:46 vpn6-test pluto[28289]: cisco-vpn[1] 192.168.1.180:59907 #1:
X.509 certificate rejected
regards,
Claude
On Thursday 24 June 2010 12:58:17 Andreas Steffen wrote:
Here a follow up comment:
If you are *not* using an explicit pluto.load statement then
do not forget to execute
make clean
server = my-freeradius-server
}
}
dns1 = 192.168.1.28
dns2 = 192.168.1.15
}
Any ideas to correct this issue ?
many thanks
Claude
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongswan 4.3.2 and Debian has an
include directive in ipsec.secrets. Taking that out solves
the problem. Odd that pluto handled that though.
Thanks,
Shane
On Tue, Jun 22, 2010 at 11:49:18AM +0200, Andreas Steffen wrote:
Hi Shane,
the first output comes from the IKEv1 pluto daemon who
finds
wrong. Could you please help me?
Thanks,
Cristina
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet
...
Kindly help me out,how to test and verify this setup ..
what are the steps that i have to followed for testing...
Thanks in Advance
Regards,
Dhanavel
--
==
Andreas Steffen andreas.stef
processed if all the
sections are present?
2. Is this something that has been changed in later versions? - I am using
version 4.1.10
Thank you
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan
main
Thanks in advance
Regards
Dhanavel
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies
issue `ipsec stroke up dave6`, the dave6 connection is
brought up and at the same time, dave4 is killed. Why would that be?
thanks,
Jan
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan
not
use or disseminate the information, notify the sender and delete it from your
system.
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution
]: srx #5: sending encrypted
notification INVALID_KEY_INFORMATION to 10.0.81.82:500
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
a bit worried what's correct...
Holger
Am 2010-06-15 20:18, schrieb Andreas Steffen:
Hi Holger,
as far as I remember pluto supports the import of intermediate CA
certificates received via IKEv1 only if the are embedded together
with the end entity certificate in a PKCS#7 envelope
strongswan?
Thanks
Jamie Knight (rjkni...@us.ibm.com)
IBM Power Firmware Development
(512) 286-7017 (t/l 386-70
office 045/2A-01
IBM Austin, TX
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan
.
Best regards Peter
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH
Here is the final announcement for the workshop:
http://www.linuxtag.org/2010/de/program/freies-vortragsprogramm/vortragsliste.html?talkid=643
See you in Berlin
Andreas
==
Andreas Steffen andreas.stef
.
__
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
--
==
Andreas Steffen
.
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland
just drop us an email.
On 06/03/2010 12:12 AM, Daniel Mentz wrote:
Andreas Steffen wrote:
Visit us at our booth 115 in hall 7.2b and attend the strongSwan
workshop which will be scheduled either on Friday June 11 or
Thursday June 10. We will post the exact time as soon as the
information
is running and I tried to ping a destination,
after I pressed ctrl-c to stop pinging, strongswan process stops as
well. How to disable this? Thanks! ^^
B.R.
Jessie
==
Andreas Steffen andreas.stef
as
md5-des, I am getting following error:
“ ike_alg: crypter DES_CBC not present.”
Any pointers as to how to overcome the above problem.
Regds
Anil
==
Andreas Steffen andreas.stef...@strongswan.org
ideas? Thanks
Peter
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland
?
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland
://lists.strongswan.org/mailman/listinfo/users
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies
: ESP(spi=0xcc7636fb,seq=0x3),
length 132
11:33:14.443468 IP 20.0.0.1 40.0.0.1: ESP(spi=0xcb7751d6,seq=0x3),
length 132
thanks alot
-Original Message-
From: ext Andreas Steffen [mailto:andreas.stef...@strongswan.org]
Sent: Wednesday, May 19, 2010 11:27 AM
To: Ayyash, Mohammad (NSN
scheduled (5sec)
May 18 11:45:24 vpn6-test ipsec_starter[26263]: charon refused to be started
...
Any ideas to this error ?
thanks a lot in advance for your answers
greetings,
Claude
==
Andreas Steffen
to find it? why is that?
Solution (B):
Is there a way to control the order at which Charon installs SPD
policies?
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux
before it started IKE negotiation,
but it is not able to find it? why is that?
Solution (B):
Is there a way to control the order at which Charon installs SPD policies?
==
Andreas Steffen
==
Andreas Steffen e-mail: andreas.stef...@hsr.ch
Institute for Internet Technologies and Applications
Hochschule fuer Technik Rapperswil phone: +41 55 222 42 68
CH-8640 Rapperswil (Switzerland)mobile: +41
have any idea, hints or anything, i'll greatly appreciate :)
Thanks a lot
François Van Ingelgom -- PCSOL
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution
by domain name?
Thanks!
Best Regards,
Jessie
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies
machine and right is the remote one, is that correct?
Thanks for your help, i'll post what you asked tomorrow.
François Van Ingelgom -- PCSOL
Le 11 mai 2010 à 17:08, Andreas Steffen a écrit :
Hello François,
I don't see anything special in your configuration file except that
it looks
Daniel, you are right of course!
Thanks
Andreas
On 05/07/2010 09:00 AM, Daniel Mentz wrote:
Andreas Steffen wrote:
in the default configuration the pluto daemon binds to the UDP ports 500
and 4500 whereas the charon daemon uses a raw socket with Linux
Socket Filter (LSF) rules filtering
Hi,
As you might have noticed in the strongswan-4.4.0 release all IKEv2
functionality is now in the libcharon library and the charon daemon is just a
rump process. Thus it should be easy to write an application yourself using the
libcharon, libhydra, and libstrongswan. It is also possible to
, is there
possible we use Racoon for IKEv1 and Charon for IKEv2 on the same host?
Thanks.
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution
The ipsec pki --gen and --pub commands now allow the output of
private and public keys in PEM format using the --outform pem
command line option.
Enjoy our new release!
Best regards
Andreas Steffen, Tobias Brunner Martin Willi
the strongSwan
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil
running checkpoint
* F5
* Thales TCE
(Or is compatibility such a silly question not worthwhile mentioning on
web-page?)
Kind regards, Hans
==
Andreas Steffen andreas.stef
: -
To: eric.hernan...@allegiantair.com
From: Andreas Steffen andreas.stef...@strongswan.org
Sent by:
users-bounces+eric.hernandez=allegiantair@lists.strongswan.org
Date: 04/26/2010 09:42PM
Cc: users@lists.strongswan.org
Subject: Re: [strongSwan] failed to create a builder
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland
release is the beginning of May.
Best regards from the strongSwan team
Andreas Steffen, Tobias Brunner Martin Willi
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution
in the foreground using
ipsec start --nofork
Regards
Martin
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies
? I can't figure it out from RFCs.
Great thanks in advance!
Best regards, Vladimir Podobaev
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution
Andreas
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland
stop pluto !!!
ipsec starter stopped
what this means?
Regards
Pankaj Gupta
On Thu, Apr 15, 2010 at 8:01 PM, Andreas Steffen
andreas.stef...@strongswan.org mailto:andreas.stef...@strongswan.org
wrote:
Hi Pankaj,
could you start the pluto daemon without forking with the command
address to every host.
thanks in advance Claude
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies
authentication replaces authentication in ESP.
Regards
Andreas
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet
) ]
Apr 10 23:18:46 mailproxy charon: 14[NET] sending packet: from
***.***.***.***[4500] to +++.++.+++.+++[17619]
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution
with these questions.
Thanks,
Mohit
Best regards
Andreas
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet
]: | state transition function for
STATE_MAIN_I3 failed: INVALID_ID_INFORMATION
Apr 9 09:13:58 id-soft pluto[29125]: | next event EVENT_RETRANSMIT in 3
seconds for #1
Br Daniel
==
Andreas Steffen
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland
and not
the new crl in which the certificate is revoked. I think there is some
problem in the parsing of the crl list as the crl list is not completely
parsed?
Thanks for your help in advance.
Regards,
Vivek
==
Andreas Steffen
/ipsec.secrets'
Mar 25 05:11:37 plm56 charon: 16[CFG] loaded private key file
'/etc/ipsec.d/private/newkey.pem'
plm56:~/abhishek #
On Wed, Mar 24, 2010 at 7:07 PM, Andreas Steffen
andreas.stef...@strongswan.org wrote:
Execute
ipsec rereadsecrets
and look for error messages in the log. It might
=10.1.0.0/16 http://10.1.0.0/16
leftfirewall=yes
right=%any
authby=secret
auto=add
thanks, Xia Weizhong
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
for newcert.pem and newkey.pem
Please take a look at these and let me know what more should I do to
get through.
regards
Abhishek Misra
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland
in the
same network enviroment behind the same router on the same machine.
I'd really appreciate any ideas, hints, suggestions or help. Thanks a lot in
advance.
So long,
matthias
==
Andreas Steffen
format with strongSwan commands?
Does this command accept both DER and PEM as private key RSA input file
(--in) ?
Thank you
Mugur
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan
Mugur
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied
Andreas
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied
the
connection automatically. man ipsec.conf for details.
Regards
Martin
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute
, then is it a case of posting
the sys.log errors for someone to kindly look at
I appreciate anyone's help and time with this.
Regards,
Jana
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux
a 2.6.33 kernel :-)
Best regards
Andreas
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies
to 192.168.150.136:500
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University
fetched via hash-and-url
from a http server must be in binary DER, too.
Thank you Mugur
Best regards
Andreas
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution
leftcert=/home/vivek/vivek/linux_pc_90_1/cert.pem
rightid=%any
auto=add
Thanks for your inputs in advance.
Regards,
Vivek
Best regards
Andreas
==
Andreas Steffen andreas.stef
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences
Router3845).
The Cisco is configured with group2 Diffie Hellman - someone know
which protocol it corresponds?to setup correctly my StrongSwan?
Thank you so much,
nm
==
Andreas Steffen andreas.stef
number you allocated in the private use block.
I do believe that interoperability does benefit from this documentation
change.
I can help out and take care of the changes if you let me.
-Daniel
==
Andreas Steffen
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences
Steffen, Martin Willi, Tobias Brunner
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies
,
Bjarke
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied
--
strongSwan team member Tobias Brunner ported the IKEv2 charon daemon
to the Android 1.6 platform. Details on the cross-compilation will
follow.
Best regards
Andreas Steffen, Martin Willi, Tobias Brunner
in...@ip.a.dd.r was too long: 100 36
Is this something to worry about? What's the cause?
Thanks in advance,
Thomas
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution
syslogd.c(134) pluto[9028]: conn2: deleting
connection
362227 WAR 17:00:08 74ms syslogd.c(134) pluto[9028]: conn2 #2:
deleting state (STATE_QUICK_I2)
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan
:)
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland
indicate where I should start to fix the problem.
Any ideas? Anything obvious? (I whish there was...).
Thanks,
p...@rick
Best regards
Andreas
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan
explain
what it is?
thanks, Xia Weizhong
Best regards
Andreas
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute
2010/1/20 Andreas Steffen andreas.stef...@strongswan.org
mailto:andreas.stef...@strongswan.org
Xia Weizhong wrote:
Hi
I plan to use strongswan in an Embeded environment. My plan is to
use charon
alone with libstrongswan (no starter), and with configs stored
in the database?
There are currently some parameters that cannot be defined in the
database.
thanks, Xia Weizhong
Best regards
Andreas
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux
Elliptic Curve Groups in IKEv2CipherSuites.
http://wiki.strongswan.org/wiki/1/IKEv2CipherSuites
Thanks ^^
--- 10/1/14 (四),Andreas Steffen andreas.stef...@strongswan.org 寫道:
寄件者: Andreas Steffen andreas.stef...@strongswan.org 主旨: Re:
[strongSwan] standard support 收件者
with the DN of the remote peer certificate.
Is it possible to make ikev1 work with the above way of specifying rightid
?
Thanks Regards,
Ashish.
==
Andreas Steffen andreas.stef...@strongswan.org
...@bartsimpson.sytes.net
auto=add
conn nat-t
leftsubnet=192.168.25.0/24
right=%any
rightsubnet=192.168.26.0/24
rightsourceip=192.168.20.0/24
auto=add
--
==
Andreas
related standards, does strongswan
supports all standards in
http://wiki.strongswan.org/wiki/1/IpsecStandards#IPsec-and-related-standards
?
Thanks for your help!
==
Andreas Steffen andreas.stef
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied
)
and layer 2 Kasumi encryption/decryption.
But I have no idea how to integrate strongswan( or openssl??)
to take advantage of the offload engines.
Do you have any idea?
Thanks!!!
Regards,
Jessie
==
Andreas Steffen
correct?
If this is true, how the destination end reconstructs the outer IP
header? Could you provide an example?
Thanks ! ^__^
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux
in
the certificate as a subjectAlternativeName. Not sure about e-mail
addresses and IP addresses, though.
-Daniel
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution
negotiation procedures
and all following IPsec traffic communication between two ends? And
floating to port 4500 is necessary with NAT device?
Thanks in advance!!
==
Andreas Steffen andreas.stef
and recompile
Also, I think the autoconf script should complain if I enable
eap-mschapv2 but not md4 at the same time.
Should we add this hint also to the wiki page? I think we should.
Thanks
-Daniel
==
Andreas Steffen
.
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland
and emailAddress
RDNs or even better just omit the emailAddress in the subject DN
because this is bad practice anyway.
Best regards
Andreas
Andreas Steffen wrote:
Dear Ashish,
there is an error in the rightid definition. The correct syntax is
rightid=C=IN, ST=KAR, O=X, OU=, CN=FTM
wrote:
hi: i am a beginner of strongswan , now i want to config a ipsec
tunnel use manual mode beside the ike exchange. does the strongswan
support the function ? if it does, how can i config it.
thanks .
==
Andreas Steffen
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland
701 - 800 of 946 matches
Mail list logo