0

For testing purposes, I want to setup an ipsec tunnel using IKEv1 or v2 (preferably v2) that does not require any authentication - so just using the protocol to agree on the secret-keys of the ipsec tunnel and skipping the authentication. Is such an option even supported by the IKEv1 or v2 protocol? If so, how can I enable that in strongswan (what value do I need to set for leftauth and rightauth to enable this?)

Improve this question

1 Answer 1

Reset to default
1

For IKEv2, there is an extension defined in RFC 7619 that allows establishing IKE SAs in which only one side (similar to TLS) or neither side is authenticated. strongSwan currently does not support this. But you could try Libreswan, where the null authentication method enables it.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .