[strongSwan] ANNOUNCE: strongswan-4.5.1 released

2011-02-12 Thread Andreas Steffen
Hello, we are proud to release strongSwan 4.5.1 which comes with a lot of new features: Trusted Network Connect (TNC) - - Sansar Choinyambuu implemented the RFC 5793 Posture Broker Protocol (PB) compatible with Trusted Network Connect (TNC). The TNCCS 2.0

[strongSwan] ANNOUNCE: strongSwan packages for Maemo (Nokia N900)

2011-02-12 Thread Tobias Brunner
Hello, despite the recent news about Nokia's plans to partner with Microsoft, we are happy to announce that packages for strongSwan 4.5.1 are now available in the maemo.org Extras repository, which provides software for Maemo based devices such as the Nokia N900. Package: strongswan-applet [1]

Re: [strongSwan] ANNOUNCE: strongSwan packages for Maemo (Nokia N900)

2011-02-12 Thread Martin Lambev
I want to thank you for that wonderful gift! A long wanted feature :) I'll test the package and give feed back. Is it fine to write bug reports here or else? I tested initial package v.4.5.0-*rc.. but had some problems with strongswan-applet ( after reboot, was blocking normal load and work of

[strongSwan] StrongSWAN and AVM Fritzbox - Help!

2011-02-12 Thread Rene Bartsch
Hi, I'm new to IPSec and StrongSWAN, so a Hello to all list members! ;-) Setting up a VPN tunnel between two Fritzboxes and a Ubuntu server drives me crazy. Packets from the private subnet of the Ubuntu server lead to a VPN tunnel creation and everything working fine, but packets from the

Re: [strongSwan] StrongSWAN and AVM Fritzbox - Help!

2011-02-12 Thread Andreas Steffen
Hello Rene, strongSwan never sets up a tunnel based on incoming plaintext packets. With auto=route only outgoing plaintext trigger the setup of an IPsec tunnel. Packets from a subnet behind the Fritzbox should cause the Fritzbox to initiate an IKE negotiation. In any case a tcpdump or wireshark

Re: [strongSwan] StrongSWAN and AVM Fritzbox - Help!

2011-02-12 Thread Andreas Steffen
Hello Rene, you must open UDP port 500 for IKE and UDP port 4500 if you have a NAT situation. In order to pass encrypted IPsec packets you must open IP protocol 50 (ESP). Regards Andreas On 02/12/2011 08:15 PM, Rene Bartsch wrote: Hello Andreas, After using tcpdump I set all IPTables

Re: [strongSwan] StrongSWAN and AVM Fritzbox - Help!

2011-02-12 Thread Rene Bartsch
Hello Andreas, I've added the rules iptables -t filter -A INPUT -d public IP -p esp -m comment --comment ACCEPT IPSec ESP -j ACCEPT iptables -t filter -A INPUT -d public IP -p udp -m udp --dport 500 -m comment --comment ACCEPT IPSec IKE -j ACCEPT iptables -t filter

Re: [strongSwan] StrongSWAN and AVM Fritzbox - Help!

2011-02-12 Thread Rene Bartsch
On Sat, 12 Feb 2011 21:10:41 +0100, Andreas Steffen andreas.stef...@strongswan.org wrote: On 02/12/2011 08:58 PM, Rene Bartsch wrote: Hello Andreas, I've added the rules iptables -t filter -A INPUT -dpublic IP -p esp -m comment --comment ACCEPT IPSec ESP -j ACCEPT