Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

> Hm, I am not seeing any evidence that the daemon is picking up my > /etc/strongswan/strongswan.d/bills-strongswan.conf nor > /etc/strongswan/ipdec.d/bills-ipsec.conf . But then, it's not noting yours > either, assuming you have your own ipsec.conf and strongswan.conf . > > These are my main

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

> Original Message > Subject: Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan) > Local Time: December 27, 2017 3:51 PM > UTC Time: December 27, 2017 11:51 PM > From: teas...@shorewall.net > To: shorewall-users@lists.sourceforge.net > >

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

On 12/27/2017 03:46 PM, Colony.three via Shorewall-users wrote: > > > > >> Original Message -------- >> Subject: Re: [Shorewall-users] UDP Getting Blocked When Unblocked >> (StrongSwan) >> Local Time: December 27, 2017 3:31 PM >> UTC Time

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

> Original Message > Subject: Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan) > Local Time: December 27, 2017 3:31 PM > UTC Time: December 27, 2017 11:31 PM > From: teas...@shorewall.net > To: shorewall-users@lists.sourceforge.net > >

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

On 12/27/2017 03:27 PM, Colony.three via Shorewall-users wrote: > Dec 27 15:20:49 zeta charon: 00[CFG] loading secrets from > '/etc/strongswan/ipsec.secrets' > Dec 27 15:20:49 zeta charon: 00[LIB]   opening > '/etc/strongswan/ipsec.d/private/quantumKey.pem' failed: No such file > or directory >

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

> The Cert isn't involved in the IKE_SA_INIT request. Verification of the > cert occurs in the IKE_AUTH request. What are the messages generated > when you start your local StrongSwan config? > > -Tom I don't see anything abnormal... although I do not see it calling

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

On 12/27/2017 03:02 PM, Colony.three via Shorewall-users wrote: > Simple CA is the procedure I've been using too.  >>> >>> Dec 27 14:29:54 zeta charon: 05[NET] received packet: from >>> 172.58.43.66[21321] to 192.168.111.16[500] (704 bytes) >>> Dec 27 14:29:54 zeta charon: 05[ENC] parsed

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

Simple CA is the procedure I've been using too. >> Dec 27 14:29:54 zeta charon: 05[NET] received packet: from >> 172.58.43.66[21321] to 192.168.111.16[500] (704 bytes) >> Dec 27 14:29:54 zeta charon: 05[ENC] parsed IKE_SA_INIT request 0 [ SA KE No >> N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP)

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

that this is impossible. > Original Message > Subject: Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan) > Local Time: December 24, 2017 2:20 PM > UTC Time: December 24, 2017 10:20 PM > From: teas...@shorewall.net > To: shorewall-users@lis

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

> Just as a FYI: I have OpenVPN set up and working on my android phone. > > I generated a CA cert and then a cert for my phone using xca (GUI interface). > > Bill Good to know. I'd originally decided on IPSec because it's universally used in business, and is regarded to be the most secure, at

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

> Original Message > Subject: Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan) > Local Time: December 24, 2017 3:03 PM > UTC Time: December 24, 2017 11:03 PM > From: teas...@shorewall.net > To: shorewall-users@lists.sourceforge.net > >

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

Just as a FYI: I have OpenVPN set up and working on my android phone. I generated a CA cert and then a cert for my phone using xca (GUI interface). Bill -- Check out the vibrant tech community on one of the world's

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

On 12/24/2017 02:56 PM, Tom Eastep wrote: >> >> I'm now ready to try and set up the Android app.  I wasn't able to >> import a .pem cert, but maybe it'll let me import a .der cert. > > I successfully imported both the .pem CA cert and the .p12 bundle. The > former ended up in User Certificates

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

On 12/24/2017 02:51 PM, Colony.three via Shorewall-users wrote: > On 12/24/2017 12:59 PM, Tom Eastep wrote: >> >> >> After a bit of a hassle with certs, I got it working. >>   >> a) I used the StrongSwan Simple CA >> (https://wiki.strongswan.org/projects/strongswan/wiki/SimpleCA)

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

On 12/24/2017 12:59 PM, Tom Eastep wrote: > After a bit of a hassle with certs, I got it working. > > a) I used the StrongSwan Simple CA > (https://wiki.strongswan.org/projects/strongswan/wiki/SimpleCA) to > generate my certs, with a subjectAltName. The subjectAltName of the > local endpoint is

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

On 12/24/2017 12:59 PM, Tom Eastep wrote: > On 12/24/2017 12:45 PM, Colony.three via Shorewall-users wrote: >> >>> I saw something similar when I neglected to add a subjectAltName >>> (gateway.shorewall.net ) to the >>> local endpoint's cert. >>>   >>>

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

On 12/24/2017 12:45 PM, Colony.three via Shorewall-users wrote: > >> I saw something similar when I neglected to add a subjectAltName >> (gateway.shorewall.net ) to the >> local endpoint's cert. >>   >> FWIW, I've attached a log extract of a

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

> I saw something similar when I neglected to add a subjectAltName > (gateway.shorewall.net) to the local endpoint's cert. > > FWIW, I've attached a log extract of a successful SA establishment. > > -Tom Hm, interesting. I've consistently used scripts from SomeRandomDude on The Internets, and

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

On 12/24/2017 11:21 AM, Colony.three via Shorewall-users wrote: >   >> >> >> IPSEC configuration issue. I previously posted Strongswan config files >> for my working DNAT setup. >>   >> -Tom >> > > True, and I'm basing my endpoint (IPSEC gateway) config on that: > > conn %default

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

> IPSEC configuration issue. I previously posted Strongswan config files > for my working DNAT setup. > > -Tom True, and I'm basing my endpoint (IPSEC gateway) config on that: conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=3 keyexchange=ikev2 conn ipv4 left=192.168.111.16

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

> I would think you would want: > interfaces: > -eth0routefilter=0,logmartians=1 > hosts: > vpn eth0:172.58.43.0/24 > neteth0:0.0.0.0/0 > > I'm assuming 172.58.43.0/24 is a private subnet (RFC1918). > > Bill 172. is from my phone on a national carrier, and

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

I would think you would want: interfaces: -            eth0        routefilter=0,logmartians=1 hosts: vpn       eth0:172.58.43.0/24 net    eth0:0.0.0.0/0 I'm assuming 172.58.43.0/24 is a private subnet (RFC1918). Bill On 12/23/2017 7:52 PM, Colony.three via Shorewall-users wrote: I don't

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 12/23/2017 4:52 PM, Colony.three via Shorewall-users wrote: > I don't understand this: > > [184624.505739] Shorewall:net-fw:DROP:IN=eth0 OUT= > MAC=52:54:00:c0:93:30:52:54:00:d7:db:bb:08:00 SRC=85.6.183.101 > DST=192.168.111.16 LEN=408