New commits:
commit 7db75995d0b24edf320fcca0a99c5d9522f14f67
Author: Paul Wouters
Date: Mon Jan 15 20:42:10 2024 -0500
pluto: remove nic-offload=auto
It is complicated to make this work as we need to load the policy
matching for crypto or packet offload before we know if
On Mon, 15 Jan 2024, Marc wrote:
with such a config
leftsubnet=192.168.21.0/24
rightaddresspool=192.168.21.200-192.168.21.210
This can’t really work. Where does the 192.16821.201 live? It’s both on left
and on right.
No ip's are either on the left or on the right.
That is not
> > the arping is only sending 10, then quits and 7 seconds after that the
> ping stalls.
>
> Oh I see you did not mix up the terms ping and arping.
>
> >
> >>>
> > with such a config
> > leftsubnet=192.168.21.0/24
> > rightaddresspool=192.168.21.200-192.168.21.210
>
>
> This can’t really
On Jan 15, 2024, at 14:50, Marc wrote:
>
>
>>
>>>
>>>
> the arping is only sending 10, then quits and 7 seconds after that the ping
> stalls.
Oh I see you did not mix up the terms ping and arping.
>
>>>
> with such a config
> leftsubnet=192.168.21.0/24
>
New commits:
commit 3929ebd4772ca05c6f6d8ef4805cd777ad132941
Author: Andrew Cagney
Date: Mon Jan 15 14:52:43 2024 -0500
testing: add rekeying to ikev2-selectors-*
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
On Jan 15, 2024, at 15:03, Bill Atwood wrote:
>
> My bad.
>
> I had re-booted Ritchie, and forgotten to re-run the script that assigns the
> ULA.
>
> After running that script, I see an established connection (on both Ritchie
> and Tarjan).
>
> What I don't see is any evidence of an added
My bad.
I had re-booted Ritchie, and forgotten to re-run the script that assigns
the ULA.
After running that script, I see an established connection (on both
Ritchie and Tarjan).
What I don't see is any evidence of an added interface on Ritchie (5.0
RC1), where I do see this on Tarjan
> >
> >
> > If I do a ping from the ipsec client to the host, it stalls.
> >
> > When I execute in the libreswan container this command
> >
> > arping -c 10 -i eth1 -S 192.168.x.3 192.168.11.15
> >
> > The ipsec client can ping the host but after 7 seconds, the ping stalls
> again.
the arping is
On Sat, 13 Jan 2024, Bill Atwood wrote:
I suggest the following changes to README.md:
1. Under the heading "Building for REM based systems", line 3. "spce"
-> "spec"
2. Under the heading "Compiling the userland and IKE daemon manually in
/usr/local", the first line is "make programs",
On Sun, 14 Jan 2024, Marc wrote:
Subject: [Swan] thought I had connection with arping
If I do a ping from the ipsec client to the host, it stalls.
When I execute in the libreswan container this command
arping -c 10 -i eth1 -S 192.168.x.3 192.168.11.15
The ipsec client can ping the host but
On Sun, 14 Jan 2024, Marc wrote:
Subject: [Swan] letsencrypt: Added "ipsec letsencrypt" command
should
ipsec letsencrypt
not be replaced with
ipsec acme
No, because the command is specific to LetsEncrypt and its Root CA
certificates and download URLs and API.
Paul
New commits:
commit 63842a2e58b4091b9eb0132b6dc8b68dd832ee87
Author: Andrew Cagney
Date: Mon Jan 15 14:34:23 2024 -0500
documentation: update ipsec whack --rekey-child
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
On Mon, 15 Jan 2024, Tuomo Soini wrote:
On Mon, 15 Jan 2024 13:23:58 -0500
Bill Atwood wrote:
Here is the result of the status command, on Ritchie (running 5.0
RC1):
dev@Ritchie:~$ sudo ipsec status | grep interface
[sudo] password for dev:
using kernel interface: xfrm
interface lo UDP
On Mon, 15 Jan 2024 13:23:58 -0500
Bill Atwood wrote:
> Here is the result of the status command, on Ritchie (running 5.0
> RC1):
>
> dev@Ritchie:~$ sudo ipsec status | grep interface
> [sudo] password for dev:
> using kernel interface: xfrm
> interface lo UDP [::1]:4500
> interface lo UDP
New commits:
commit 42580876282176e2c4938b1e43a935117bea33e4
Author: Andrew Cagney
Date: Mon Jan 15 14:01:42 2024 -0500
documentation: the "whack" in <> isn't replacable, et.al.
Ditto _stackmanager, addconn, ecdsasigkey, letsencrypt,
rsasigkey, showhostkey.
New commits:
commit c982fb9dc54a9345e9cfd7462a59ef8cafb3f86f
Author: Andrew Cagney
Date: Mon Jan 15 13:56:23 2024 -0500
whack: note that --rekey-ipsec is old name
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
On Mon, 15 Jan 2024, Marc wrote:
On windows there is a command certutil -revoke, but on el7 I do not have this.
So I was wondering how certs are put on this crl in the db.
I probably do not really get the concept here, this certutil is new to me.
Revocation is basically a signed serial
Here is the result of the status command, on Ritchie (running 5.0 RC1):
dev@Ritchie:~$ sudo ipsec status | grep interface
[sudo] password for dev:
using kernel interface: xfrm
interface lo UDP [::1]:4500
interface lo UDP [::1]:500
interface lo UDP 127.0.0.1:4500
interface lo UDP 127.0.0.1:500
New commits:
commit 500e6117c5cab5052a7afc46d9371587d232ee64
Author: Andrew Cagney
Date: Mon Jan 15 13:05:05 2024 -0500
routing: pass updown.{up,route} bits to
install_outbound_ipsec_kernel_policies()
since caller knows if either is needed
see:
IKEv2 rekey should not
New commits:
commit 3a05581c1a361557b0f60874bd9299853e3a8d55
Author: Andrew Cagney
Date: Mon Jan 15 10:59:02 2024 -0500
routing: revert ESTABLISH_CHILD transition
Going back to separate ESTABLISH_INBOUND then ESTABLISH_OUTBOUND
transitions.
This way when things barf
On Sun, 14 Jan 2024 15:31:00 +
Marc wrote:
> >
> > strangely this:
> >
> > rightid="O=Example,CN=android13client.example.com"
> > and
> > rightid="CN=android13client.example.com"
These two shouldn't work. Depending on your certificate subject only
first or second can work.
> >
> >
New commits:
commit 9434067c815ea9575071d6137220d2fdbefef31a
Author: Andrew Cagney
Date: Mon Jan 15 10:28:54 2024 -0500
kernel: delete obsolete comment
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
New commits:
commit a34349d4f6baae10ab57b0dbc4ce73f68475a070
Author: Andrew Cagney
Date: Mon Jan 15 10:06:09 2024 -0500
testing: rename ikev1-29-quick-* tests to whack-* tests, make good
And add equivalent initiator tests.
commit ce5949c11c3349b5515302edf03dc3fca3f7557c
Author:
Hi John,
I am on el7 and alpine linux
>
> Personally I keep my certificate generation completely separate from my
> Libreswan installation - I just import new certs and either delete or
> import a CRL as required.
>
Yes I would like to have something similar, preferably stateless container.
On 15/01/2024 11:40, Marc wrote:
Hmmm, I don't really get any results on how to revoke a cert. I am constantly
getting this microsoft shit where there is an certutil -revoke argument.
I'm sorry but I don't use Windows (for one of a thousand different
reasons, but including yours)
No idea
Hmmm, I don't really get any results on how to revoke a cert. I am constantly
getting this microsoft shit where there is an certutil -revoke argument.
I created a crl list with this:
crlutil -G -n "Example CA" -d sql:clientcertdb/ <
> >Or is there some sort of certificate revoke file I can
26 matches
Mail list logo