[strongSwan] Listing multiple IP addresses on the rightsubnet

Hi, I've been given multiple IP addresses that are too diverse to fit in a reasonable sized subnet. I am using the same installation as a lan-to-lan gateway for multiple connections, and I don't wish to use an oversized subnet that might make life harder in adding newer subnets in the future.

Re: [strongSwan] Listing multiple IP addresses on the rightsubnet

Hello Mahdy, this notation works with IKEv2 only. Regards Andreas On 26.03.2012 10:53, Mohammady Mahdy wrote: Hi, I’ve been given multiple IP addresses that are too diverse to fit in a reasonable sized subnet. I am using the same installation as a lan-to-lan gateway for multiple

Re: [strongSwan] Upgrade issue

Hi Peter, With 4.4.0, this works great; here's a relevant snippet from pluto.log (after all the certs have checked out): | XAUTHInitRSA check passed with keyid 08:f4:bf:b9:2d:e8:da:89:48:51:70:dc:1a:e8:a8:93:33:02:a1:3c ... Now when I use the same config on 4.5.2, I get a slightly

Re: [strongSwan] local traffic inspection on strongswan endpoint, how?

Hi Andreas, Have a look at the last question in our FAQs [1]. i just learned that the tcpdump -E option can do something like what i want. tcmpdump seems quite limited regarding the supported algorithms. You could try to dump the packets with tcmpdump to a file and then analyze them with

[strongSwan] need to allow ssl restriction

I am using 4.6.2 charon with IKEv2. What approaches are suggested to allow TLS / 443 traffic restriction so that they are not subject to IPSec. Regards, -sanjay [cid:tree43f6.png]Please consider the environment before printing this email. DISCLAIMER: This

Re: [strongSwan] need to allow ssl restriction

Hello Sanjay, you can define a pass shunt policy for TCP port 443. Just have a look at our example scenario: www.strongswan.org/uml/testresults/ikev2/shunt-policies/ Regards Andreas On 26.03.2012 20:12, Shukla, Sanjay wrote: I am using 4.6.2 charon with IKEv2. What approaches are suggested

Re: [strongSwan] Upgrade issue

Hi Tobias, Thanks for getting back to me. I should have mentioned that the different keyids are just an artifact of the automatic process we have for provisioning clients. I've gone back and used the same identity on both servers just to be sure, and see the same results. I've also been trying

Re: [strongSwan] Listing multiple IP addresses on the rightsubnet

Thanks for your reply. Is there a known workaround around this? Thanks Best Regards, Mahdy -Original Message- From: Andreas Steffen [mailto:andreas.stef...@strongswan.org] Sent: Monday, March 26, 2012 6:26 PM To: Mohammady Mahdy Cc: users@lists.strongswan.org Subject: Re: [strongSwan]