Re: [strongSwan] WG: problem connecting to juniper ssg5

in 20 seconds for #1 Dec 18 12:18:19 gate2 pluto[6960]: | next event EVENT_RETRANSMIT in 20 seconds for #1 Any help is highly appreciated Kind regards Juergen Hoffmann == Andreas Steffen

Re: [strongSwan] problem connecting to juniper ssg5

regards Juergen Hoffmann == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications

Re: [strongSwan] no RSA public key known but ID is correct / even with rightcert

== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland

Re: [strongSwan] about IKE Integrity

anybody tell me whether strongswan 4.5.0 support AES_XCBC_MAC_96 about IKE integrity? I could not find the algorithm list in the doc. Thanks and best regards. == Andreas Steffen andreas.stef

Re: [strongSwan] strongswan/L2TP and NAT-T transport with both NATed

== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640

Re: [strongSwan] Strongswan and Umip

Bard == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications University of Applied

Re: [strongSwan] Charon: Limit the Number of SAs that can be created with same Traffic Selectors

space. Is there a way to stop charon from creating multiple CHILD SA with same TS Thanks and Regards Sajal == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution

Re: [strongSwan] IKEv1 connection issues after upgrading from 4.4.1 to 4.5.0

. All my connections are defined with auto=add (a mix of IKEv1 and IKEv2 connections). Benoit. On Dec 3, 2010, at 9:18 AM, Andreas Steffen wrote: Hi Benoit, it is strange that you get acquire events. Do you define any connections in ipsec.conf with the setting auto=route? If yes

Re: [strongSwan] certificate status is not available

su: (to root) ksim on /dev/pts/4 -- == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies

Re: [strongSwan] Fail on loading secrets (ECDSA)

== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil

Re: [strongSwan] StrongSwan to Cisco ASA connection issue

=217.24.19.114 rightid=CN=ASA 5510 rightca=%same authby=xauthrsasig auto=add Any suggestions? == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution

Re: [strongSwan] SPI range in 4.5.0

== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland

Re: [strongSwan] strongswan 4.3.6 IKEv1 not working for 3des-sha1

== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland

Re: [strongSwan] Authentication Problem using certificates

CERTIFICATE- ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users -- == Andreas Steffen

Re: [strongSwan] StrongSwan to accept IKE initiated from other end?

-modp2048! conn testipsec type=transport left=10.168.80.8 leftprotoport=tcp/%any #leftid=kap right=10.168.65.1 rightprotoport=tcp/%any #rightid=cep auto=add [r...@kap8 etc]# == Andreas Steffen

Re: [strongSwan] charon too long to start...

socket charon has died -- restart scheduled (5sec) charon refused to be started/ == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org

Re: [strongSwan] charon too long to start...

Assuming from your /# prompt you are starting charon as root. So this cannot be the reason that charon can't bind to the XFRM socket. Andreas On 11/17/2010 10:11 PM, Zorgh wrote: Le 17/11/2010 21:56, Andreas Steffen a écrit : Probably XFRM is not enabled in the kernel. Have look at the list

Re: [strongSwan] pluto uses which kernel interface

please let me know which interface does PLUTO uses to communicate with XFRM (kernel). I am using strongswan 4.3.6 version. Thanks -Anand == Andreas Steffen andreas.stef...@strongswan.org strongSwan

Re: [strongSwan] No acceptable DIFFIE_HELLMAN_GROUP found

]# == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil

Re: [strongSwan] Android (normal client) + L2TP/IPSEC and certificates

the certificate is being sent and parsed? Thanks, Michael Holstein Cleveland State University -- == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution

Re: [strongSwan] charon often has two tunnels for one connection

, -- == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland

Re: [strongSwan] Android (normal client) + L2TP/IPSEC and certificates

Regards Andreas == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications University

Re: [strongSwan] charon often has two tunnels for one connection

No, this is not possible. If you prefer one side then set it to auto=start and the other side to auto=add. Regards Andreas On 11/11/2010 11:35 PM, Wolfgang Walter wrote: Hello Andreas, On Thursday 11 November 2010, Andreas Steffen wrote: Hello Wolfgang, if you define auto=start on both

Re: [strongSwan] Host-To-Host IKEV2 - no matching peer config found

___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users -- == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution

Re: [strongSwan] secrets and fqdn

'##.###.###.##' This is something that used to work, is there a flag or something I can do to make it go back to using the old way? Henry. -Original Message- From: Andreas Steffen [mailto:andreas.stef...@strongswan.org] Sent: Friday, November 05, 2010 3:32 PM To: Henry R. Prins

Re: [strongSwan] Pluto clears SAD and SPD on exit

were wiped out. Great thanks in advance! Best regards, Vladimir == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute

Re: [strongSwan] Recommendation for IKEv2 Capable Client on Win XP

? Thanks in advance for any recommendations. Kind regards, Holger THE standard software for Aviation Authorities == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN

Re: [strongSwan] Recommendation for IKEv2 Capable Client on Win XP

in case the client doesn't support IKEv2? Is there some kind of auto recongnition of the IKE version supported by the client? Thanks in advance for any info. Kind regards, Holger From: Andreas Steffen [andreas.stef...@strongswan.org

Re: [strongSwan] IKEv2 passthrough

with the command ip xfrm policy add While running the ipsec-tunnel the policies shown with ip xfrm policy are the same in IKEv2 as IKEv1. Thanks for any info Oliver == Andreas Steffen andreas.stef

Re: [strongSwan] Does Strongswan support PEM format

Michalle == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications University of Applied

Re: [strongSwan] installpolicy=no not working, even when reqid is manually set

with reqids 2 and SPD entries with reqid 1. -Mohammad On 11/01/2010 08:45 PM, ext Andreas Steffen wrote: Hi Mohammad, I recommend to upgrade to strongSwan 4.4.1 or 4.5.0 where you can fix the reqid with conn xyz reqid=value Regards Andreas On 11/01/2010 07:17 PM

Re: [strongSwan] Query regarding route based security

will be used to tell IKEv2 Stack that a packet has hit its kernel traps and now you have to init an IKE_SA? Thanks Regards Vivek == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux

Re: [strongSwan] ipsec pool file with certificates

=Fondation RESTENA, CN=Test Certificate kind regards, Claude On Thursday 28 October 2010 23:59:01 Andreas Steffen wrote: Hello Claude, the Distinguished Names must be written in the address file without the double quotes: moon ipsec.d # cat addresses.txt 10.3.0.1 10.3.0.2 10.3.0.3

Re: [strongSwan] ipsec pool file with certificates

: Is this something that will be changed in a future release or are these characters not allowed in x509 certificates ? regards, Claude On Friday 29 October 2010 10:50:29 Andreas Steffen wrote: Unfortunately there is currently no workaround. Regards Andreas On 29.10.2010 09:23, Claude Tompers wrote

Re: [strongSwan] Split tunneling

in 6 days ? kind regards, Claude On Monday 25 October 2010 20:02:25 Andreas Steffen wrote: Hello Claude, I think I discovered the bug. In modecfg.c the attributes payload was aligned to a 4-byte boundary but according to RFC 2408 only the overall ISAKMP message should be aligned

Re: [strongSwan] Split tunneling

regards, Claude == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications University

Re: [strongSwan] Strongswan with iphone

4500, complainant 46.xx.xx.xx: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution

Re: [strongSwan] Split tunneling

on the right path. The Cisco client tells me Negotiating security policies before it stops silently. On the other side, I don't see much in the pluto logs. Any ideas ? kind regards, Claude On Thursday 21 October 2010 12:22:56 Andreas Steffen wrote: Hello Claude, yes it should be possible

Re: [strongSwan] Split tunneling

: Hi Andreas, Setting the leftsubnet did not work. You can find the pluto log attached. thank you Claude On Friday 22 October 2010 10:24:24 Andreas Steffen wrote: Hello Claude, could you provide some pluto logs with plutodebug=all set in ipsec.conf? Regards Andreas BTW

Re: [strongSwan] Split tunneling

: I attached the Ciso log. I think the interesting part starts at message 24. kind regards, Claude On Friday 22 October 2010 11:27:24 Andreas Steffen wrote: Hmmm, it seems that the Cisco client doesn't like strongSwan's ModeCfg reply containing all these Cisco Unity attributes because

Re: [strongSwan] Split tunneling

Yep, I have the suspicion that there might be an issue with either the attribute or total packet length. Andreas On 22.10.2010 15:47, Claude Tompers wrote: So strongswan should send the exact same message, except for the actual string ? On Friday 22 October 2010 15:37:46 Andreas Steffen

Re: [strongSwan] Split tunneling

But if you replace the standard banner by one defined via attr-sql, it fails? Strange! On 22.10.2010 15:04, Claude Tompers wrote: It still does, if I do not set the attribute, I see the standard banner. regards, Claude On Friday 22 October 2010 14:52:36 Andreas Steffen wrote: I

Re: [strongSwan] Split tunneling

Claude == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications University of Applied

Re: [strongSwan] no private key found and unable to initiate to %any

== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640

Re: [strongSwan] (no subject)

MODP_2048_256 My kernel is 2.6.18 and I am using libcrypto.so.0.9.8e . What am I doing wrong? Regards, Mike == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution

Re: [strongSwan] Maximum connection duration

? kind regards, Claude == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications University

Re: [strongSwan] no matching config found, strongSwan to strongSwan w/IKEv2 setup

because the configuration MUST be unique for each user, so it can assign their fixed IPs...so what might the problem be? Maybe the roadwarrior is presenting the subjectAltName? == Andreas Steffen

Re: [strongSwan] multiple tunnels established for one connection (IKEv2)

| mobile: +49.162.2470635 ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users -- == Andreas Steffen

[strongSwan] ANNOUNCE: strongswan-4.5.0rc2 released

. Best regards Andreas Steffen, Tobias Brunner, Martin Willi The strongSwan Team == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org

Re: [strongSwan] DSCP support in new version of strongswan

== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland

Re: [strongSwan] certificate format in sqlite database

samuel MORIN -- == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications

Re: [strongSwan] certificate format in sqlite database

help. Are private keys and identites must be convert in the same format ? Regards samuel Le 13/10/2010 14:57, Andreas Steffen a écrit : Hi Samuel, in the scripts directory of the strongSwan distribution there is a bin2sql function which converts binary DER files into a HEX-encoded string

Re: [strongSwan] Number of NAT-OA payloads sent on IKEv1 transport mode NAT traversal

@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users -- == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute

Re: [strongSwan] trying to increase charondebug verbosity

== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640

Re: [strongSwan] INITIAL CONTACT support in strongwan

. Is it still the case? Are we going to implement it? It's a nice feature in order to clean up sa's after a ungraceful disconnect. Cheers == Andreas Steffen andreas.stef...@strongswan.org strongSwan

Re: [strongSwan] some conceptual ipsec/iptables/policy questions

? Outgoing: analogous? Thanks in advance :) Chris. Regards Andreas == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute

Re: [strongSwan] many cipher/hash modes seems to be unavailable

MODP_6144 MODP_8192 MODP_1024 MODP_1024_160 MODP_768 What about all the GCM and CCM modes listed here: http://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites ? Thanks, Chris. == Andreas Steffen

Re: [strongSwan] several questions and problems ;)

the host you can define a default block policy using the ip xfrm policy add command. Thanks so far :) Cheers, Chris. Regards Andreas == Andreas Steffen andreas.stef...@strongswan.org strongSwan

Re: [strongSwan] many cipher/hash modes seems to be unavailable

On 10/03/2010 12:35 PM, Christoph Anton Mitterer wrote: Hi. On Sun, 03 Oct 2010 12:26:13 +0200, Andreas Steffen andreas.stef...@strongswan.org wrote: IKEv2 support for the AEAD modes CCM and GCM will be introduced with the forthcoming strongSwan release 4.5.0. Ah :D I couldn't just believe

Re: [strongSwan] Disable only 3DES?

, -- == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences

Re: [strongSwan] IKE modeconfig IP address assignment

(UNITY_SPLITDNS_NAME) unity_split_include --subnet (UNITY_SPLIT_INCLUDE) unity_local_lan --subnet (UNITY_LOCAL_LAN) So what do I need to do in order to get IP address assignment working? -- == Andreas Steffen

Re: [strongSwan] ip6-in-ip6 tunnel problem

. ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users -- == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution

Re: [strongSwan] ip6-in-ip6 tunnel problem

is missing in the equivalent. Thanks for your patience. Have a nice weekend, Chris. == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution

Re: [strongSwan] IPsec and SHA-2

situation. m == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications University

Re: [strongSwan] IKE modeconfig IP address assignment

in order to get IP address assignment working? == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies

Re: [strongSwan] L2TP help

Hi Troy, the better solution is to switch to IPsec tunnel mode (which MS Windows allows you to do). Andreas On 22.09.2010 21:33, Troy Telford wrote: On Wednesday, September 22, 2010 01:04:54 pm Andreas Steffen wrote: Hello Troy, #4: NAT-Traversal: Transport mode disabled due to security

Re: [strongSwan] strongSwan and Openswan

in the way of feature lists to compare - it seems IKEv2 is the biggest difference. Can anybody please enlighten me as to what the advantages offered by strongswan are vs openswan? == Andreas Steffen

Re: [strongSwan] questions about strongswan 4.4

://wiki.strongswan.org/projects/strongswan/wiki/HighAvailability Thank you very much for your help Best regards samuel Best regards Andreas == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN

Re: [strongSwan] Question involving NAT

that's enough information for you all to be able to give me some guidance. Thanks much for your help. Dave == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution

Re: [strongSwan] L2TP help

# for iOS VPNs... conn roadwarrior-l2tp-psk type=transport authby=secret leftprotoport=17/1701 rightprotoport=17/%any rightsubnet=vhost:%no,%priv pfs=no auto=add == Andreas Steffen

Re: [strongSwan] IKEv2 tunnel establishment, initiator does not repond

:15:33 destgd0h003661 avahi-daemon[2672]: dbus-protocol.c: Too many objects for client ':1.13', client request failed. -Original Message- From: Andreas Steffen [mailto:andreas.stef...@strongswan.org] Sent: Freitag, 17. September 2010 20:33 To: Groebl, Laurence (Laurence) Cc

Re: [strongSwan] Can I ignore some IPs in leftsubnet by using iptables?

is not in the tunnel. can I do that by use Iptables? Many thanks! == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet

Re: [strongSwan] Interoperate with Juniper SSG 550M failed

, David.morris == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications University of Applied

Re: [strongSwan] IKEv2 tunnel establishment, initiator does not repond

== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences

Re: [strongSwan] Strongswan connection to Sonicwall Enhanced OS 4.x using IKEv2

or support all crypto proposals. Have you tried to restrict it to simple ones as e.g. ike=aes128-sha1-modp2048! Do not forget to set the strict flag '!' so that only this suite is proposed. == Andreas Steffen

Re: [strongSwan] Strongswan connection to Sonicwall Enhanced OS 4.x using IKEv2

IKE_SA_INIT response 0 [ N(INVAL_SYN) ] received INVALID_SYNTAX notify error r...@mercury:/home/user1# == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution

Re: [strongSwan] Charon fails when MODP_2048_256 is advertised first

= option, but I'm trying to make our ikev2 daemon work with charon without specifying ike_sa and child_sa transformations. Thanks, Mike On Tue, Sep 14, 2010 at 8:57 PM, Andreas Steffen andreas.stef...@strongswan.org wrote: Hi Mike, actually the first configured proposal

[strongSwan] Recent strongSwan IKEv2 HOWTOs

of strongswan.conf options we have updated the following table: http://wiki.strongswan.org/projects/strongswan/wiki/StrongswanConf Kind regards Andreas == Andreas Steffen andreas.stef...@strongswan.org strongSwan

Re: [strongSwan] building groups in end-to-end scenario

=192.168.56.0/24 auto=route ipsec.conf on host 3 conn gw left=192.168.56.3 right=192.168.56.254 rightsubnet=192.168.56.0/24 auto=route Regards Andreas On 10.09.2010 14:20, johann badinger wrote: On 10.09.2010 13:45, Andreas Steffen wrote: Hello Johann, your

Re: [strongSwan] Possible to disable VPN banner?

can I disable VPN banner when I connected? Possible? Thanks. Bests, -Kalaj == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org

Re: [strongSwan] IKEv2 fallback to IKEv1

. Please help. -Anand -- == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications

Re: [strongSwan] IPSec connection between Windows XP and Debian

ipsec connection between linux with strongswan and windows xp i be very thankful. If you need any extra information - just tell me ;) P.S. Sorry for my horrible english ;) Regards Rafal from POLAND. == Andreas Steffen

Re: [strongSwan] AES-GCM-16: payload length is not multiple of a blocksize

. Any opinions/hints/advices? Thanks, Mike ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users -- == Andreas Steffen

Re: [strongSwan] Multiple protected networks

unique subnets on the remote side. Thanks Stuart Beckett == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute

Re: [strongSwan] add connection at run-time

== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland

Re: [strongSwan] Connection to Cisco not passing Main Mode

-CHOSEN. The algorithms statement in the 'ipsec statusall' bothers me also. Can anyone provide any assistance? Thanks Stuart Beckett == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux

Re: [strongSwan] Connection to Sonicwall Pro 3060

mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users -- == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution

Re: [strongSwan] NAT with IPsec on 2.6 kernel

firewall runs Strongswan as roadwarrior. It can reach company network fine. How can I NAT the whole home network so that computers at home can talk to the company network? Thanks! Frank == Andreas Steffen

Re: [strongSwan] charon vs pluto

) with strongswan? Shall I just comment out the charon section and uncomment the pluto section in strongswan.conf? In the ipsec.conf, I guess I should set charonstart=no and plutostart=yes? Thanks! Frank == Andreas Steffen

Re: [strongSwan] NAT with IPsec on 2.6 kernel

$PLUTO_INTERFACE variable. I thought 2.6 doesn't have the ipsec0 interface anymore. What will that variable point to? something like eth0 (physical WAN interface)? Regards, Frank On Tue, Jul 27, 2010 at 2:42 AM, Andreas Steffen andreas.stef...@strongswan.org wrote: Hello Frank, starting

Re: [strongSwan] Fwd: error in establishing an ikev1 session on pluto using certs and ocsp server .

the user1 and user2 IPSEC configuration files in the attachments. Regards Depinder -- == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org

Re: [strongSwan] IPSec on mobile connection with dynamic ip.

... == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil

Re: [strongSwan] Strongswan in vmware

== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland

Re: [strongSwan] Can charon pass through unknown EAP methods with eap-radius authentication?

, that are not supported by charon for now. I tried to browse the code of eap_authentifier, but I didn't find the answer... Thanks for your help, Christophe. == Andreas Steffen andreas.stef...@strongswan.org

Re: [strongSwan] What will Happen if Reauthentication Fail?

in advance! Best Regards, Jessie == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications

Re: [strongSwan] Locally generated packets not encrypted

https://lists.strongswan.org/mailman/listinfo/users -- == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet

Re: [strongSwan] ikev1 without specifying rightid

specifying the DN. Is there a way to tell Pluto that it should trust the peer even if it does not know the DN? Thank you, Mark Marwil == Andreas Steffen andreas.stef...@strongswan.org strongSwan

Re: [strongSwan] Faulty SubjectAltName

could try next? I feel like I am running out of ideas, though I still haven't given up. Once more, thanks a lot for your help! Best regards, Johannes On Fri, 2010-06-25 at 04:14 +0200, Andreas Steffen wrote: Hi Johannes, this is a well known Checkpoint VPN-1 phenomenon where

Re: [strongSwan] No capable fetcher found

Any ideas ? thanks very much Claude == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies

Re: [strongSwan] No capable fetcher found

regards, Claude On Thursday 24 June 2010 11:59:03 Andreas Steffen wrote: Hmmm, its seems that the curl plugin is required to refetch CRLs from the local file system. Compile strongSwan with ./configure --enable-curl Regards Andreas On 24.06.2010 11:51, Claude Tompers wrote: Hello, My

<    2   3   4   5   6   7   8   9   10   >