On 31 August 2017 at 19:40, Noel Kuntze
wrote:
> The aborting of the initation is a deliberate design decision. That is
> because this is a configuration error of the remote peer.
> Use auto=route to get the kernel and charon to try to establish
Hi,
The aborting of the initation is a deliberate design decision. That is because
this is a configuration error of the remote peer.
Use auto=route to get the kernel and charon to try to establish a matching
CHILD_SA for the traffic matching the TS.
There are many more failure cases than just
I've now changed the testScript[1] to first start moon, wait for the
strongswan-swanctl service to start and then start carol. Using this
setup it's almost guaranteed that moon has loaded the connection
before carol initiates the connection.
In the process of debugging this I did discover the
I have read the wiki about swanctl.conf, but have not found a good solution.
e.g. I have a subnet 172.22.0.0/16, and a special ip 172.22.22.22 who does not
want to run into ipsec tunnel.
Does StrongSwan support '-'?
like this:
local_ts = 172.22.0.1-172.22.22.21,172.22.22.23-172.22.255.255
Is
Hi,
> Is there any easy way?
Define a passthrough policy for that IP (mode=pass).
Regards,
Tobias
I have read the wiki about swanctl.conf, but have not found a good solution.
e.g. I have a subnet 172.22.0.0/16, and a special ip 172.22.22.22 who does not
want to run into ipsec tunnel.
Does StrongSwan support '-'?
like this:
local_ts = 172.22.0.1-172.22.22.21,172.22.22.23-172.22.255.255
Is
Hi John,
currently strongSwan supports signature keys residing in the NVRAM
of the TPM 2.0, only. These can be accessed using the object handle
range 0x8101. Private keys stored in the NVRAM of the TPM 2.0
have the big advantage that you can wipe the hard disk or SSD
without irretrievably
Ok after studying this part of the log a bit further:
https://gist.github.com/basvandijk/a2de93d8c93ce925838c1dbf2ee1d925#file-strongswan-swanctl-test-failure-log-L1428:L1459
I see that the following is going on:
1. moon has started charon-systemd but hasn't loaded the connection yet
2. carol
Hi Tobias/Hi all,
After some reading I have a conclusion that TPM 2.0 can only be used with
strongswan 5.5.2 or newer.
The example that the strongswan wiki provides shows storing the keys inside
the tpm (as far as I understand the example correctly). But all the tpm
sources I've read states that
I also included the log of a successful test run:
https://gist.github.com/basvandijk/a2de93d8c93ce925838c1dbf2ee1d925#file-strongswan-swanctl-test-success-log
On 31 August 2017 at 09:09, Bas van Dijk wrote:
> I noticed that my test succeeds most of the time but I just
I noticed that my test succeeds most of the time but I just observed a
test run where carol keeps trying to ping alice but fails each time.
The following line from the test log[1] seems suspect:
carol# [ 4.538963] charon-systemd[716]: received NO_PROPOSAL_CHOSEN notify error
I haven't looked
11 matches
Mail list logo