] 86.181.114.105: deleting connection blackswan
instance with peer 86.181.114.105 {isakmp=#0/ipsec=#0}
The connection then comes back up again - as the other side is still
knocking at the door - and communication is restored.
Any ideas on what is going wrong?
Tony Whyman
MWA
was change - 2nd argument from char 8 to
const char *. Note: the macro UNBOUND_VERSION_MAJOR only seems to have
appeared in unbound.h from 1.4.21 onwards.
Tony Whyman
MWA
diff -rupN libreswan-3.14rc3.orig/debian/changelog
libreswan-3.14rc3/debian/changelog
--- libreswan-3.14rc3.orig/debian
char rootanchor[] /*line 35 of lib/libswan/unbound.c */
probably needs to be conditional on the version number of unbound.h
Tony Whyman
MWA
On 04/07/15 13:43, Tony Whyman wrote:
I have tried the new 3.14rc3 and 3.14rc2, trying to build each under
Ubuntu Precise (12.04 LTS) and Trusty (14.04
Ubuntu 14.04 uses 3.19.2.
On 08/09/15 20:44, Paul Wouters wrote:
Our tests used
nss-3.18.0-1.fc21.
___
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan
as
the problem.
I am thus guessing that because of the parse problem in the import
script, no one has actually tested 1.15 with a CA having spaces in its
nickname - hence this is why I think that this is where the problem lies.
Tony Whyman
MWA
On 08/09/15 13:33, Paul Wouters wrote:
On T
-v "^$" | while
read -r cert; do
There may be a better way but this seems to remove the trailing white
space that was causing the problem for me.
Tony Whyman
MWA
On 08/09/15 16:06, Paul Wouters wrote:
Ok, then your issue has not been the update of the nss database. Your
problem t
L
Trying 'rebecca.mwassocs.co.uk'
Trying 'MWA Root CA '
certutil: Could not find cert: MWA Root CA
: PR_FILE_NOT_FOUND_ERROR: File not found
Note the space at the end of the "cert" variable. This is why the script
fails.
Tony Whyman
MWA
On 08/09/15 15:21, Tony Whyman wrote:
Paul,
Thanks for g
.
Regards
Tony Whyman
MWA
On 09/12/15 14:45, Paul Wouters wrote:
Hi,
I've expanded the openswan migration document to contain a lot more
information about possible changed behaviour and manual changes needed
for a smooth migration from openswan to libreswan.
If you have done this migration, it would
It's these small differences that, in practice, affect the user much
more than the build time parameter changes.
Tony
On 09/12/15 23:07, Tom Robinson wrote:
On 10/12/15 02:03, Tony Whyman wrote:
Thus my feedback is that the removal of the X.509 file support and the need to
understand how to us
gateways. The passive side also has a dpdaction of clear.
The NAT gateways are also set up to forward all incoming port 500/4500
UDP to the secure gateways.
Good luck
Tony Whyman
On 11/02/16 12:59, Jacob Vind wrote:
Hi,
I really hope we can get some help, we are trying to set up a
subnet-to-subnet
Are there any plans to implement RFC 5374 in libreswan?
Tony Whyman
MWA
___
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan
naturally, I am looking to see what may be out there
at present.
Regards
Tony Whyman
MWA
On 19/05/16 16:33, Paul Wouters wrote:
If you look at
https://tools.ietf.org/html/rfc6071#section-6
There isn't really a method that I know to add this to IKEv2 ?
So I am not sure what he exact feature
Is there any way to reacting to an ipsec tunnel up/down event in (e.g.)
/etc/network/if-up.d or through udev?
Regards
Tony Whyman
MWA
___
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan
: unexpected operator
Looks like a simple script error. Line 319 is
${rc}=$?
and changing it to
let ${rc}=$?
seems to fix the problem.
Regards
Tony Whyman
MWA
___
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan
tions been dropped?
Note: Ubuntu 14.04/Mint 17 is an LTS release and is still in wide use.
Tony Whyman
On 10/08/17 02:34, The Libreswan Project wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has released libreswan-3.21
This is a bugfix and feature release.
Ne
There also appears to be no mechanism to force IPv4 or IPv6 no that
"connaddrfamily" has been obsoleted.
The result of all this is that it appears that with dual stack systems,
explicit IP addresses have to be used if you are to have any chance at
all of establishing IPsec tunnels, an
16 matches
Mail list logo
