The
ipsec.secrets
file is usually
found in the
/etc
folder.
Use the strongSwan
client username as the certificate’s common name.
Configure
the following recommended settings in the
ipsec.conf
file:
conn <connection name>
keyexchange=ikev1
ikelifetime=1440m
keylife=60m
aggressive=yes
ike=aes-sha1-modp1024,aes256
esp=aes-sha1
xauth=client
left=<strongSwan/Linux-client-IP-address>
leftid=@#<hex of Group Name configured in the GlobalProtect gateway>
leftsourceip=%modeconfig
leftauth=psk
rightauth=psk
leftauth2=xauth
right=<gateway-IP-address>
rightsubnet=0.0.0.0/0
xauth_identity=<LDAP username>
auto=add
Configure the following recommended settings
in the
ipsec.secrets
file:
: PSK <Group Password configured in the gateway>
<username> : XAUTH “<user password>”