Can anyone point me in the right direction to getting traffic routed
across a site-site tunnel in a scenario where there is a subnet conflict?
Basically, our local subnet (10.100.0.0/23) conflicts with one on the
remote side, so we need to use NAT to trick the other side into seeing
us as
Hi Tobias,
this is what I see in logs:
b-test strongswan: 10[CFG] <25> looking for peer configs matching
server-side[%any]...client-side[ciscoasa]
b-test charon-systemd[130481]: looking for peer configs matching
server-side[%any]...client-side[ciscoasa]
b-test strongswan: 10[CFG] <25> peer
Thanks a lot for your answer. I just found out a working (though not
perfect) solution.
We have the default Charon configuration, which basically loads all modules
Charon was built with. I spent hours tweaking charon's configuration to
have eap-dynamic prefer mschapv2, disable eap-md5, etc. With
Hi,
> The feature list explicitly states that the android client supports
> EAP-MSCHAPv2, but I see no way to actually enforce that on the client,
> and the authentication keeps failing because EAP-MD5 is used.
The (AAA) server is the one initiating the EAP method, the client can't
explicitly
I am having issues getting EAP-MSCHAPv2 working with the Android client.
The feature list explicitly states that the android client supports
EAP-MSCHAPv2, but I see no way to actually enforce that on the client, and
the authentication keeps failing because EAP-MD5 is used.
Hi Volodymyr,
> do not work - StrongSwan do not consider this connection when choosing
> between few.
Increase the log level for cfg to 3 [1] to see details about the matched
identities and read or send the log.
> What is the right way to describe id for PSK connection where remote
> part uses