Hi all,
I'd like to add setting the two parameters NATTKeepaliveTimer and
IPsecWindowSize in ipsec.conf. Which section should I add the two parameters,
such as conn part of ipsec.conf ? I want to modify source codes to fit the
configurations, but I have no idea which section I should add.
Hi Martin,
It worked. Thanks for your great help!
Best Regards,
Jessie
--- 10/8/10 (二),Martin Willi mar...@strongswan.org 寫道:
寄件者: Martin Willi mar...@strongswan.org
主旨: Re: [strongSwan] Decryption of ESP packets with Wireshark
收件者: Jessie Liu iamnotjes...@yahoo.com.tw
副本: users
:01:16 1275670876
--- 10/6/28 (一),Martin Willi mar...@strongswan.org 寫道:
寄件者: Martin Willi mar...@strongswan.org
主旨: Re: [strongSwan] Ikelifetime Setting and Reauthentication.
收件者: Jessie Liu iamnotjes...@yahoo.com.tw
副本: users@lists.strongswan.org
日期: 2010年6月28日,一,下午3:23
Hi,
In security
Dear all, Recently I am doing some tests about ikelifetime and keylife
settings in ipsec.conf.I am using version strongswan-4.3.2. client uses EAP
authentication and security gateway uses public key authentication.In security
gateway, ikelifetime and keylife are not set.In the following
Dear all, When strongswan process is running and I tried to ping a
destination, after I pressed ctrl-c to stop pinging, strongswan process stops
as well. How to disable this? Thanks! ^^
B.R.Jessie
___
Users mailing list
. The hostname is resolved by ipsec starter, so
if the IP address changes you must execute
ipsec update
Best regards
Andreas
On 05/11/2010 11:58 AM, Jessie Liu wrote:
Hi all,
In ipsec.conf, only one security gateway IP address could be set.
If this gateway is out of service, then we could only
Steffen andreas.stef...@strongswan.org 寫道:
寄件者: Andreas Steffen andreas.stef...@strongswan.org
主旨: Re: [strongSwan] standard support
收件者: Jessie Liu iamnotjes...@gmail.com
副本: users@lists.strongswan.org
日期: 2010年1月14日,四,下午3:57
Hi Jessie,
we listed all standards that are somehow related to IPsec
Hi,
I found in the wiki some of the ipsec related standards, does strongswan
supports all standards in
http://wiki.strongswan.org/wiki/1/IpsecStandards#IPsec-and-related-standards
?
Thanks for your help!
___
Users mailing list
Hi all,
I found a document in http://mirror.roe.ch/doc/hsr/sa-natt.pdf .
This document is written in German, I could not read it..
Do you have a English version of this document?
Thanks!
___
您的生活即時通 - 溝通、娛樂、生活、工作一次搞定!
Hi all,
I have a question about NAT and IPsec.
I know that UDP encapsulation is used to solve the IPsec packet passing
through NAT device problem. Does this apply to both IKE negotiation procedures
and all following IPsec traffic communication between two ends? And floating to
port 4500
Hi,
I want to add a configuration item prf in ipsec.conf.
I add prf in starter/keywords.h and keywords.txt, and then make starter
but the keywords.c will be empty and has the following error
y.tab.o: in function yyparse:
parser.y:128: undefined reference to in_word_set
If i want to add
not enough to modify only starter/keywords.* to read the
configuration???
Thanks!
--- 09/11/24 (二),Andreas Steffen andreas.stef...@strongswan.org 寫道:
寄件者: Andreas Steffen andreas.stef...@strongswan.org
主旨: Re: [strongSwan] add config item in ipsec.conf
收件者: Jessie Liu iamnotjes...@yahoo.com.tw
副本
收件者: Jessie Liu iamnotjes...@yahoo.com.tw
副本: users@lists.strongswan.org
日期: 2009年11月24日,二,下午8:19
How did you define KW_PRF in the token_info[] struct of args.c?
http://wiki.strongswan.org/repositories/entry/strongswan/src/starter/args.c#L159
As a string (ARG_STR) or as an enumeration (ARG_ENUM
Hi all,
It turns out that the keywords must be in the correct position in
keywords.txt and in keywords.h.
then the keywords.c will be generated correctly.
Thanks!
--- 09/11/25 (三),Jessie Liu iamnotjes...@yahoo.com.tw 寫道:
寄件者: Jessie Liu iamnotjes...@yahoo.com.tw
主旨: Re: [strongSwan
: [strongSwan] When will UNKNOWN -INTEGRITY-ALG occur in IKE_SA_INIT
message?
收件者: Jessie Liu iamnotjes...@yahoo.com.tw
副本: users@lists.strongswan.org
日期: 2009年11月12日,四,下午8:58
I guess that wireshark is not up to date.
Integrity Algorithm no 12 is defined in RFC4868 as
AUTH_HMAC_SHA2_256_128
The RFC
Hi all,
I saw in ipsec.conf that nat_traversal configuration is only for IKEv1.
why it is non-configured in IKEv2? it should be optional, right? if i want to
disable nat traversal in ikev2, what should i do?
Thanks.
___
您的生活即時通 -
Hi all,
I got the problem that client sends IKE_SA_INIT message to security
gateway, but security gateway did not respond.
so i capture the message using ethereal and found that in IKE_SA_INIT
message UNKNOWN -INTEGRITY-ALG occured. even if i specify the encryption and
integirty
Hi all,
i have a question about OP and OPc.
OP is a 128 bit operator variant algorithm configuration field and opc is a 128
bit key derived from OP and K known only to the HSS and the ISIM/USIM
application on the UICC
what is the purpose of these two fields? they are configured in the
Hi,
I found the added option eap-aka-3gpp2 in strongswan 4.3.5 configuration.
What is the difference between the two plugins eap-aka and eap-aka-3gpp2?
And where could i fill the IMSI information and shared secret to do the eap-aka
authentication?? in ipsec.secrets??
thanks a lot.
pkcs1 pem hmac xcbc stroke
kernel-netlink fips-prf eap-aka updown
}
--- 09/11/10 (二),Martin Willi mar...@strongswan.org 寫道:
寄件者: Martin Willi mar...@strongswan.org
主旨: Re: [strongSwan] strongswan-4.3.5 eap-aka eap-aka-3gpp2
收件者: Jessie Liu iamnotjes...@yahoo.com.tw
副本: users
Dear all,
I had some problems about virtual IP.
I tried to set up a voice phone call through the tunnel to core network via
security gateway.
I also want to get an virtual IP so I add leftsourceip=%config in ipsec.conf.
But If I add leftsourceip=%config in ipsec.conf, the SCTP packets
Hi all,
___
您的生活即時通 - 溝通、娛樂、生活、工作一次搞定!
http://messenger.yahoo.com.tw/
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
Hi all,
I am using eap-aka to do authentication, I am wondering when to use
leftid and when to use eap_identity. I saw previous mailing list and knew that
if we did not set eap_identity, then leftid will be used as both IKE id and eap
id.
I did some experiments, but the results were not
Hi all,
I'm trying to make strongswan 4.3.4 work on my target board.
I've successfully made this with strongswan 4.3.2.
With strongswan 4.3.4, I've successfully start the two processes starter and
charon, and try to set up a connection by ipsec up connection-name.
But some errors
Hi all,
I try to upgrade from strongswan 4.3.2 to 4.3.4.
But I encountered the following problem. I am not sure what
happened...
Thanks. ^__^
configure.in:757: error: possibly undefined macro: AC_LIB_PREFIX
If this token and others are legitimate, please use
Hi,
I encountered the folling error message when I tried to use ikev2 /
rw-eap-aka-rsa example configuration.
it seems received MAC from server is not the same as the XMAC client
claculated!!
I will encounter this problem only on board.
But in usual PC, this will not happen.
What may cause
Hi all,
I'am trying to use ip xfrm state and ip xfrm policy command.
But I couldn't use that command to show information. There is no such command!
What else should I add in kernel config?
I already have xfrm4_tunnel.ko and xfrm_user.ko, but still cannot use that
command.
Thanks a lot.
}
--- 09/9/30 (三),Andreas Steffen andreas.stef...@strongswan.org 寫道:
寄件者: Andreas Steffen andreas.stef...@strongswan.org
主旨: Re: [strongSwan] ip xfrm state / ip xfrm policy
收件者: Jessie Liu iamnotjes...@yahoo.com.tw
副本: users@lists.strongswan.org
日期: 2009年9月30日,三,下午12:32
Hi Jessie,
in the past
28 matches
Mail list logo