Hi Martin,
I forgot to install the xfrm4_mode_tunnel.ko and xfrm4_mode_transport.ko.
After I installed these two modules, the problem has gone. Thank you for
your help.
Best Regards,
David
-邮件原件-
发件人: users-boun...@lists.strongswan.org
[mailto:users-boun...@lists.strongswan.org] 代表
Hi Martin,
Excuse me. There are two questions about the EAP-SIM and EAP-AKA
implementation as followed, please help me, thanks.
Q1:
In the current implementation of EAP-SIM and EAP-AKA authentication, the
payload of IDENTITY REQ was not handled or handled with only attribute ID.
Is there a
Hello listusers,
we are currently trying to divide the traffic so that not all the
traffic goes through the VPN tunnel. We have the following (simplified)
network setup:
insideoutside
10.x.x.x -- [IPSec GW] -- Internet
and the following config:
# basic configuration
Hi,
In the current implementation of EAP-SIM and EAP-AKA authentication,
the payload of IDENTITY REQ was not handled or handled with only
attribute ID.
For EAP-SIM, we just reply identity requests with the configured
identity. The same semantics have been implemented for EAP-AKA just last
Hi Peter,
ipsec tunnels build from inside should have [...]
ipsec tunnels build from outside (Internet) should have [...]
Is there a way to extend/modify the config to get this behaviour?
You can define two different configurations, one for internal, one for
external connections. The tricky
Hi Martin,
Thank you for your quick answer. As a generic open-source project, covering
the basic part of protocols is an advisable selection because the
corresponding specification always is in change. The current implementation
of these two authentication mechanisms is a good start for future
Hi again,
The way to go is probably gateway address matching
Forgot to mention, our UML scenarion [1] uses such a configuration to
select different source address, but defining different leftsubnets
works the same way.
Regards
Martin