Hi,
I can not find the daemon.log on moon side.
charon by default logs to the DAEMON syslog facility. But it depends on
your syslogger configuration to which file syslogger logs to.
The moon side is Fedora Core 9 Linux.
Our (rather old) Fedora box uses /var/log/daemon.
Regards
Martin
Hi,
I have tried the IKEV2 config-payload example as
http://www.strongswan.org/uml/testresults43/ikev2/config-payload/ successfully.
I want to get the inner virtual IP address that are assigned by config-payload
for later use in my application by SHELL command or TCL. Is there an easy way
to
Hi all!
Today, I try install strongswan 4.3.4 and run some tests in
testing/tests/openssl-ikev1/ecdsa-certs directory.
when I start ipsec and then view log in /var/log/secure, I get this:
...
ipsec_starter [ 10388] : pluto has died --restart scheduled (5sec)
I try restart ipsec many times but
Hi,
in order to help you I need the complete log plus your
ipsec.conf file.
Regards
Andreas
Nguyễn Hoàng Anh wrote:
Hi all!
Today, I try install strongswan 4.3.4 and run some tests in
testing/tests/openssl-ikev1/ecdsa-certs directory.
when I start ipsec and then view log in
Hi Martin, Hi all,
When I try to find out the mechanism of virtual IP and initiate the
strongswan with the following configuration, but I always got the error
indication: unable to initiate to %any.
Please give me a clue to trace down this problem , thanks.
Configuration of two peers:
Hi Roger,
the assigned virtual IP Address is available in the environmental
variable $PLUTO_MY_SOURCEIP in the /usr/libexec/ipsec/_updown script
which is called by the charon daemon after the IPsec SA has been
established successfully. You could adapt the _updown script so that
it communicates
Hi David,
with right=%any you cannot actively initiate a connection as
an initiator since the peer's IP address is not known. You can
only act as a passive responder waiting for the other side to
initiate.
Regards
Andreas
weiping deng wrote:
Hi Martin, Hi all,
When I try to find out the
We've come across a problem sending UDP packets through a tunnel when the
tunnel goes through a firewall and I was hoping someone can
explain/confirm what is going on (please).
Our machine sets up a tunnel to a secure gateway and then opens a UDP
socket through that tunnel to a machine on the far
Hi Graham,
So, it appears that the UDP packets come through the tunnel, are decrypted
and then looped-back through the firewall ?
That is correct.
I'm not too keen on opening the firewall to all UDP packets using that UDP
port number. Is there a more elegant method ?
Yes, you could use the
Hi Andreas,
I got it. Thanks for your help. I have another question to ask:
If the leftid and rightid can not be provided when I configure two
peers? If I did not provided these information, it will adopt the subject
id in the certificate. Is it right?
Best Regards,
David
-邮件原件-
发件人:
Andreas,
I found the $PLUTO_MY_SOURCEIP is empty after the IPSec SA is established
successfully. I want to get the virtual IP by this env that this will introduce
greate convenience to my application coding.
[r...@localhost etc]# ipsec up home
initiating IKE_SA home[1] to 135.252.130.87
Hi Andreas,
I always think it is inconvenient to let users configure leftid and
rightid with complete DN or AltSubjectName. If the current version of
strongswan supports the automatic acquired of these two information even if
certificate is configured as never to be send? if not supported, is
12 matches
Mail list logo
