in 20 seconds for #1
Dec 18 12:18:19 gate2 pluto[6960]: | next event EVENT_RETRANSMIT in 20
seconds for #1
Any help is highly appreciated
Kind regards
Juergen Hoffmann
==
Andreas Steffen
regards
Juergen Hoffmann
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland
anybody tell me whether strongswan 4.5.0 support
AES_XCBC_MAC_96 about IKE integrity? I could not find the algorithm list
in the doc.
Thanks and best regards.
==
Andreas Steffen andreas.stef
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640
Bard
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied
space.
Is there a way to stop charon from creating multiple CHILD SA with same TS
Thanks and Regards
Sajal
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution
. All my connections are defined with auto=add (a
mix of IKEv1 and IKEv2 connections).
Benoit.
On Dec 3, 2010, at 9:18 AM, Andreas Steffen wrote:
Hi Benoit,
it is strange that you get acquire events. Do you define any connections
in ipsec.conf with the setting auto=route? If yes
su: (to root) ksim on /dev/pts/4
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil
=217.24.19.114
rightid=CN=ASA 5510
rightca=%same
authby=xauthrsasig
auto=add
Any suggestions?
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland
CERTIFICATE-
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
--
==
Andreas Steffen
-modp2048!
conn testipsec
type=transport
left=10.168.80.8
leftprotoport=tcp/%any
#leftid=kap
right=10.168.65.1
rightprotoport=tcp/%any
#rightid=cep
auto=add
[r...@kap8 etc]#
==
Andreas Steffen
socket
charon has died -- restart scheduled (5sec)
charon refused to be started/
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Assuming from your /# prompt you are starting charon as root.
So this cannot be the reason that charon can't bind to the XFRM socket.
Andreas
On 11/17/2010 10:11 PM, Zorgh wrote:
Le 17/11/2010 21:56, Andreas Steffen a écrit :
Probably XFRM is not enabled in the kernel. Have look at the list
please let me know which interface does PLUTO uses to communicate
with
XFRM (kernel).
I am using strongswan 4.3.6 version.
Thanks
-Anand
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan
]#
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil
the certificate is being sent and parsed?
Thanks,
Michael Holstein
Cleveland State University
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution
,
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland
Regards
Andreas
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University
No, this is not possible. If you prefer one side then set it to
auto=start and the other side to auto=add.
Regards
Andreas
On 11/11/2010 11:35 PM, Wolfgang Walter wrote:
Hello Andreas,
On Thursday 11 November 2010, Andreas Steffen wrote:
Hello Wolfgang,
if you define auto=start on both
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution
'##.###.###.##'
This is something that used to work, is there a flag or something I can
do to make it go back to using the old way?
Henry.
-Original Message-
From: Andreas Steffen [mailto:andreas.stef...@strongswan.org]
Sent: Friday, November 05, 2010 3:32 PM
To: Henry R. Prins
were wiped out.
Great thanks in advance!
Best regards, Vladimir
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute
?
Thanks in advance for any recommendations.
Kind regards,
Holger
THE standard software for Aviation Authorities
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN
in case the client doesn't support IKEv2? Is
there some kind of auto recongnition of the IKE version supported by the
client?
Thanks in advance for any info.
Kind regards,
Holger
From: Andreas Steffen [andreas.stef...@strongswan.org
with the command
ip xfrm policy add While running the ipsec-tunnel the policies
shown with ip xfrm policy are the same in IKEv2 as IKEv1.
Thanks for any info
Oliver
==
Andreas Steffen andreas.stef
Michalle
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied
with reqids 2 and SPD entries with reqid 1.
-Mohammad
On 11/01/2010 08:45 PM, ext Andreas Steffen wrote:
Hi Mohammad,
I recommend to upgrade to strongSwan 4.4.1 or 4.5.0 where you
can fix the reqid with
conn xyz
reqid=value
Regards
Andreas
On 11/01/2010 07:17 PM
will be used to tell IKEv2 Stack that a packet has hit its kernel traps
and now you have to init an IKE_SA?
Thanks Regards
Vivek
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux
=Fondation RESTENA, CN=Test
Certificate
kind regards,
Claude
On Thursday 28 October 2010 23:59:01 Andreas Steffen wrote:
Hello Claude,
the Distinguished Names must be written in the address file without
the double quotes:
moon ipsec.d # cat addresses.txt
10.3.0.1
10.3.0.2
10.3.0.3
:
Is this something that will be changed in a future release or are
these characters not allowed in x509 certificates ?
regards, Claude
On Friday 29 October 2010 10:50:29 Andreas Steffen wrote:
Unfortunately there is currently no workaround.
Regards
Andreas
On 29.10.2010 09:23, Claude Tompers wrote
in 6
days ?
kind regards,
Claude
On Monday 25 October 2010 20:02:25 Andreas Steffen wrote:
Hello Claude,
I think I discovered the bug. In modecfg.c the attributes payload
was aligned to a 4-byte boundary but according to RFC 2408 only
the overall ISAKMP message should be aligned
regards, Claude
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University
4500, complainant
46.xx.xx.xx: Connection refused [errno 111, origin ICMP type 3 code 3
(not authenticated)]
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution
on
the right path.
The Cisco client tells me Negotiating security policies before it stops
silently.
On the other side, I don't see much in the pluto logs.
Any ideas ?
kind regards,
Claude
On Thursday 21 October 2010 12:22:56 Andreas Steffen wrote:
Hello Claude,
yes it should be possible
:
Hi Andreas,
Setting the leftsubnet did not work.
You can find the pluto log attached.
thank you
Claude
On Friday 22 October 2010 10:24:24 Andreas Steffen wrote:
Hello Claude,
could you provide some pluto logs with
plutodebug=all
set in ipsec.conf?
Regards
Andreas
BTW
:
I attached the Ciso log.
I think the interesting part starts at message 24.
kind regards,
Claude
On Friday 22 October 2010 11:27:24 Andreas Steffen wrote:
Hmmm, it seems that the Cisco client doesn't like
strongSwan's ModeCfg reply containing all these
Cisco Unity attributes because
Yep, I have the suspicion that there might be an issue with either
the attribute or total packet length.
Andreas
On 22.10.2010 15:47, Claude Tompers wrote:
So strongswan should send the exact same message, except for the actual
string ?
On Friday 22 October 2010 15:37:46 Andreas Steffen
But if you replace the standard banner by one defined via attr-sql,
it fails? Strange!
On 22.10.2010 15:04, Claude Tompers wrote:
It still does, if I do not set the attribute, I see the standard banner.
regards,
Claude
On Friday 22 October 2010 14:52:36 Andreas Steffen wrote:
I
Claude
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640
MODP_2048_256
My kernel is 2.6.18 and I am using libcrypto.so.0.9.8e .
What am I doing wrong?
Regards,
Mike
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution
?
kind regards, Claude
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University
because the configuration MUST be unique for each user, so it
can assign their fixed IPs...so what might the problem be? Maybe the
roadwarrior is presenting the subjectAltName?
==
Andreas Steffen
| mobile: +49.162.2470635
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
--
==
Andreas Steffen
.
Best regards
Andreas Steffen, Tobias Brunner, Martin Willi
The strongSwan Team
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland
samuel MORIN
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
help.
Are private keys and identites must be convert in the same format ?
Regards
samuel
Le 13/10/2010 14:57, Andreas Steffen a écrit :
Hi Samuel,
in the scripts directory of the strongSwan distribution there
is a bin2sql function which converts binary DER files into a
HEX-encoded string
@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640
. Is it still the case? Are we
going to implement it? It's a nice feature in order to clean up sa's
after a ungraceful disconnect.
Cheers
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan
?
Outgoing: analogous?
Thanks in advance :)
Chris.
Regards
Andreas
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute
MODP_6144 MODP_8192
MODP_1024 MODP_1024_160 MODP_768
What about all the GCM and CCM modes listed here:
http://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites ?
Thanks,
Chris.
==
Andreas Steffen
the host you can define a default block policy
using the ip xfrm policy add command.
Thanks so far :)
Cheers,
Chris.
Regards
Andreas
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan
On 10/03/2010 12:35 PM, Christoph Anton Mitterer wrote:
Hi.
On Sun, 03 Oct 2010 12:26:13 +0200, Andreas Steffen
andreas.stef...@strongswan.org wrote:
IKEv2 support for the AEAD modes CCM and GCM will be introduced
with the forthcoming strongSwan release 4.5.0.
Ah :D I couldn't just believe
,
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences
(UNITY_SPLITDNS_NAME)
unity_split_include --subnet (UNITY_SPLIT_INCLUDE)
unity_local_lan --subnet (UNITY_LOCAL_LAN)
So what do I need to do in order to get IP address assignment working?
--
==
Andreas Steffen
.
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution
is missing in the equivalent.
Thanks for your patience.
Have a nice weekend,
Chris.
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution
situation.
m
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University
in order to get IP address assignment working?
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies
Hi Troy,
the better solution is to switch to IPsec tunnel mode (which
MS Windows allows you to do).
Andreas
On 22.09.2010 21:33, Troy Telford wrote:
On Wednesday, September 22, 2010 01:04:54 pm Andreas Steffen wrote:
Hello Troy,
#4: NAT-Traversal: Transport mode disabled due to security
in the way of feature lists to
compare - it seems IKEv2 is the biggest difference.
Can anybody please enlighten me as to what the advantages offered by
strongswan are vs openswan?
==
Andreas Steffen
://wiki.strongswan.org/projects/strongswan/wiki/HighAvailability
Thank you very much for your help
Best regards
samuel
Best regards
Andreas
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN
that's enough information for you all to be
able to give me some guidance.
Thanks much for your help.
Dave
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution
# for iOS VPNs...
conn roadwarrior-l2tp-psk
type=transport
authby=secret
leftprotoport=17/1701
rightprotoport=17/%any
rightsubnet=vhost:%no,%priv
pfs=no
auto=add
==
Andreas Steffen
:15:33 destgd0h003661 avahi-daemon[2672]: dbus-protocol.c: Too many
objects for client ':1.13', client request failed.
-Original Message-
From: Andreas Steffen [mailto:andreas.stef...@strongswan.org]
Sent: Freitag, 17. September 2010 20:33
To: Groebl, Laurence (Laurence)
Cc
is not in the tunnel.
can I do that by use Iptables?
Many thanks!
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet
,
David.morris
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences
or
support all crypto proposals. Have you tried to restrict it to simple
ones as e.g.
ike=aes128-sha1-modp2048!
Do not forget to set the strict flag '!' so that only this suite is
proposed.
==
Andreas Steffen
IKE_SA_INIT response 0 [ N(INVAL_SYN) ]
received INVALID_SYNTAX notify error
r...@mercury:/home/user1#
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution
= option, but I'm trying to make our
ikev2 daemon work with charon without specifying ike_sa
and child_sa transformations.
Thanks,
Mike
On Tue, Sep 14, 2010 at 8:57 PM, Andreas Steffen
andreas.stef...@strongswan.org wrote:
Hi Mike,
actually the first configured proposal
of strongswan.conf
options we have updated the following table:
http://wiki.strongswan.org/projects/strongswan/wiki/StrongswanConf
Kind regards
Andreas
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan
=192.168.56.0/24
auto=route
ipsec.conf on host 3
conn gw
left=192.168.56.3
right=192.168.56.254
rightsubnet=192.168.56.0/24
auto=route
Regards
Andreas
On 10.09.2010 14:20, johann badinger wrote:
On 10.09.2010 13:45, Andreas Steffen wrote:
Hello Johann,
your
can I disable VPN banner when I connected? Possible?
Thanks.
Bests,
-Kalaj
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
.
Please help.
-Anand
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
ipsec
connection between linux with strongswan and windows xp i be very thankful.
If you need any extra information - just tell me ;)
P.S. Sorry for my horrible english ;)
Regards
Rafal from POLAND.
==
Andreas Steffen
.
Any opinions/hints/advices?
Thanks,
Mike
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
--
==
Andreas Steffen
unique subnets on the remote side.
Thanks
Stuart Beckett
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland
-CHOSEN.
The algorithms statement in the 'ipsec statusall' bothers me also.
Can anyone provide any assistance?
Thanks
Stuart Beckett
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux
mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution
firewall runs Strongswan as roadwarrior. It can
reach company network fine. How can I NAT the whole home network so
that computers at home can talk to the company network?
Thanks!
Frank
==
Andreas Steffen
) with strongswan? Shall I just comment out the charon
section and uncomment the pluto section in strongswan.conf? In the
ipsec.conf, I guess I should set charonstart=no and plutostart=yes?
Thanks!
Frank
==
Andreas Steffen
$PLUTO_INTERFACE variable. I thought 2.6 doesn't have the ipsec0
interface anymore. What will that variable point to? something like
eth0 (physical WAN interface)?
Regards,
Frank
On Tue, Jul 27, 2010 at 2:42 AM, Andreas Steffen
andreas.stef...@strongswan.org wrote:
Hello Frank,
starting
the user1 and user2 IPSEC configuration files in the attachments.
Regards
Depinder
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
...
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland
, that
are not supported by charon for now.
I tried to browse the code of eap_authentifier, but I didn't find the
answer...
Thanks for your help,
Christophe.
==
Andreas Steffen andreas.stef...@strongswan.org
in advance!
Best Regards,
Jessie
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
https://lists.strongswan.org/mailman/listinfo/users
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet
specifying the DN. Is there a way to tell Pluto that it
should trust the peer even if it does not know the DN?
Thank you,
Mark Marwil
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan
could try next? I feel like I am running out of
ideas, though I still haven't given up.
Once more, thanks a lot for your help!
Best regards,
Johannes
On Fri, 2010-06-25 at 04:14 +0200, Andreas Steffen wrote:
Hi Johannes,
this is a well known Checkpoint VPN-1 phenomenon where
Any ideas ?
thanks very much
Claude
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies
regards,
Claude
On Thursday 24 June 2010 11:59:03 Andreas Steffen wrote:
Hmmm, its seems that the curl plugin is required to
refetch CRLs from the local file system. Compile
strongSwan with
./configure --enable-curl
Regards
Andreas
On 24.06.2010 11:51, Claude Tompers wrote:
Hello,
My
601 - 700 of 946 matches
Mail list logo