Hi Jan,
this is not much information that you are giving.
A strongSwan log would be most welcome. Are there
any IKE_SA_INIT packets arriving on the strongSwan
server? If not, does the IKE_SA_INIT packet leave
the Windows 7 client (check with wireshark). If
the IKE_SA_INIT packet leaves the Win7
Hi Andreas Schuldei,
Andreas Schuldei wrote:
On Sat, Dec 26, 2009 at 5:11 PM, Daniel Mentz
danielml+mailinglists.strongs...@sent.com wrote:
Hi Andreas Schuldei,
I guess that IKE traffic on port 500 is never protected by ESP because it
has its own protection which is the IKE SA. So don't
Hi,
I'm using StrongSwan 4.2.4 (default in Debian 5.0) and tried to enable it to
accept Windows 7 IPSec-VPN connections as desribed on
http://wiki.strongswan.org/wiki/1/Windows7. I got it working that the
certificates are accepted correctly on windows 7 side but now the connection
Daniel, thank you VERY much!
when would be a good time to run those commands? are there hooks in
strongswan to call a script containing those commands? or are there
scripts on the system already where i can add these commands?
On Mon, Dec 28, 2009 at 3:05 PM, Daniel Mentz
On Mon, Dec 28, 2009 at 11:16 PM, Andreas Schuldei
schuldei+strongs...@spotify.com wrote:
Daniel, thank you VERY much!
when would be a good time to run those commands? are there hooks in
strongswan to call a script containing those commands? or are there
scripts on the system already where i
so i configured ssh to bypass ipsec, set up ssh to use blowfish
encryption and set up rshd on the test machine (which gave me
goosebumps).
r...@krista:~# time rcp bigfile teagan:
real0m8.738s
user0m0.008s
sys 0m7.188s
r...@krista:~# time scp bigfile teagan:
bigfile
Hello Andreas,
I have been trying to setup rekeying of both IKE SA annd IPSEC SA. But there
is some confusion as to what is really the correct behaviour.
I understand that there some attributes which need to be set :
ikelifetime
lifetime
rekeymargin
rekeyfuzz
rekey
reauth
We have a requirement
Thanks Andreas for this.
I tried using just CN=AXC/ROOT/#12345
but this doesnt work. I got a error from strongswan saying INVALID_ID.
I am not sure what is the mistake here.
Thanks
Ashish.
On Thu, Dec 24, 2009 at 2:12 PM, Andreas Steffen
andreas.stef...@strongswan.org wrote:
Hello Ashish,
Hi Ashish,
in ipsec.conf set
plutodebug=control parsing raw
and send me the resulting log after you tried to set up the connection.
Regards
Andreas
ashish mahalka wrote:
Thanks Andreas for this.
I tried using just CN=AXC/ROOT/#12345
but this doesnt work. I got a error from strongswan