[strongSwan] Questions regarding AH protocol usage

Hi Everyone, I am a developer at Vyatta [ http://www.vyatta.org/ ] and I would like to start by thanking and congratulating the Strongswan developers and community for building this robust and stable software. With release Vyatta Core 6.0 which happened last week, we've integrated Strongswan fo

Re: [strongSwan] Need help reviewing a tutorial on smartcards

On Fri, 2010-04-09 at 15:59 +0100, Dimitrios Siganos wrote: > > But the logs are saying that it can't find your private kays. The > logs > also suggest that it loads at least one certificate from the > smartcard. Sorry, I forgot to publish the ipsec.secrets file: : PIN %smartcard %prompt Then

Re: [strongSwan] Need help reviewing a tutorial on smartcards

François Pérou wrote: > On Fri, 2010-04-09 at 11:35 +0100, Dimitrios Siganos wrote: > >> It sounds right. But obviously that depends on default directory >> settings and ipsec.conf configuration. You can also use absolute >> pathnames. I do that sometimes to simplify things when I get confused

Re: [strongSwan] charon IKEv2 usb smartcard dongle integration

These are comments I received about the topic on a different thread. François Pérou wrote: > On Fri, 2010-04-09 at 00:51 +0100, Dimitrios Siganos wrote: > >> "charon IKEv2 usb smartcard dongle integration" >> >> > > To

Re: [strongSwan] strongswan.conf for eap-radius

Hi, > The strongswan conf parser though thinks that this a syntactical "}". Yes, the strongswan.conf parser has some shortcomings, and this is definitely one that needs a fix. > I think this is something that should be fixed in upcoming releases ? Probably a lex/yacc based parser would make sen

Re: [strongSwan] strongswan.conf for eap-radius

Hi, I've found the error. Our shared secret contains a "}" which is of correct form for radius. The strongswan conf parser though thinks that this a syntactical "}". I think this is something that should be fixed in upcoming releases ? kind regards Claude Tompers On Friday 09 April 2010 10:51:

Re: [strongSwan] Need help reviewing a tutorial on smartcards

On Fri, 2010-04-09 at 11:35 +0100, Dimitrios Siganos wrote: > It sounds right. But obviously that depends on default directory > settings and ipsec.conf configuration. You can also use absolute > pathnames. I do that sometimes to simplify things when I get confused. > > Without some debug logs I

Re: [strongSwan] Need help reviewing a tutorial on smartcards

François Pérou wrote: > On Fri, 2010-04-09 at 07:58 +0200, François Pérou wrote: > > Dear Dimitrios, > > I modified to have pluto running in debug mode on Carol: > http://www.gooze.eu/howto/using-strongswan-with-smart-cards/configuring-road-warrior-carol > > This seems to work fine on Carol side

Re: [strongSwan] New Problems with Juniper SRX after FW Upgrade - INVALID_ID_INFORMATION

Hi Daniel, the problem is the following: Apr 9 09:13:58 id-soft pluto[29125]: "DUS" #2: protocol/port in Phase 1 ID Payload must be 0/0 or 17/500 but are 17/0 Section 4.6.2 "Identification Payload Content" of RFC 2407 states the following requirement: During Phase I negotiations, the

[strongSwan] Antwort: Re: New Problems with Juniper SRX after FW Upgrade - INVALID_ID_INFORMATION

Thank you Andreas, it seams to be great work from Juniper again. I there a way to do a turn around ? Talking to people from Juniper is like talking against a wall. Br Daniel Von:Andreas Steffen An: daniel.fr...@geneva-id.com Kopie: users@lists.strongswan.org Datum: 09.04.2010 11:25

Re: [strongSwan] SA failed while configuring through stroke message

How do you know that the packets are not being encapsulated? Does ipsec statusall show 0 transmitted inbound and outbound bytes? Regards Andreas MANORANJAN S wrote: > Hi all, > > I was able to establish a connection. > > I have configured connection using stroke message: > > ./stroke add suha

Re: [strongSwan] strongswan.conf for eap-radius

The correct syntax as extracted from moon's strongswan.conf file in the ikev2/rw-eap-md5-radius test scenario http://www.strongswan.org/uml/testresults43dr/ikev2/rw-eap-md5-radius/ is charon { plugins { eap-radius { secret = gv6URkSs server = 10.1.0.10 } } } Regards And

Re: [strongSwan] strongswan.conf for eap-radius

> I've tried it, the logs say the same as with the "plugin" block: > eap-radius { strongSwan version? If you use pre 4.3.5, try eap_radius instead: > strongswan-4.3.5 > > > - Plugin names have been streamlined: EAP plugins now have a dash after eap > (e.g. eap-sim), as it

Re: [strongSwan] strongswan.conf for eap-radius

/etc/strongswan.conf is correctly found, all other options seem to be honored. I did not configure with group, so its permissions are root:root 644. regards Claude -- Claude Tompers Ingénieur réseau et système Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherc

[strongSwan] New Problems with Juniper SRX after FW Upgrade - INVALID_ID_INFORMATION

Hi there, we got new problems with Juniper SRX after upgrade to JUNOS 10.1R1.8. It seams to be a problems with the proxy-id settings ( INVALID_ID_INFORMATION). I have tested all possible settings with internal and extenal IPs without success. Has somebody a idea ? Apr 9 09:13:58 id-soft pluto[

Re: [strongSwan] Need help reviewing a tutorial on smartcards

On Fri, 2010-04-09 at 07:58 +0200, François Pérou wrote: > > > Dear Dimitrios, I modified to have pluto running in debug mode on Carol: http://www.gooze.eu/howto/using-strongswan-with-smart-cards/configuring-road-warrior-caro

Re: [strongSwan] SA failed while configuring through stroke message

Hi all, I was able to establish a connection. I have configured connection using stroke message: ./stroke add suhas 10.0.0.2 10.0.0.1 10.0.0.2 10.0.0.1 2.2.2.0/24 1.1.1.0/2424 24 where 10.0.0.1 and 10.0.0.2 are two linux machine ip and 2.2.2.0/24 and 1.1.1.0/24 are the subnets This is the messa