DH-group for IKE for Linux remote access


#1

Hello, friends!
I want to connect ubuntu as client to VyOS v1.1.8.
On VyOS for L2TP/IPSec connections with NAT-T was created config file:

root@VyOS-1:~# cat /etc/ipsec.d/tunnels/remote-access

Vyatta L2TP VPN Begin

conn remote-access-win-aaa
rightprotoport=17/1701
also=remote-access

conn remote-access-mac-zzz
rightprotoport=17/%any
also=remote-access

conn remote-access
authby=secret
pfs=no
left=x.x.x.x
leftnexthop=x.x.x.x
leftprotoport=17/1701
right=%any
rightsubnet=vhost:%no,%priv
auto=add
ike=aes256-sha1,3des-sha1!
dpddelay=15
dpdtimeout=45
dpdaction=clear
esp=aes256-sha1,3des-sha1!
rekey=no
ikelifetime=3600

Vyatta L2TP VPN End

Ubuntu client try to connect to this server, and I setup in Ubuntu in config file for strongswan IKE and ESP crypto and hash, also without DH-group (for example: aes256-sha1-modp1024)
But commands IPSEC START and IPSEC UP VYOS on Ubuntu client print errors: “configured DH group MODP_NONE not supported”

I want to know: where is script with setting up IKE and ESP? I want to edit commands to creating IKE and ESP for remote-access users.

Thank you for your help!