how to allow ipsec connection only with pre shared key authentication and rest of connections should be rejected

Pavan Kumar

2/12/23, 1:26 PM

l2tpd configuration file :

remote access vpn configuration conn L2TP-PSK authby=psk pfs=no rekey=no keyingtries=3 keyexchange=ikev1 forceencaps=yes leftfirewall=yes leftnexthop=%defaultroute type=transport

    # ---------------------------------------------
    # The VPN server.
    #
    # Allow incoming connections on the external network interface.
    # If you want to use a different interface or if there is no
    # defaultroute, you can use:   left=your.ip.addr.ess
    #
left=10.102.222.125
    #
leftprotoport=17/1701
    # If you insist on supporting non-updated Windows clients,
    # you can use:    leftprotoport=17/%any
    #
    # ---------------------------------------------
    # The remote user(s).
    #
    # Allow incoming connections only from this IP address.
right=%any
    # If you want to allow multiple connections from any IP address,
    # you can use:    right=%any
    #
rightprotoport=17/%any
    #
    # ---------------------------------------------
    # Change 'ignore' to 'add' to enable this configuration.
    #
rightsubnetwithin=0.0.0.0/0
auto=add

Client was able to connect to server without any preshared key at client side instead it was able to L2TP/Ipsec with Certificate .

how to block connection with L2tp/Ipsec with certificate at server side and allow only L2tp/Ipsec with pre shared key

Strongswan version 5.7 , windows os [client]: 10

0 + 0

iptables

ipsec

l2tp

strongswan

ikev1

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: how to allow ipsec connection only with pre shared key authentication and rest of connections should be rejected

TH: วิธีอนุญาตการเชื่อมต่อ ipsec เฉพาะกับการตรวจสอบคีย์ที่ใช้ร่วมกันล่วงหน้าและการเชื่อมต่อที่เหลือควรถูกปฏิเสธ

RO: cum să permiteți conexiunea ipsec numai cu autentificarea pre-partajată cu cheie și restul conexiunilor ar trebui să fie respinse

RU: как разрешить соединение ipsec только с аутентификацией с предварительным общим ключом, а остальные соединения должны быть отклонены

VI: cách chỉ cho phép kết nối ipsec với xác thực khóa được chia sẻ trước và phần còn lại của các kết nối sẽ bị từ chối

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.