Hi Andreas,
Did you activate or insert any debug statements writing
to stdout either in the strongSwan or OpenSSL code?
Yes. It was my mistake, I added a debug message in openSSL rsa_gen.c in
function RSA_generate_key_ex().
Now I removed the print statement, and command openssl rsa -inform
Hi,
strongswan4-mod-kernel-klips - 4.5.2-1
Please try to remove this module from your build. The kernel-klips
plugin was done for a very specific (and rather old) KLIPS release. And
depending on whether your kernel actually includes the KLIPS patch or
not might never work. So, do you
Federico.Mancini@... writes:
YES! It was the algorithms! I finally got a tunnel!
I have no idea which specific algorithm it was that was missing, I just
enabled a bunch of them, but most
likely AES, which I guess
is the de facto standard for symmetric cryptography rather than DES.
By the
Hi Tobias
Thank you so much for all the help in solving this issue iam facing.
You are right iam getting the same error when i use the -check option for
the priv key files. I will try to see why its so? Will get back to you with
any updates/info.
The surprising thing is that when i use the same
Thank you for your help and suggestions guys, got it working with OpenSwan.
On 09/11/11 10:55, Alex Lucas wrote:
Dears,
No ideas? I've tried a lot of combinations of config, including
specifying very specific IPs for left, leftsubnet, right,
rightsubnet, rightid etc. The docs are not too
Hello Anand,
your private key is not well formed. The OpenSSL command
openssl rsa -inform der -in caKey.der -noout -check
RSA key error: dmp1 not congruent to d
RSA key error: dmq1 not congruent to d
shows this. If I execute
ipsec pki --gen caKey1.der
on my system, my key is ok. You
Hello,
you define only mark 10 but not mark 20. No traffic will go through
the tunnel without a mark (either 10 or 20) set.
Regards
Andreas
On 11/14/2011 08:46 AM, Meera Sudhakar wrote:
Hi,
My aim is to create two IPsec tunnels using strongSwan between two
end-points, each having a
Hello Andreas,
Yes, I agree with you.
I have first set the following rules in the mangle table on both endpoints:
iptables -t mangle -A OUTPUT -j MARK --set-mark 10 -m dscp --dscp-class EF
iptables -t mangle -A PREROUTING -j MARK --set-mark 10 -m dscp --dscp-class
EF
So with these rules, all
Hi Alex,
Thank you for your help and suggestions guys, got it working with
OpenSwan.
Interesting. Would you care to share the config that enabled you to do
this with OpenSwan? Because I'm pretty sure L2TP/IPsec with destination
NAT (i.e. the responder behind a NAT) is currently not possible
Hi Tobias,
OpenSwan ipsec.conf:
config setup
nat_traversal=yes
protostack=netkey
conn psk-nat
rightsubnet=vhost:%priv
also=psk-nonat
conn psk-nonat
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
dpddelay=5
dpdtimeout=10
10 matches
Mail list logo