New commits:
commit a04e13ba323b00749f3f34e7e0cac8194169b443
Author: Paul Wouters
Date: Sun Mar 5 21:08:10 2023 -0500
pluto: fix notification array end points
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https
New commits:
commit 3b7130a6d25a51d5315ff7bb0e9ad92ca5017a1b
Author: Paul Wouters
Date: Sun Mar 5 20:34:51 2023 -0500
pluto: add missing , in ietf_constants.h
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https
New commits:
commit c8a6d4539275579d51e52d84ca0910792e22c9cd
Author: Paul Wouters
Date: Sun Mar 5 20:24:37 2023 -0500
pluto: update constants.c and add v2N_STATE_NOT_FOUND
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https
New commits:
commit 6a0ada1388704d418531640832af36e9fd0dbfb4
Author: Paul Wouters
Date: Sun Mar 5 16:48:09 2023 -0500
pluto: Remove obsoleted forceencaps= option.
commit b54301dda847ea9cb930c5c4fb981cbdfbe98961
Author: Paul Wouters
Date: Sun Mar 5 14:57:45 2023 -0500
IKEv2: Add
On Mar 3, 2023, at 06:48, Brady Johnson wrote:
>
> I'm trying to determine where to store the ref counted IP addresses (v4/v6).
> I could add it to the pluto_xfrmi struct (kernel_xfrm_interface.c/h) but then
> that would not include VTI interfaces. Everything related to creating VTI
>
On Thu, 2 Mar 2023, Brady Johnson wrote:
(CC:ing dev list, because why not)
I have started looking into how to ref count the IP addresses. It looks like
currently the IP addresses are set on the interfaces in
the updown shell script with the "up-client" verb. Currently the addresses are
New commits:
commit 881f1864ca1f0e5fbd21a012ab6dc94cbc7f0fb5
Author: Paul Wouters
Date: Tue Feb 28 20:50:16 2023 -0500
documentation: added security/CVE-2023-23009.txt
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https
New commits:
commit 3db26088e2057dae11f3ab5f43e8efd68e899a4e
Author: Vukasin Karadzic
Date: Tue Feb 28 16:06:15 2023 -0500
ikev2: modify .story of STATE_V2_PARENT_R1 state
Resolves: https://github.com/libreswan/libreswan/pull/1023
Signed-off-by: Paul Wouters
/libreswan/pull/1019
Signed-off-by: Brady Johnson
Signed-off-by: Paul Wouters
---
Makefile| 2 +-
lib/libswan/Makefile| 4 ++--
packaging/utils/setlibreswanversion | 2 +-
3 files changed, 4 insertions(+), 4 dele
On Tue, 14 Feb 2023, Brady Johnson wrote:
I tried your suggestion and I still get the same result. First I removed the
"rightsubnet=0.0.0.0/0" from the server config, and then got "IKE_AUTH
response rejected Child SA with TS_UNACCEPTABLE" when starting the client, so I also
removed
On Tue, 14 Feb 2023, Brady Johnson wrote:
Why do the policies get created differently?
I think a configuration issue.
Server config with address pool:
---
conn vpnserver.dl110-05.xyz.com
# right is remote(client), left is local(server)
On Wed, 8 Feb 2023, Gayathri Manoj wrote:
We have enabled Pre-shared key based IPSec connection between our application
which running on linux environment and Router. But when our system goes
for a reboot, we have to configure the policy again to work. Please let us know
the reason for the
On Mon, 6 Feb 2023, Antony Antony wrote:
All of this could ofcourse go away if the kernel could send us an "idle"
callback, but I think that's still not there right?
I don't know any! I feel there was a lot confusion among us, swan
programmers, around last used and we came up with
New commits:
commit ea7d12abc7c0c3b1d797839feb6a0f49db8992b1
Author: Paul Wouters
Date: Sun Feb 5 20:58:13 2023 -0500
testing: added nss-cert-11-cert-expired-initiator-ikev2
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https
On Fri, 3 Feb 2023, u...@blueaquan.com wrote:
Double checked this, rp_filter is disabled on all interfaces and ipv4
forwarding is enabled. I use
"nftables" on both ends and have double checked to rules to ensure packets from
both these sites have
bi-directional traffic enabled. In fact to
On Fri, 3 Feb 2023, u...@blueaquan.com wrote:
Also, an observation I could make is, when the machine at Site Office tries to
reach the HO VPN server,
even though the ping does not happen, I can see the traffic go up incrementally
on both sides.
However when the HO tries to reach the Site
On Fri, 3 Feb 2023, Antony Antony wrote:
New commits:
commit 9a6e1d0335ccfd31a26dbf19e6eea716b9e27d1c
Author: Antony Antony
Date: Mon Jun 27 05:19:34 2022 +
linux: pluto use kernel SA attribute XFRMA_LASTUSED
Linux kernel, since 6.2, updates lastused for all traffic, in and out.
tun.0@A.B.C.D tun.0@10.10.128.100 Traffic: ESPin=168B ESPout=168B! ESPmax=0B Thanks, BestBAOn 2023-01-31 22:01, Paul Wouters wrote:
On Mon, 30 Jan 2023, u...@blueaquan.com wrote:
I changed the HO's statement to auto=add while keeping auto=start at the Site Office. Also removed encapsulation state
On Mon, 30 Jan 2023, u...@blueaquan.com wrote:
I changed the HO's statement to auto=add while keeping auto=start at the Site
Office. Also removed encapsulation statement at both
ends, However there is no change in status, both machines are unable to reach
each other. The tunnel is getting
On Sun, 29 Jan 2023, u...@blueaquan.com wrote:
I have two sites which I am trying to connect using a site-to-site VPN.
Initially I had a lot of
challenges because at the HO, the Linux machine had a Public IP directly
configured, while at the
Site Office the Linux machine was behind an ISP
New commits:
commit c79ade084df023387a34ee533392cd108ad548d7
Author: Paul Wouters
Date: Fri Jan 27 14:33:54 2023 -0500
testing: remove misleading comment line
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https
New commits:
commit 8441d46bfa6c62d6a284bc3f19d55f47150b34e6
Author: Paul Wouters
Date: Thu Jan 26 13:15:28 2023 -0500
testing: fixup ikev2-tcp-00-yes
- Remove unneeded tcp-remote-port
- Fixup expected certs in nss
___
Swan-commit
New commits:
commit ea2986e817e932305608f517f07c21956b68afe2
Author: Paul Wouters
Date: Thu Jan 26 13:04:45 2023 -0500
testing: fixup ikev2-tcp-04-ikeport
No longer needs to delete the peer's cert from local nss store.
commit 8a21eb86155a496b33d2b935e9e9e0dc3e867383
Author: Paul
New commits:
commit b7e9029aff0a549bdc6401a0cfc2d145de37707b
Author: Ondrej Moris
Date: Mon Jan 23 20:37:39 2023 -0500
testing: copy xauth passwd to ipsecdir
Resolves: https://github.com/libreswan/libreswan/issues/991
Signed-off-by: Paul Wouters
New commits:
commit 2e2203cfa8a1584095c7765046b464eb161f6aba
Author: Paul Wouters
Date: Mon Jan 23 19:45:05 2023 -0500
documentation: updated CHANGES
commit 1d989b00d986b45f8eb7b8f1d5a828a4f9f5b2a5
Author: Paul Wouters
Date: Mon Jan 23 19:42:19 2023 -0500
testing: fix namespace
On Fri, 20 Jan 2023, Jesse wrote:
I have an issue I am using
Linux Libreswan 3.32 (netkey) on 5.15.0-1027-oracle
on my Oracle Ubuntu 22.04 instance.
I have a partner Connection from my instance and the partner has a primary IP
and a Failover IP
eg.
Connection to partner from my end via
New commits:
commit a935317bcd36fddae1ee3c84dcfd878776884322
Author: Paul Wouters
Date: Wed Jan 18 11:28:48 2023 -0500
documentation: update CHANGES
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman
New commits:
commit b97627567656f56151b2cb04b25649f987bc
Author: Paul Wouters
Date: Wed Jan 18 11:27:09 2023 -0500
building: fix "make git-rpm"
- use rpm -eval to get sourcedir / specdir
- if not present in sourcedir, download IKE test ve
New commits:
commit a1bc070487734648ab72cf92444ca423f5a598a5
Author: Paul Wouters
Date: Mon Jan 9 22:22:35 2023 -0500
testing: updated TESTLIST
commit 3d7f9a3d6e5ecfdef90defa6117fd0868b3e30b2
Author: Paul Wouters
Date: Mon Jan 9 22:19:21 2023 -0500
testing: add ikev2-14-compress
On Mon, 9 Jan 2023, Praveen Chavan wrote:
Thanks for the clarification.
Follow up:
1. Could you share some examples for "ipsec trafficstatus" output?
See git grep "ipsec traffic" testing/pluto/
you can also see the test output on testing.libreswan.org
eg from
New commits:
commit f72a08502726cdcab32f8684c9753aa364d116f0
Author: Paul Wouters
Date: Mon Jan 9 12:26:58 2023 -0500
testing: update tests for FIPS tweaks
commit 96b288bf4ef0cefebf052982c5559dde207745e7
Author: Paul Wouters
Date: Mon Jan 9 12:26:31 2023 -0500
FIPS: tweak FIPS
On Mon, 9 Jan 2023, Praveen Chavan wrote:
With libreswan upgrade to 4.5.x, I've noticed changes in the output of 'ipsec
whack --status' command. I relied on 'IPsec SA
established' to verify the active tunnels. With the upgraded version this
string is not present in the output. I rather notice
New commits:
commit 6a505a63e62f345a6d3066f313ffbb3f2b83fc4b
Author: Paul Wouters
Date: Mon Jan 9 10:55:35 2023 -0500
testing: ikev2-selectors-44in4-rw-ike-mismatch-02 is still WIP
while road works, east is still broken.
___
Swan-commit
New commits:
commit c149d854b9b8fc0a02f2aa0384c6826fb76519ae
Author: Paul Wouters
Date: Sun Jan 8 16:47:58 2023 -0500
testing: updated TESTLIST
commit 09d37eb4275483a43f37206433d4ab6c79f8aca0
Author: Paul Wouters
Date: Sun Jan 8 16:47:08 2023 -0500
testing: added ikev2-selectors
New commits:
commit 6e2b9d0b9aa9ada6fe305bda6d51aebfbfc35a62
Author: Paul Wouters
Date: Sun Jan 8 16:34:57 2023 -0500
testing: update TESTLIST
commit b554ade25e1383f3c3aec47f05592244a512ee03
Author: Paul Wouters
Date: Sun Jan 8 16:33:23 2023 -0500
testing: add tests for proper
New commits:
commit ae3c8b1c67c4d85ff12ae9938c6fa78a971fb634
Author: Paul Wouters
Date: Sun Jan 8 16:11:29 2023 -0500
testing: fixup ikev2-rw-multiple-subnets
commit 84fc696a120e2512eb9ab40c9cd80ca45c90427d
Author: Paul Wouters
Date: Sun Jan 8 16:03:58 2023 -0500
testing: fixup
On Wed, 21 Dec 2022, Brendan Kearney wrote:
Subject: [Swan] Tunnel is up, but getting udp port unreachable
connecting client is seen replying with ICMP udp port unreachable messages:
VPN Server config:
conn rac
leftsubnet=0.0.0.0/0
right=%any
New commits:
commit 63cdd714de5f2588adff342ce6faf6d762a7a52c
Author: Paul Wouters
Date: Wed Dec 21 11:23:58 2022 -0500
pluto: rate limit all logs in for IKE version numbers
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https
New commits:
commit 62f9437578551b371a906d2b62b67aad31351362
Author: Paul Wouters
Date: Wed Dec 21 11:16:14 2022 -0500
documentation: update CHANGES
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman
New commits:
commit f0fa9562e34146d12b9ecd03ca8f0bf7ba6ed185
Author: Paul Wouters
Date: Tue Dec 20 13:06:13 2022 -0500
documentation: extend config setup options in ipsec.conf
Add commented out config setup options in our ipsec.conf that we
we consider "standard user fea
New commits:
commit 9c7c43a5a98b476eab7e3723269315da3fcb3283
Author: Paul Wouters
Date: Tue Dec 20 12:42:02 2022 -0500
documentation: update CHANGES
commit 4e05d99a8a7d942e5f43ca10fd5c19525b0a3716
Author: Antonio Silva
Date: Tue Dec 20 12:31:48 2022 -0500
packaging: fix debian
/stop/restart/enable/disable ipsec service without any issue.
>
> Do you want me to create e pull request in github?
>
>
> —
> Saludos / Regards / Cumprimentos
> António Silva
>
>> On 8 Nov 2022, at 12:58, Paul Wouters wrote:
>>
>>> On Tue, 8 Nov 2022, antonio w
On Wed, 7 Dec 2022, OBETalk?? wrote:
Date: Wed, 7 Dec 2022 04:57:50
From: OBETalk??
To: swan
Subject: [Swan] The issue of connecting to Libreswan VPN from Android
Dears,
There's a big issue of Android phone connecting to Libreswan deployed on Ubuntu
18.04 which is based on AWS
EC2
New commits:
commit 60080571fba1148dc13f1c571946dce7a11d6c3f
Author: Paul Wouters
Date: Thu Nov 24 21:14:53 2022 -0500
pluto: in extract_connection() don't set indent=4
The variable is no longer used as per coverity warning :)
___
Swan
New commits:
commit 49c15e23df3ff3340c929e26934e218d63d7c1bb
Author: Paul Wouters
Date: Thu Nov 24 15:16:22 2022 -0500
testing: similarly fix ikev2-selectors-66in6-rw-*
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https
New commits:
commit 7d836605b612c3129ed5604b9b88e7f6a985b16f
Author: Paul Wouters
Date: Thu Nov 24 15:12:55 2022 -0500
testing: fixup similar typo in ikev2-selectors-66in4-rw-ike
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https
New commits:
commit cb2bfe56f8624dbc9b06f58492be3f1a6e789550
Author: Paul Wouters
Date: Thu Nov 24 15:11:00 2022 -0500
testing: fix typo in ikev2-selectors-66in4-rw-alias/01-east-init.sh
___
Swan-commit mailing list
Swan-commit
New commits:
commit 4c69fc1157d5c2c4eceb8a3eb83cb6cdd91a5c94
Author: Paul Wouters
Date: Thu Nov 24 15:07:28 2022 -0500
testing: added ikev2-selectors-66in4-rw-alias-nonat
commit df1cd3245eb29cadb8e73155d60264f57313c3c3
Author: Paul Wouters
Date: Thu Nov 24 14:25:01 2022 -0500
On Nov 23, 2022, at 00:03, Kumar P S Udai wrote:
>
>
> Hi Paul
> This was slightly confusing, because when I try to ping the HO(Europa)
> machin's private IP (192.168.1.1), I get a destination host unreachable
> message, all the while there was no change in the ESPout which remained at 0.
an experiment's sake, I disabled the NAT function on that
> machine and kept only the filter ruleset, but even that did not change
> anything.
>
> Thanks, best regards
>
> Udai
>
>> On Fri, 18 Nov 2022 at 21:37, Paul Wouters wrote:
>> On Fri, 18 Nov 2022, Kum
Yes
Sent using a virtual keyboard on a phone
> On Nov 18, 2022, at 11:58, Nick Howitt wrote:
>
>
>
>> On 18/11/2022 16:07, Paul Wouters wrote:
>>> On Fri, 18 Nov 2022, Kumar P S Udai wrote:
>>> One is at the HO establishing connection to three other
On Fri, 18 Nov 2022, Kumar P S Udai wrote:
One is at the HO establishing connection to three other branch offices, while
all three are
getting connected, at one branch office the public IP is not configured on the
machine directly,
but on an external vendor's router. Initially I had trouble
On Tue, 8 Nov 2022, antonio wrote:
The issue is with systemd service apparently, I started with init.d/ipsec and
is ok.
The generated package for version 4.9 doesn’t include a unit file.
dpkg -c binaries/libreswan_4.9-1_amd64.deb | grep systemd
drwxr-xr-x root/root 0 2022-10-13
On Fri, 4 Nov 2022, Rodrigo Gruppelli wrote:
I couldn't import the p12 file into MacOS. When importing it, mac's Keychain
Access asks for the password of the .p12 file, even though I didn't set any
password in the certificate generation steps (just pressed ). Or even if
I set some password,
New commits:
commit a3ed19a4b684f9448f59823a52bd8679a8ff3e0a
Author: Paul Wouters
Date: Sat Nov 5 13:24:17 2022 +
libipsecconf: remove unused logged
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org
On Thu, 3 Nov 2022, Rodrigo Gruppelli wrote:
You're talking about this example?
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2
Yes.
Below is the configuration I wrote... based on my scenario described in the
first email, is it correct?
Seems okay.
When I create
On Nov 1, 2022, at 06:31, Mirsad Goran Todorovac
wrote:
>
>
>>
>>
>> ERROR: malformed CP attributeAttribute Type of IKEv2 Configuration Payload
>> Attribute has an unknown value: 23456 (0x5ba0)
That value is from the private use range. Anyone know what Microsoft is trying
to ask for here
On Fri, 28 Oct 2022, Andrew Cagney wrote:
I'm about to change "spd" in struct connection to a pointer; that is from:
struct spd_route spd;
to:
struct spd_route *spd;
thanks for the heads up.
My motivation is to make the code generating a list of SPDs from
subnets simpler (I'm guessing
Yes, use the IKEv2 road warrior setup examples and forward port 500,4500 UDP.
Sent using a virtual keyboard on a phone
> On Oct 29, 2022, at 08:43, Rodrigo Gruppelli wrote:
>
> Greetings!
>
> I would like to know if it’s possible to achieve this kind of setup:
>
> On the left side, there
Not yet in 4.9. But work to support this has recently started.
Sent using a virtual keyboard on a phone
> On Oct 28, 2022, at 19:52, Nestor Melo wrote:
>
>
> Hi,
>
>
> We would like to configure a single IPSec connection that would handle both
> IPv4 and IPv6 traffic.
>
> We considered
On Mon, 24 Oct 2022, Mirsad Goran Todorovac wrote:
With libreswan I've been using dual stack IPsec for some years, with
ipv4 over ipv4 + ipv6 over ipv6. That works, but windows wants ipv4 +
ipv6 over ipv6 or ipv4 which is not yet supported.
Then I suppose Windows 10 VPN IPv6 connection
On Thu, 20 Oct 2022, Tuomo Soini wrote:
>> rightaddresspool=fd00:2600:1000:/64
Your addresspool is too big. If I remember correctly, maximum size is 96
bits.
Why aren't we throwing an error in that case?
___
Swan mailing list
New commits:
commit 551a4ddaa052020188242fb9ec4d6e0d3370a2bb
Author: Paul Wouters
Date: Fri Oct 14 12:18:25 2022 -0400
documentation: bump version to prepare for 4.10
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https
New commits:
commit 394c823abbf8af6afaf6c9c71fb53fca775bfae7
Author: Paul Wouters
Date: Thu Oct 13 20:03:15 2022 -0400
documentation: bump to 4.9
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman
On Fri, 14 Oct 2022, Tuomo Soini wrote:
On Thu, 13 Oct 2022 15:35:58 +0100
António Silva wrote:
Found a commit that could be the fix for this issue:
https://github.com/libreswan/libreswan/commit/bfd380014944b7efb3fbc181129bd34769993d3f
Trying it now.
If you need a quick fix, correct
We will release 4.9 to address this regression in the next day or so
Sent using a virtual keyboard on a phone
> On Oct 13, 2022, at 10:29, António Silva wrote:
>
>
>
> Hi,
>
> I just update libreswan from version 4.7 to 4.8, but with the newest version
> I can’t establish a connection
New commits:
commit 6abb1b47d9ed0b20600af2c02ff5da39219d6823
Author: Paul Wouters
Date: Thu Oct 13 15:53:57 2022 -0400
documentation: update CHANGES
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman
On Mon, 3 Oct 2022, Uday Raj wrote:
Subject: [Swan] Create multi encryption domain via ipsec whack command
I am creating a multi encryption domain in ipsec via the below command. But the
below command is throwing error ?
Could you please let me know how to create a MED in ipsec via whack
On Fri, 7 Oct 2022, Tielong Su wrote:
Hello libreswan community,
I am experiencing some SA retransmission issues for my IKEv2 connection. The
connection had been stable and worked pretty well until recently.
From the pluto logs it seems the IPSec tunnel was successfully established but
at
New commits:
commit 1ac0346bf9bf1d0fa03e7d15068c7cea8c6d0f97
Author: Paul Wouters
Date: Thu Oct 6 09:47:13 2022 -0400
documentation: updated CHANES
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman
On Tue, 4 Oct 2022, Uday Raj wrote:
I would like to know which file in libreswan-3.31 code base handles the ipsec
connection definition configuration
parsing.
Could please let me know the answer ?
lib/libipsecconf
note that it basically gets translated into whack commands, see
New commits:
commit f0ffbda19825199811e8aff5d33c8fb4a1649d7b
Author: Paul Wouters
Date: Mon Oct 3 15:03:12 2022 -0400
bump version/CHANGES to 4.9
commit be225bf05a6b30fa2b7fd5a04634643a9adc6dc8
Author: Paul Wouters
Date: Sun Oct 2 15:43:00 2022 -0400
documentation: bump to 4.8
New commits:
commit 40f44c4d1bb72d3e06b72a6315f737f6cad28249
Author: Paul Wouters
Date: Thu Sep 29 10:42:44 2022 -0400
packaging: fedora add BuildRequires: systemd-rpm-macros
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https
New commits:
commit 7a795ec058790e4e2b1df9b8fa235c78aa7d1efa
Author: Paul Wouters
Date: Wed Sep 28 21:38:28 2022 -0400
documentation: tweak man page for ipsec-max-bytes=
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https
New commits:
commit e6b8f15f7a2fdace62b988eb5125649188b67f47
Merge: 9286dafa1a a4fd2b32eb
Author: Paul Wouters
Date: Mon Sep 19 12:37:32 2022 -0400
Merge branch 'maxvalues'
commit a4fd2b32ebf645cb7d44d305847aa68affa59927
Merge: 448d43ac1b 9286dafa1a
Author: Paul Wouters
Date: Mon Sep
New commits:
commit 9286dafa1a20b8a2f1d8f8e85a30607a046a53bf
Author: Paul Wouters
Date: Mon Sep 19 11:35:54 2022 -0400
linux: reduce copy of xfrm.h from v6.0.0rc5 to v5.19
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https
New commits:
commit 92720e9a0bd23baf9d8be9b0d9a4433bcce19aa1
Author: Paul Wouters
Date: Sun Sep 18 20:40:57 2022 -0400
documentation: update CHANGES, linux/README
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https
New commits:
commit 32900965ab6e2363555a731dab38e2fdaf44d607
Author: Paul Wouters
Date: Sun Sep 18 20:21:07 2022 -0400
linux: update our copy of linux/include/uapi/linux/xfrm.h
This is only used when setting USE_XFRM_HEADER_COPY=true
On Thu, 15 Sep 2022, Michael Schwartzkopff wrote:
On 15.09.22 21:28, Paul Wouters wrote:
For IKEv2 that would go via EAP.
Currently, only EAPTLS is implemented. You are looking at EAP-mschapv2. We
don’t support that yet. I know strongswan does support it.
strongswan supports all kind
s and issues
Packaging for different distros
Promote via word of mouth, blog articles, etc
Donate money to developers
Paul
>
> brendan
>
>> On 9/15/22 3:28 PM, Paul Wouters wrote:
>> For IKEv2 that would go via EAP.
>> Currently, only EAPTLS is implemented. You ar
> vs
> ipsec secrets
>
> is there a difference between the two commands? in either case, thanks for
> the pointer.
>
> brendan
>
>> On 9/12/22 3:13 PM, Paul Wouters wrote:
>> It really seems the PSKs are not the same. If you changed them, ensure to
>> resta
For IKEv2 that would go via EAP.
Currently, only EAPTLS is implemented. You are looking at EAP-mschapv2. We
don’t support that yet. I know strongswan does support it.
Paul
ps. Patches or other support always welcomed
Sent using a virtual keyboard on a phone
> On Sep 15, 2022, at 13:44,
On Thu, 15 Sep 2022, Uday Raj wrote:
I am running libreswan version 3.31. By default my libreswan device is
negotiating in IKEV2. I want to change the IKE version to V1.
How do i change the IKE version from cli/config ?
Use:ikev2=no
This is a per-connection parameter.
Paul
ps. note
New commits:
commit aec8ec3b61aa3ea55fa38c31d4acab6da21d5a95
Author: Paul Wouters
Date: Wed Sep 14 15:06:30 2022 -0400
libipsecconf: ignore interfaces= line and throw obsolete warning
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
It really seems the PSKs are not the same. If you changed them, ensure to
restart ipsec or run “ipsec secrets” to reload.
It might also that you have multiple secrets labeled with %any and another
entry is picked? Try to just stick with @leftid and @rightid without using %any
Paul
Sent using
New commits:
commit 980fb8a7e700361dfb2edf62d34f418448f313f1
Author: Paul Wouters
Date: Tue Sep 6 20:10:10 2022 -0400
libipsecconf: rename some ipsecconf/pluto variables
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https
On Fri, 2 Sep 2022, Andrew Cagney wrote:
Subject: [Swan-dev] LTO (link time optimization) enabled on Linux
discuss :-)
If it now seems to work, lets do it.
___
Swan-dev mailing list
Swan-dev@lists.libreswan.org
New commits:
commit 6fcffb2868aadee2da45e8ba83cb3624bd5ac725
Author: Paul Wouters
Date: Thu Sep 1 17:32:03 2022 -0400
documentation: update CHANGES
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman
New commits:
commit 2b607f79797bcd854c912c0dba7cbdfae2c7c815
Author: Paul Wouters
Date: Thu Sep 1 13:48:37 2022 -0400
testing: addconn-02 used obsolete interfaces= line
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https
New commits:
commit c74f37b7b28a5958dd5c2883235a6c40805e375d
Author: Paul Wouters
Date: Mon Aug 29 20:48:29 2022 -0400
testing: add libipsecconf-11-default-key to TESTLIST
commit 86d4f4d8606e0c9ccd4a584d6727818d17e6f561
Author: Paul Wouters
Date: Mon Aug 29 20:48:03 2022 -0400
New commits:
commit 259c21e422582f1f07e8ebda60110c45f232d6f6
Author: Paul Wouters
Date: Thu Aug 25 20:48:43 2022 -0400
packaging: use "new" build macros
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.lib
SK; encrypted payloads: N;
> missing payloads: SA,Ni,TSi,TSr
>
> Peter
>
> Dňa ut 23. 8. 2022, 14:06 Paul Wouters napísal(a):
>>> On Aug 23, 2022, at 05:05, Peter Viskup wrote:
>>>
>>>
>>> Just went trough the FortiGate cookbook wh
On Tue, 23 Aug 2022, Balaji Thoguluva wrote:
Is there any configuration option to bind only to specific interfaces/IP
address for IKE?
Yes, as I told your Oracle collegue, listen= in ipsec.conf or --listen to the
pluto startup arguments.
Aug 17 18:39:13.712975: FATAL ERROR:
New commits:
commit 61bc70d94ab3194f18f347a2f53a53e5f47d0e9a
Author: Paul Wouters
Date: Tue Aug 23 10:36:38 2022 -0400
libipsecconf: Remove obsolete interfaces= option.
This keyword was only set and never read since the
removal of KLIPS
.20.255:0-65535 0]
>> 004 "sp2" #93: STATE_V2_IPSEC_I: IPsec SA established tunnel mode
>> {ESP/NAT=>0x6d6a23ce <0x19a1226c xfrm=AES_CBC_256-HMAC_SHA2_256_128
>> NATOA=none NATD=1.2.3.4:4500 DPD=active}
>>
>> And I am able to reach both ends of VPN tu
New commits:
commit e73460ba74fb1a1b400655f6f95eb54037447eaa
Author: Paul Wouters
Date: Mon Aug 22 17:12:24 2022 -0400
documentation: update CHANGES
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https://lists.libreswan.org/mailman
On Mon, 22 Aug 2022, Praveen Chavan wrote:
Pluto fails to start with error,
Aug 22 14:48:02.318450: FATAL ERROR: bind(0.0.0.0:500) failed in
find_raw_ifaces4()Address already in use (errno 98)
Aug 22 14:48:02.318478: ABORT: ASSERTION FAILED: nr_helper_threads == 0
(free_server_helper_jobs()
On Mon, 22 Aug 2022, Peter Viskup wrote:
[root@prd01a ipsec.d]# ipsec auto --up sp1
002 "sp1" #94: local ESP/AH proposals for sp1 (ESP/AH initiator emitting
proposals):
1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=ECP_384;ESN=DISABLED
139 "sp1" #94: STATE_V2_CREATE_I: sent IPsec Child req
New commits:
commit 933f350c47d66154ee205b26d04de4d7df32ea58
Author: Paul Wouters
Date: Thu Aug 18 14:51:30 2022 -0400
documentation: rename LIBRESWAN-GPG-KEY.txt to LIBRESWAN-OPENPGP-KEY.txt
Resolves: https://github.com/libreswan/libreswan/pull/829
New commits:
commit 8167ab0fb2eac9b25f80d9b16e40d039c76441a2
Author: Paul Wouters
Date: Thu Aug 18 14:16:39 2022 -0400
documentation: cleanup of LIBRESWAN-GPG-KEY.txt
___
Swan-commit mailing list
Swan-commit@lists.libreswan.org
https
201 - 300 of 4460 matches
Mail list logo
