The
ipsec.secrets
file is usually
found in the
/etc
folder.
Use the strongSwan
client username as the certificate’s common name.
Modify the
following items in the
ipsec.conf
file to these
recommended settings.
conn <connection name>
keyexchange=ikev1
authby=rsasig
ike=aes-sha1-modp1024,aes256
left=<strongSwan/Linux-client-IP-address>
leftcert=<client certificate with the strongSwan client username used as the certificate’s common name>
leftsourceip=%config
leftauth2=xauth
right=<GlobalProtect-Gateway-IP-address>
rightid=“CN=<Subject-name-of-gateway-certificate>”
rightsubnet=0.0.0.0/0
auto=add
Modify the following items in the
ipsec.conf
file
to these recommended settings.
:RSA
<private key file> “<passphrase if used>”