Re: [Swan] Trying to troubleshhot IPSec connection with certificates

​Using leftid=%fromcert did not help. I tried digging into the logs but I can't find the root cause. How can I troubleshoot PKI based authentication? Thanks​ Noam Singer *Co-founder and * *CSO * *FortyCloud Ltd.* Cell:+972 54 242 1064 Fax:+972 72 215 2980 Email: n...@fortycloud.com

[Swan] Trying to troubleshhot IPSec connection with certificates

Hello I am trying to set an IPSec connection with certificates (same CA for both certs), but my connection does not pass the STATE_MAIN_I3 state. Is there a way to better troubleshoot the PKI failures Am I doing something wrong? I would appreciate any help. Thanks in advance I have setup

[Swan] phase2alg=aes_gcm_c-128-null

Hello everyone, A quick question about this family of ciphers Does the null at the end mean that packets are not authenticated? Thanks ___ Swan mailing list Swan@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan

Re: [Swan] Trying to troubleshhot IPSec connection with certificates

Thank you all for all your help ​​ My hunch is that the failure relates to subjectAltName I'll be taking all comments into account and update you as soon as I have something working ​Thank you all​ Noam Singer On Tue, Feb 2, 2016 at 9:07 AM, Tuomo Soini <t...@foobar.fi> wrote: >

[Swan] ipsec newhostkey / showhostkey does not work well in 3.17

Hello group, I just installed LibreSwan 3.17 on a fresh machine I tried creating a public-key using the following basic script echo "" > /tmp/nsspassword rm -f /etc/ipsec.secrets certutil -N -d /etc/ipsec.d -f /tmp/nsspassword ipsec newhostkey --output /etc/ipsec.secrets

[Swan] Handling: ERROR: asynchronous network error report on eth0 (sport=500) ... No route to host

Hello everyone, I am using LibreSwan 3.16 and connecting several machines in different AWS regions. On one machine, one of the connections repeatedly fails with the following error. The connection was OK a couple of days ago, but started failing last week All other connections in that machine are

[Swan] negotiation hangs for connections with many SAs

| crypto helper 0: pcw_work: 197 Dec 29 14:28:15 ip-172-31-16-203 pluto[2294]: | asking crypto helper 0 to do build nonce; request ID 200 (len=2776, pcw_work=197) I would appreciate your thoughts on this issue Thanks in advance Noam Singer

Re: [Swan] Failure when using raw public keys with Libreswan 3.19rc3

sudo ipsec newhostkey --output /etc/ipsec.secrets --nssdir /etc/ipsec.d --seeddev /dev/urandom --bits 2192 Still, the keys are not placed in /etc/ipsec.secrets. Only when running the command "ipsec newhostkey --output /etc/ipsec.secrets", they do. Thanks for all your help. Noam Singer