Show pagesourceOld revisionsBacklinksAdd to bookExport to PDFODT exportBack to top Share via Share via... Twitter LinkedIn Facebook Pinterest Telegram WhatsApp Yammer Reddit TeamsRecent ChangesSend via e-MailPrintPermalink × Book Creator Add this page to your book Book Creator Remove this page from your book Manage book(0 page(s)) Help Ipsec PSK with XAuth authentication The usage of this method with aggressive mode (ipsecIdentifier not empty) is discouraged: see the StrongSwan Documents This article describes a configuration of a roadwarrior scenario, where a d-200 phone connects to a COMmander 6000 via a strongswan VPN Server. The strongswan configuration is based on the following document. In our example, the d-200 is located in the 192.168.1.0/24 subnet. The pbx is located in the 192.168.21.0/24 subnet. The Strongswan server uses the ip 192.168.1.239 After configuring your VPN tunnel, you need to specify the interfaceType in your identity configuration ipsec.conf # ipsec.conf - strongSwan IPsec configuration file # basic configuration config setup conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 keyexchange=ikev1 conn rw left=192.168.1.239 leftid=@192.168.1.239 leftsubnet=192.168.21.0/24 leftauth=psk leftfirewall=yes right=%any rightauth=psk rightauth2=xauth rightsourceip=192.168.1.0/24 auto=add ike="aes256-sha384-modp1024" /etc/ipsec.secrets # This file holds shared secrets or RSA private keys for authentication. # RSA private key for this host, authenticating it to any other host # which knows the public part. 192.168.1.239 %any : PSK "superSecretPreSharedKey" theUserName : XAUTH "secretXauthPassword" Troubleshooting: be sure that the server has ip forward enabled. If a NAT is used, the Phone will require a STUN Server to correctly setup a RTP Connection. configurationXauthPSK.xml <?xml version="1.0" encoding="utf-8"?> <configuration> <network> <vpn> <active>true</active> <vpnType>IpsecXauthPSK</vpnType> <name>VPN name</name> <server>192.168.21.100</server> <username>theUserName</username> <password>secretXauthPassword</password> <routes>192.168.21.0/24</routes> <dnsServers>192.168.21.44</dnsServers> <searchDomains></searchDomains> <!-- ipsecIdentifier has to be empty - aggressive mode is used when filled. (certain servers e.g. strongswan won't allow aggressive mode clients. ) --> <ipsecIdentifier></ipsecIdentifier> <ipsecSecret>superSecretPreSharedKey</ipsecSecret> </vpn> </network> <identities> <identity> <active>true</active> <displayname>COMmander 6000</displayname> <username>70</username> <host>192.168.1.239</host> <password>AccountPassword</password> <frameSize>20</frameSize> <audiocodecs> <audiocodec>G.722</audiocodec> <audiocodec>G.711</audiocodec> </audiocodecs> <clir>displayAnonymous</clir> <localmoh>false</localmoh> <secureConnection>false</secureConnection> <srtp>disabled</srtp> <ipVersion>IpV4</ipVersion> <checkHostname>true</checkHostname> <pickupCode>##06</pickupCode> <interfaceType>vpn</interfaceType> </identity> <identity> <active>false</active> </identity> <identity> <active>false</active> </identity> <identity> <active>false</active> </identity> <identity> <active>false</active> </identity> <identity> <active>false</active> </identity> </identities> </configuration> The identity specifies the networkType vpn and the registration is performed after the tunnel has been connected. en/products/comfortel-d-series/developer/vpn/ipsecxauthpsk.txt Last modified: 22.03.2022 13:52by hoehne