That's because the settings app uses GTK 4, while `nm-connection-editor`
still uses GTK 3. In order for the strongSwan plugin to work with GTK
4, it has to be built with `--with-gkt4`. That creates an additional
version of the editor that's linked against GTK 4 (besides the one
linked against
Hi Patrik,
* What was the outcome of this action?
With the `nm-connection-editor` you can edit it, but you can not do that
via network-manager!
That's because the settings app uses GTK 4, while `nm-connection-editor`
still uses GTK 3. In order for the strongSwan plugin to work with
Hi Daniel,
Applying any change to any field in the
NetworkManager strongswan VPN plugin config will write a text config
file with the 'certificate=' line.
As I said, I can't reproduce this. I can change whatever in the GUI, no
"certificate=" line is added to the config file.
Notice the
Hi Daniel,
Removing the blank "certificate=" line from the VPN connection config in
/etc/NetworkManager/system-connections/ restores the original behavior.
However, modifying the connection config in NetworkManager will again add
the blank "certficiate=" line, once again breaking the connection
Hi Richard,
You either need the md4 plugin, or one of the openssl or gcrypt plugins
(which also provide the MD4 algorithm) to use EAP-MSCHAPv2 (there should
be error in the log during startup regarding the missing dependency).
The openssl plugin is shipped with libstrongswan-standard-plugins,
Hi Robert,
> The contents of /etc/strongswan.d/charon/pkcs11.conf are:
> pkcs11 {
The contents of that file are not relevant to charon-nm (unless you
changed strongswan.conf). Configure the plugin's settings directly in
strongswan.conf in the charon-nm.plugins.pkcs11 section (or set them in
the
Package: libssl1.0.0
Version: 1.0.1e-2+deb7u18
When calling tls1_PRF() tls1_export_keying_material() directly passes
the value of algorithm2 instead of using ssl_get_algorithm2(), which
overrides the default PRF algorithm when TLS 1.2 is used. Therefore,
the keying material is actually derived
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm unsure about this, but I'm also unsure what's the difference between
the sql plugin and the mysql/sqlite plugins. Is the sql plugin without
at least one of the database backends plugins?
The sql plugin [1] is a configuration backend based on
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Yves-Alexis,
I'm unsure about this, but I'm also unsure what's the difference between
the sql plugin and the mysql/sqlite plugins. Is the sql plugin without
at least one of the database backends plugins?
The sql plugin [1] is a configuration
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Please enable the ‘duplicheck’ plugin. This plugin is a more
specialized form of the ‘uniqueids’ feature for detecting duplicate
identities. This plugin is marked as stable according to the
PluginList¹ wiki and doesn't require any
Hi Vladimir,
It may be possible I am only one who encounter this problem, because of very
unusual configuration:
leftsubnet = 192.168.0.0/24
rightsubnet = 0.0.0.0/0
With this configuration I had a problem in version 4.5 also, but I have solved
it by deleting second default
back.
Unfortunately, sid is still at 4.5.2 and the patch doesn't apply cleanly
against it, so I'll first try to backport it.
The attached patch should apply cleanly to 4.5.2.
Regards,
Tobias
From 1ad1c0f41311296d22fa183a7b7cba0b97dc03b3 Mon Sep 17 00:00:00 2001
From: Tobias Brunner tob
Hi Yves-Alexis,
thanks for the report.
Strongswan, when adding a dns server in /etc/resolv.conf, seems to
remove the file and recreate it, thus not preserving the symlink.
True, charon adds the received DNS server to a new file with the same
name (after opening and unlinking the existing
Hi Michael,
fixed upstream in [1].
Regards,
Tobias
[1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=8e066237
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Hi Tony,
I cannot use iOS to connect to my server using IKEv1, prompting
could not validate server certificate (I have installed both client
p12 and CA certificate on the iOS device).
This is more likely related to missing subjectAltNames in the gateway
certificate. You have to make sure the
Hi Tony,
I'm not sure if --enable-cisco-quirks is actually required to support
iOS devices. I know our wiki says otherwise, but the page you refer to
was written mainly by a user who apparently assumed the client on iOS
devices is written by Cisco, which is a common misconception. The fact
is,
16 matches
Mail list logo