Bug#1020495: [Pkg-swan-devel] Bug#1020495: Error: unable to load VPN connection editor - on Identity tab at Gnome Network manager VPN

That's because the settings app uses GTK 4, while `nm-connection-editor` still uses GTK 3. In order for the strongSwan plugin to work with GTK 4, it has to be built with `--with-gkt4`. That creates an additional version of the editor that's linked against GTK 4 (besides the one linked against

Bug#1020495: Error: unable to load VPN connection editor - on Identity tab at Gnome Network manager VPN

Hi Patrik, * What was the outcome of this action? With the `nm-connection-editor` you can edit it, but you can not do that via network-manager! That's because the settings app uses GTK 4, while `nm-connection-editor` still uses GTK 3. In order for the strongSwan plugin to work with

Bug#1004166: strongswan-nm: Creates VPN configs that disable using system CA certificate directories

Hi Daniel, Applying any change to any field in the NetworkManager strongswan VPN plugin config will write a text config file with the 'certificate=' line. As I said, I can't reproduce this. I can change whatever in the GUI, no "certificate=" line is added to the config file. Notice the

Bug#1004166: strongswan-nm: Creates VPN configs that disable using system CA certificate directories

Hi Daniel, Removing the blank "certificate=" line from the VPN connection config in /etc/NetworkManager/system-connections/ restores the original behavior. However, modifying the connection config in NetworkManager will again add the blank "certficiate=" line, once again breaking the connection

Bug#941972: strongswan: eap-mschapv2 plugin not loaded

Hi Richard, You either need the md4 plugin, or one of the openssl or gcrypt plugins (which also provide the MD4 algorithm) to use EAP-MSCHAPv2 (there should be error in the log during startup regarding the missing dependency). The openssl plugin is shipped with libstrongswan-standard-plugins,

Bug#927158: strongswan-nm: charon-nm reports no usable smartcard found despite the smartcard working with charon as called by swanctl

Hi Robert, > The contents of /etc/strongswan.d/charon/pkcs11.conf are: > pkcs11 { The contents of that file are not relevant to charon-nm (unless you changed strongswan.conf). Configure the plugin's settings directly in strongswan.conf in the charon-nm.plugins.pkcs11 section (or set them in the

Bug#807057: Incorrect PRF used by tls1_export_keying_material() with TLS 1.2

Package: libssl1.0.0 Version: 1.0.1e-2+deb7u18 When calling tls1_PRF() tls1_export_keying_material() directly passes the value of algorithm2 instead of using ssl_get_algorithm2(), which overrides the default PRF algorithm when TLS 1.2 is used. Therefore, the keying material is actually derived

Bug#718302: strongswan: Enable sqlite and mysql plugins

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm unsure about this, but I'm also unsure what's the difference between the sql plugin and the mysql/sqlite plugins. Is the sql plugin without at least one of the database backends plugins? The sql plugin [1] is a configuration backend based on

Bug#718302: strongswan: Enable sqlite and mysql plugins

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Yves-Alexis, I'm unsure about this, but I'm also unsure what's the difference between the sql plugin and the mysql/sqlite plugins. Is the sql plugin without at least one of the database backends plugins? The sql plugin [1] is a configuration

Bug#718291: strongswan: Enable duplicheck plugin

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Please enable the ‘duplicheck’ plugin. This plugin is a more specialized form of the ‘uniqueids’ feature for detecting duplicate identities. This plugin is marked as stable according to the PluginList¹ wiki and doesn't require any

Bug#703032: strongswan: It totally breaks local network

Hi Vladimir, It may be possible I am only one who encounter this problem, because of very unusual configuration: leftsubnet = 192.168.0.0/24 rightsubnet = 0.0.0.0/0 With this configuration I had a problem in version 4.5 also, but I have solved it by deleting second default

Bug#664873: strongswan-starter: strongswan replaces /etc/resolv.conf instead of adding information

back. Unfortunately, sid is still at 4.5.2 and the patch doesn't apply cleanly against it, so I'll first try to backport it. The attached patch should apply cleanly to 4.5.2. Regards, Tobias From 1ad1c0f41311296d22fa183a7b7cba0b97dc03b3 Mon Sep 17 00:00:00 2001 From: Tobias Brunner tob

Bug#664873: strongswan-starter: strongswan replaces /etc/resolv.conf instead of adding information

Hi Yves-Alexis, thanks for the report. Strongswan, when adding a dns server in /etc/resolv.conf, seems to remove the file and recreate it, thus not preserving the symlink. True, charon adds the received DNS server to a new file with the same name (after opening and unlinking the existing

Bug#665612: strongswan: Including individual glib headers no longer supported

Hi Michael, fixed upstream in [1]. Regards, Tobias [1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=8e066237 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#661524: strongswan: Compatibility for Apple iOS devices

Hi Tony, I cannot use iOS to connect to my server using IKEv1, prompting could not validate server certificate (I have installed both client p12 and CA certificate on the iOS device). This is more likely related to missing subjectAltNames in the gateway certificate. You have to make sure the

Bug#661524: strongswan: Compatibility for Apple iOS devices

Hi Tony, I'm not sure if --enable-cisco-quirks is actually required to support iOS devices. I know our wiki says otherwise, but the page you refer to was written mainly by a user who apparently assumed the client on iOS devices is written by Cisco, which is a common misconception. The fact is,