Hi Michael,
overridemtu only helps with IPsec ESP payload packets and the
KLIPS IPsec stack from the FreeS/WAN project. It does not help
with IKE because the messages MI3 and MR3 cannot be logically
split into two UDP datagrams (some VPN vendors have a proprietary
FRAGMENTATION option.though, whic
> The IKE protocol is transported in UDP datagrams. If you are
> transmitting certificates with 2048 bit RSA keys the IKE message
> becomes larger than the MTU of 1500 bytes and the datagram gets
> fragmented. Most firewalls and many routers discard IP fragments
> by default so the IKE message neve
> The IKE protocol is transported in UDP datagrams. If you are
> transmitting certificates with 2048 bit RSA keys the IKE message
> becomes larger than the MTU of 1500 bytes and the datagram gets
> fragmented. Most firewalls and many routers discard IP fragments
> by default so the IKE message neve
Hi Scott,
I have never tried it (iPhone) before but I am sure it can be done. it cannot
be that much different from Mac OS X, which has been known to work well with
Strongswan. Mac OS is not widely used in my network, but I have had to set up a
connection once for one of people I work with.
H
The IKE protocol is transported in UDP datagrams. If you are
transmitting certificates with 2048 bit RSA keys the IKE message
becomes larger than the MTU of 1500 bytes and the datagram gets
fragmented. Most firewalls and many routers discard IP fragments
by default so the IKE message never reaches
Hello all,
# ipsec version
Linux strongSwan U2.8.8/K2.6.18-92.el5 (native)
Though I'm involved in the ipsec for quite some time I've got a
problem with the key length recently.
I created a key (and a host cert), though in rather too much relaxed
manner, with the openssl option "-newkey rsa:2048"
I was wondering if anyone has successfully connected the iPhone to strongswan
using L2TP/IPSEC? I have been trying, but unsuccessful so far. I have stepped
back a bit and I am now trying to get the Leopard L2TP/IPSEC client to connect
to strongswan. Again, so far I have been unsuccessful. I
Hi Michael,
strongSwan offers the following support for username password:
- IKEv1 Main Mode with Mutual RSA authentication +
XAUTH client authentication with username/password
http://www.strongswan.org/uml/testresults42/ikev1/xauth-rsa/
- IKEv2 Server Side RSA authentication + client side E
Hello Strongswan-team,
is there a setup with strongswan for username and password (one time
password, otp) authentication with a checkpoint vpn-server ?
Best regards
Michael
--
Dr. Michael von Mengershausen, MR-Physik / PET
Max-Planck-Institute for Neurological Research
Gleueler Str. 50
