Re: strongSwan cannot install IPsec policies on OpenBSD

2020-02-21 Thread Stuart Henderson
On 2020-02-20, Peter Müller wrote: > Hello openbsd-misc, > > is anybody out there running strongSwan as an IPsec client for a net-to-net > connection > on an OpenBSD machine? > > If so, I would be very grateful to know which steps are necessary in order to > successfully > route traffic through

Re: strongSwan cannot install IPsec policies on OpenBSD

2020-02-21 Thread Hrvoje Popovski
On 20.2.2020. 18:47, Peter Müller wrote: > Hello openbsd-misc, > > is anybody out there running strongSwan as an IPsec client for a net-to-net > connection > on an OpenBSD machine? > > If so, I would be very grateful to know which steps are necessary in order to > successfully > route traffic

Re: strongSwan cannot install IPsec policies on OpenBSD

2020-02-20 Thread Peter Müller
Hello openbsd-misc, is anybody out there running strongSwan as an IPsec client for a net-to-net connection on an OpenBSD machine? If so, I would be very grateful to know which steps are necessary in order to successfully route traffic through this n2n connection and what your ipsec.conf file

Re: strongSwan cannot install IPsec policies on OpenBSD

2020-02-17 Thread Peter Müller
Hello Stuart, >>> >>> strongSwan's module to install policies to the kernel (kernel-pfkey) does >>> not support OpenBSD without making code changes. Not impossible but hasn't >>> been done. Only their userland setup that works with tun(4) devices >>> (slightly confusingly called kernel-ipsec) is

Re: strongSwan cannot install IPsec policies on OpenBSD

2020-02-16 Thread Stuart Henderson
On 2020/02/16 18:25, Peter Müller wrote: > Hello Stuart, > > thanks for your quick reply. > > > > On 2020-02-14, Peter Müller wrote: > >> Hello openbsd-misc, > >> > >> during some flaws in OpenIKED, I am forced to use strongSwan as an IPsec > >> client on an > >> OpenBSD 6.6 machine. While

Re: strongSwan cannot install IPsec policies on OpenBSD

2020-02-16 Thread Peter Müller
Hello Stuart, thanks for your quick reply. > On 2020-02-14, Peter Müller wrote: >> Hello openbsd-misc, >> >> during some flaws in OpenIKED, I am forced to use strongSwan as an IPsec >> client on an >> OpenBSD 6.6 machine. While establishing an IKE_SA works fine, installing >> policies for

Re: strongSwan cannot install IPsec policies on OpenBSD

2020-02-14 Thread Stuart Henderson
On 2020-02-14, Peter Müller wrote: > Hello openbsd-misc, > > during some flaws in OpenIKED, I am forced to use strongSwan as an IPsec > client on an > OpenBSD 6.6 machine. While establishing an IKE_SA works fine, installing > policies for CHILD_SA > fails (as expected): > >> unable to install

strongSwan cannot install IPsec policies on OpenBSD

2020-02-14 Thread Peter Müller
Hello openbsd-misc, during some flaws in OpenIKED, I am forced to use strongSwan as an IPsec client on an OpenBSD 6.6 machine. While establishing an IKE_SA works fine, installing policies for CHILD_SA fails (as expected): > unable to install IPsec policies (SPD) in kernel > failed to establish