
    # The remote user(s).
    #
    # Allow incoming connections only from this IP address.
right=%any
    # If you want to allow multiple connections from any IP address,
    # you can use:    right=%any
    #
rightprotoport=17/%any
    #
    # ----------------------------------------------------------
    # Change 'ignore' to 'add' to enable this configuration.
    #
rightsubnetwithin=0.0.0.0/0
auto=add

Client was able to connect to server without any preshared key at client side instead it was able to L2TP/Ipsec with Certificate .

how to block connection with L2tp/Ipsec with certificate at server side and allow only L2tp/Ipsec with pre shared key

Strongswan version 5.7 , windows os [client]: 10

iptables ipsec l2tp strongswan ikev1

0 Answers