; fragmented IKE layer exchanges take place ?
>
> Kindly help clarify this query.
> --
> Regards,
> RaviKanth VN Vanapalli
>
>
>
> ___
> Users mailing list
> us...@lists.strongswan.org
> https://list
merate,
> this->online))
> {
> *cert = current;
> -if (auth)
> -{
> -*auth = this->auth;
> -}
> return TRUE;
> }
> this->failed->insert_last(this->failed, curr
somebody told me that Charon doesn’t support that.
>
> 1. is that true?
>
> 2. Why?
>
> 3. If No; will it adversely affect charon if we patch it to do so?
>
>
>
> Regards,
>
> Vishal V. Kotalwar
>
==
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland
ilman/listinfo/users
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
Universi
> ___
> Dev mailing list
> Dev@lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/dev
>
--
==
Andreas Steffen andreas.stef...@strongsw
h=refs/heads/android-chapoly
--
Thanks
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
U
ors curl ldap aes des sha1 sha2 md5 random
x509 revocation constraints pubkey pkcs1 pgp pem openssl fips-prf gmp
agent pkcs11 xcbc hmac ctr ccm gcm attr kernel-netlink resolve
socket-raw farp stroke updown eap-identity eap-aka eap-md5 eap-gtc
eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc dh
/users
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
C
;
> Ciao
> Andi
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640
advance,
Harry
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of
Chan-Maestas wrote:
Hi Andreas,
Thank you for clarification.
So is the "starter" process doing something similar when processing
ipsec.secrets? Basically, I was looking something like
: RSA // [ // | /%prompt/ ]
through VICI.
Harry
On Tue, Jan 5, 2016 at 9:04 PM, Andre
have PASS configuration and result, please forward to us kindly.
Regards,
___
Dev mailing list
Dev@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/dev
--
========
encryption project failed in 2004 was the fact that only few people
and organizations had control over the reverse DNS lookup of their
IP address range.
Best regards
Andreas
======
Andreas Steffen an
s://lists.strongswan.org/mailman/listinfo/dev
--
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies an
Dev mailing list
Dev@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/dev
--
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.st
gt; for this ?
> I have tried strongswan 5.2 from backports. in this setup my tunnel is
> not coming up.
>
> It is bit urgent, your inputs are highly appreciated.
>
> Thanks,
> Jayapal
>
======
Andreas Steffen
parsing failed
> ignore malformed INFORMATIONAL request
> INFORMATIONAL_V1 request with message ID 867435333 processing failed
>
>
> Thanks,
> Jayapal
>
>
> ___
> Users mailing list
> us...@lists.strongswan.org
> https://lists.strongswan.or
un 16, 2016 at 1:20 PM, Andreas Steffen
mailto:andreas.stef...@strongswan.org>> wrote:
Hi Jayapal,
The IKEv1 protocol does not support comma-separated subnets, so your
problem is independent of the strongSwan version. You must set up a
separate connecti
to be enabled for 3des to
> work.
> Can some one suggest me how to enable the des plug in on the setup.
>
> Thanks,
> Jayapal
>
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - t
gin.c
>
> I am finding it difficult to know which module calls this API
> eap_tls_create_peer to initialize EAP TLS peer identity.
>
> Kindly provide any inputs regarding my issue.
>
> Thank you very much.
>
> --
> Regards,
> RaviKanth
====
Make sure both sides are configured to send the strongswan vendor id.
___
Dev mailing list
Dev@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/dev
--
==
Andreas
hich),
the DH-Group only is important when rekeying, because the initial setup of
a CHILD_SA doesn't include a DH exchange, it is only done when rekeying
the CHILD_SA.
--
======
Andreas Steffen
vvnrk.vanapa...@gmail.com <mailto:vvnrk.vanapa...@gmail.com>
>
>
> ___
> Users mailing list
> us...@lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
--
==
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640
e been going through this code for a week. I'm not
able to figure out how these are evaluated.
Any help to understand how these are evaluated?
If there is an internal code that does this parsing, can you point me to
that file?
Thanks
====
t; third party plugins won't build
> without changes.
>
> Is there another solution to this problem?
>
> Kind regards,
> Noel
>
> [1] https://github.com/Thermi/strongswan/tree/plugin-version-check
> [2] https://github.com/Thermi/strongswan/
>
--
https://www.bsi.bund.de/DE/Publikationen/TechnischeRichtlinien/technischerichtlinien_node.html
> [3] https://botan.randombit.net/
>
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!
URL, url);
*first = FALSE;
}
else
{
DBG1(DBG_IKE, "received hash-and-url for issuer cert \"%s\"", url);
auth->add(auth, AUTH_HELPER_IM_HASH_URL, url);
}
}
}
Thanks and Regards,
Ravi
--
==
Andreas St
>
>
> On Thu, Jan 4, 2018 at 5:49 PM, Ravikumar Chennaparapu
> mailto:ravikumar@gmail.com>> wrote:
>
> Hi Andreas,
>
> Thanks for the quick reply.
>
> Could you point out the code where peer remote cert validation
> happens for CER
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Networked Solutions
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland
nnel with empty ("") PSK value used in
> ipsec.secrets file on both peers. Is this expected? Please clarify.
>
> Regards,
> Pavan M
==========
Andreas Steffen andreas.stef...@strongswan.org
s
this in to the overall build process or
>> building it outside of the strongswan build. Pros/cons. Also, tips on
>> doing this in a way that simplifies migration to future strongswan updates
>> would be very helpful.
>>
>>
>>
>> Thanks in advance for a
.
>
>
>
> thanks
>
> -Aaron
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied
r/log/secure.
>
> Anything I missed?
>
> --Aaron
>
> -Original Message-
> From: Andreas Steffen [mailto:andreas.stef...@strongswan.org]
> Sent: 2010年3月31日 13:05
> To: Aaron Zhang
> Cc: dev@lists.strongswan.org
> Subject: Re: [strongSwan-dev] How t
setup" section of
> ipsec.conf.
> And I input the command
>
> ipsec restart
>
> I believe this command will restart the Charon daemon. But there are not any
> result.
> I doubt I should load some plugins?
>
>
> --Aaron
>
> -Original
at this is and will
> submit a second patch very soon.
>
> Let me know if this patch looks ok.
> Thanks!
>
> regards,
> Joy
Best regards
Andreas
==
Andreas Steffen andreas.stef...
PCOMP_SUPPORTED},
>> {NOTIFY,
>> USE_TRANSPORT_MODE},
>> {NOTIFY,
>> ESP_TFC_PADDING_NOT_SUPPORTED},
>> {NOTIFY,
:30
> *À :* dev@lists.strongswan.org <mailto:dev@lists.strongswan.org>
> *Objet :* [strongSwan-dev] development
>
> Hi,
>
> I am interested in the strongswan development work. Where i can find
> more information on that.
>
> thanks
> sures
e documentation for pluto?
> thansk
> suresh
>
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technol
.0 release is the beginning of May.
Best regards from the strongSwan team
Andreas Steffen, Tobias Brunner & Martin Willi
======
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linu
ting the error:
>
>"unable to parse input key."
>
> The same occurs when I try scripts/key2keyid.
>
> My question is, how do I determine which key ID should be placed in
> the SQL statements?
>
--
===
Hmmm, it seems as if some libstrongswan plugins are missing.
ipsec pki --keyid with RSA keys requires either
sha1 gmp pkcs1 pem x509
or
openssl pkcs1 pem x509
Regards
Andreas
On 04.05.2010 16:35, J. Tang wrote:
> Andreas Steffen writes:
>> But you can compute the k
gt;
> On a side note, 4.4.0 is missing as version option on the wiki so I did
> not create an issue there as I could not link the issue to the right
> version.
>
> kind regards,
>
> Jan Willem Beusink
==
Andreas Steffen
project
quota of e-tickets away on a first-come, first-served basis.
Best regards
Andreas
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
d0eae22ebbc'
>);
>
> which is the subjectPublicKeyInfo hash.
>
> Why does one SQL file use one value, while the other uses the other?
> If I were writing my own SQL statements, how would I know which one I
> should insert?
>
--
==
eed to modify
> starter/keywords.[c|h|txt] or do I also need to change the starter code
> itself?
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.st
ngswan.conf to always flush?
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8
to keywords.txt so
that your problem with patches and gperf goes away. If your
additions are of general interest we might integrate them into
the strongSwan main stream.
Best regards
Andreas
On 20.05.2010 13:25, Jan Willem Beusink wrote:
> Andreas Steffen wrote:
>> You must add the new k
27;t supposed to go to this list. Anyway, here's the translation
> for all non German speakers:
>
>This patch adds the XAUTH username to the updown script environment. Is
>could be interesting for the general public and would fit well into the
> 4.4.1 changese
Found it:
http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=52ee8131561e2fb2c1ea4ea9e8e55a291a7d4c0c
Andreas
On 06/08/2010 12:14 PM, Heiko Hund wrote:
> On Tuesday 08 June 2010 11:53:54 Andreas Steffen wrote:
>> can you tell me where this hunk is supposed to fit in?
>>
Yes, this was intentional (because of the last call for my flight
to LinuxTag in Berlin ;-)). There will be a second patch with the
kernel.c changes.
Regards
Andreas
On 06/08/2010 02:23 PM, Heiko Hund wrote:
> On Tuesday 08 June 2010 12:19:00 Andreas Steffen wrote:
>> http://git.stron
.
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland
Here is the final announcement for the workshop:
http://www.linuxtag.org/2010/de/program/freies-vortragsprogramm/vortragsliste.html?talkid=643
See you in Berlin
Andreas
==
Andreas Steffen andreas.stef
ivate.der> test.der
> $ pki --print --in test.der | grep AA
>
> No mention of the AA flag is made. The cert is identical to a cert
> without the AA flag specified.
>
> ___
> Dev mailing list
> Dev@lists.s
x509_ac::issued_by produces
> incorrect results for an X.509 cert that has been manually loaded:
>
> if (!(x509->get_flags(x509)& X509_AA))
> {
> return FALSE;
> }
>
> the code can be found in libstrongswan/plugins/x509/x509_ac.c line 739.
>
> On Wed, Jun 23
for the “PRF” and the “ID”, so do
> you have any idea that how we can configure these parameters? Or is
> there any document where we can find out some complete description of
> the configuration?
>
>
>
> Thank you
>
>
>
> Orange Labs
>
> Equip MAPS/
gt;
> One forum posting I saw claimed that I need to specify the hex value of
> the tunnel group name ala...
>
> left...@#
>
> ...but this doesn't solve the problem. What's the correct solution for
> this? How do I get StrongSwan to use the 'leftid' value a
blic key properly. Might there be a
> DER problem, should I try PEM (it seems unlikely, I know)?
>
>
> Bill
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Ins
et-2.6.git;a=commitdiff;h=44b451f1633896de15d2d52e1a2bd462e80b7814
Best regards
Andreas
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
I
aq sha2 md5 hmac pem x509 gmp random pubkey
> }
>
> ...and 'ipsec statusall' also reports that gmp is loaded. I actually had this
> in place before I discovered the public key parsing issue. What else might I
> have wrong?
>
>
> Bill
>
> -Origin
riginal Message-----
> From: Andreas Steffen [mailto:andreas.stef...@strongswan.org]
> Sent: Fri 7/2/2010 11:52 PM
> To: William Bloom
> Cc: dev@lists.strongswan.org
> Subject: Re: [strongSwan-dev] Pluto Fails to Parse Cert
>
> Hello Bill,
>
> pluto chokes when trying to
et(&req, 0, sizeof(req));
> req.ifr_ifindex = iface_idx;
> if (ioctl(fd, SIOCGIFNAME, &req) < 0 ||
> ioctl(fd, SIOCGIFADDR, &req) < 0)
--
===
is
> no SA anymore, so if I launch ipsec up again, the SA comes back.
> My OS is linux 10.04 for both server and the client, so do you have any
> idea about this problem? Thanks~
>
> YOU Wei
>
==========
Andreas Steffen
>
> Best regards, Vladimir
>
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rappe
feature that might
> appear in a future release?
>
>
> Bill
>
======
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Instit
KEv2.
http://wiki.strongswan.org/projects/strongswan/wiki/CipherSuiteExamples
Please test the new features and give us feedback!
The strongSwan Team:
Tobias Brunner, Martin Willi and Andreas Steffen
===
er of strongswan.conf
options we have updated the following table:
http://wiki.strongswan.org/projects/strongswan/wiki/StrongswanConf
Kind regards
Andreas
==
Andreas Steffen andreas.stef...@strongswan.org
stron
ertificate will then be known together with the old one,
so that you can now issue new certificates signed by the new CA
and introduce them using step 1)
> Could you please answer the above questions when you have time.
>
>
> Thanks, Ranjit.
>
Regards
Andreas
ubnet=10.0.1.244/32,10.0.2.244/32 <http://10.0.1.244/32,10.0.2.244/32>
> #leftallowany=yes
>
> #leftsubnet=10.0.0.0/8 <http://10.0.0.0/8>
> left...@moon
> leftcert=moonCert.der
> right=10.1.2.244
> right...@sun
> rightcert=sunCert.der
DBG1(DBG_IKE, "received %N
> notify error",
>notify_type_names,
> type);
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux
tions
that you might encounter.
Best regards
Andreas Steffen, Tobias Brunner, Martin Willi
The strongSwan Team
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!
?
>
> Greetings and thanks.
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applicatio
6g05l
> T9W3nuZFLUZ8C5fFASlWoYxC7/W+iIo=
>
>
>
> === Suggestion: ===
> I don't know if it's the plugin or strongswan itself, but I find it strange
> that strongswan cannot handle this. I was thinking that a simple fix could
> be applied to master? For example tha
ar the rule which limits the src port to 500.
>
> I've poured over the source with grep etc and got no where.
>
> Many thanks
>
> John
==========
Andreas Steffen andreas.stef...@strongswan
ation of CRL and OCSP URIs using the new
"certificate_authorities" and "certificate_distribution_points"
tables:
http://www.strongswan.org/uml/testresults45dr/sql/multi-level-ca/moon.ipsec.sql
Kind regards
Andreas Steffen
===========
)
> */
> myport = pluto_port;
> hisport = pluto_port;
> }
>
> However, ports are then checked again in find_host_pair_connections() when
> find_host_pair() [in pluto/connections.c] returns back to
> find_host_pair_connections().
>
have a look at the new feature and give us a feedback!
ETA for the stable 4.5.1 release is 1-2 weeks.
Best regards
Tobias Brunner, Martin Willi & Andreas Steffen
The strongSwan Team
==========
Andreas Steffen
ndroid phone.
>
> Best regards.
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
Uni
Hi Ido,
On 16.02.2011 09:52, Goshen, Ido (Ido) wrote:
> Hi,
>
> I understand StrongSWAN doesn’t support AGGRESSIVE-MODE (AM) on purpose
> as it is less secure.
>
> From StrongSWAN FAQ:
>
> “*Q:* /Does strongSwan support IKEv1 Aggressive Mode?/
>
> *A:* Quote
>
> Regards,
> Ansis
>
> ___
> Dev mailing list
> Dev@lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/dev
--
==
Andreas Steffen
wondering if this by any
> chance could have been already implemented in StrongSwan+NETKEY?
> Because for inbound ESP traffic the packet does not need to be marked
> beforehand just to decapsulate it, right?
>
> Regards,
> Ansis
>
> On Mon, Mar 14, 2011 at 9:49 PM, Andreas
>
>
> Thanks
>
> --Aaron
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applicati
nge=ikev2
>
> conn test
>
>ike=aes128-sha256-ecp224
>
>esp=3des-sha1-ecp256
>
> left=10.103.49.148
>
> leftid=10.103.49.148
>
>leftsubnet=192.168.169.0/24
>
>right=10.103.49.142
>
>r
ve_name”.
>
>
>
> So there may be some link issue for openssl lib. I built the OpenSSL 1.0
> by myself. Is it possible the lib is in the wrong place??
>
>
>
> Thanks
>
> --Aaron
>
>
>
> -Original Message-
> From: Andreas
it.strongswan.org/?p=strongswan.git;a=commitdiff;h=80dca77a
>> [2]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=13d72e90
>> [3]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=ce9352b3
==
Andreas Steffe
09[ENC] generating INFORMATIONAL request 3 [ N(UPD_SA_ADDR)
> N(NATD_S_IP) N(NATD_D_IP) N(COOKIE2) ]
> 09[NET] sending packet: from 192.168.100.21[4500] to
> 192.168.100.10[4500]
> 15[NET] received packet: from 192.168.100.10[4500] to
> 192.168.100.21[4500]
>
in about 10 days.
Kind regards
Andreas
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
Univ
rom ipsec-tools to
> monitor and/or manipulate the kernel’s SPD/SAD or it’s all done
> programmatically via hydra (netlink plugin in my case)?
>
> Thanx,
>
> -Ido
>
==
Andreas Steffen
o it is more specific
> than "Re: Contents of Dev digest..."
>
>
> Today's Topics:
>
>1. kernel SPD/SAD tool (Goshen, Ido (Ido))
>2. Re: kernel SPD/SAD tool (Andreas Steffen)
>
>
> -
v2/net2net-esn/
Please test the release candidate and give us a feedback.
ETA for the stable 4.5.3 release is end of July.
Kind regards
Andreas
======
Andreas Steffen andreas.stef...@strongswan.org
strongSwan -
Hello Daniel,
On 22.07.2011 17:56, Daniel Mentz wrote:
> Dear strongSwan team,
>
> thanks for the great work. I have some comments regarding the following
> change:
>
> On 07/19/2011 01:00 AM, Andreas Steffen wrote:
>> PASS and DROP shunt policie
d (I don't
> think I *have* to have strongswan on the android), and would like to see
> how feasible it is.
>
> Thanks1
==========
Andreas Steffen andreas.stef...@strongswan.or
we need to
> go "deeper" by getting the value from automake/configure ?
>
> Riaan
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!ww
pd for the server, both in their
> default configuration.
> Client is a fedora 15 lovelock, with linux 2.6.39
> Server is an Ubuntu server 10.04, with linux 2.6.39
>
> Regards,
>
> --
> Gabriel Ganne
==
An
ld like to have a confirm
> (reject in case of error) on both sender and receiver so that we can
> complete our state machine.
>
>
>
> Regards,
>
> Salil
==
Andreas Steffen and
I
> understand that plugin dependency is important, so my second question is
> whether ipsec statusall command prints loaded plugins in their load order?
>
> Thanks,
> Stefan
==========
Andreas Steffen
disable-md5 are set?
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapp
t;
> @Andreas, @Martin: What are your thoughts on this?
>
> Regards,
> Tobias
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies
rtificates just
> based on diffhellman exchange and nonces.
>
>
>
> Can pls anyone tell us how to achieve this?
>
>
>
> Regards
>
> Poonam
>
==========
Andreas Steffen an
1 - 100 of 138 matches
Mail list logo