I have a bash script that does the following to start strongswan and initiate /
establish a connection:
sudo service strongswan start
sleep 2
sudo strongswan up myconn
where myconn is defined in /etc/strongswan/ipsec.conf
Typically, the (arbitrary) two second delay is sufficient for SS to
Forgot to mention: Strongswan 5.3.0 on Centos 6.6. Will also want this with
StrongSwan 5.3.3 on Centos 7.
> On Oct 2, 2015, at 9:39 AM, Ken Nelson <k...@cazena.com> wrote:
>
> I have a bash script that does the following to start strongswan and initiate
> / esta
On Mar 24, 2015, at 7:49 AM, Martin Willi
mar...@strongswan.orgmailto:mar...@strongswan.org wrote:
...
I would like to use EAP-GTC authentication with the Mac app and would
be willing to modify the app to add this feature.
The new build additionally comes with the eap-gtc plugin.
Regards
Thanks to martin Fred for your responses. I’m still having tunnel DNS server
configuration trouble on the Mac client.
Configuration is strongSwan OS X app version 5.2.2 (1) on OS X Yosemite
v10.10.2 connecting to a StrongSwan version 5.2.2 gateway on Centos 6.6.
Here is the scutil output.
] to
a.b.c.d[32936] (76 bytes)
On Mar 13, 2015, at 2:27 PM, Ken Nelson k...@cz.commailto:k...@cz.com wrote:
I’ve successfully connected the StrongSwan Mac OS X app version 5.2.2 (1) to a
StrongSwan v5.2.2 VPN gateway. A few questions/issues:
1. DNS is not working. I have rightdns=10.8.65.164
VPN client server running StrongSwan v5.2.2. Both OSes Centos 6.6.
An IKEv2 IPsec tunnel has been up for a couple days with the client initiating
a ping, once per minute, of the same host behind the VPN gateway. This is the
only application level traffic on the tunnel.
Roughly every two
Hi Martin,
I reran the test. The initiator received signal 6 (SIGABRT) after eight hours
of operation. I have a ~182MB core file from the initiator. How can I get it
to you?
Below is a stack trace thread info.
Ken
Core was generated by `/usr/libexec/strongswan/charon --use-syslog'.
Oh, of course. SIGSEGV is the offending signal - should’ve seen that.
I did not build StrongSwan, rather am running the latest public release for
Centos 6 - SS v5.2.0. I did not do anything special to get symbolic debugging,
rather just downloaded all the recommended debug packages. I did
Before receiving your reply, I set ikelifetime=15m and reran the test, not
thinking/knowing to reset rekeymargin/rekeyfuzz. Received SIGSEGV in a
different area of the code very shortly after bringing the tunnel up. Some
details are here:
Core was generated by
Hi Martin,
Thanks for the reply. I’m a little confused by your comment that the OS X
native client does not support re-sending XAuth credentials as the log
indicates a re-authentication of the remote client:
Mar 4 16:21:21 secgw charon: 14[IKE] PAM authentication of 'knelson' successful
Mar
Remote Access Client: StrongSwan v5.2.0 on Centos 6.6
VPN Server: StrongSwan v5.2.0 on Centos 6.6
Created an IPsec tunnel that was fairly long-lived, ~2 hours 5 minutes. The
only application traffic was a periodic ping from the remote access client to a
host inside the VPN, one per minute.
, 2015, at 4:39 PM, Ken Nelson
k...@cazena.commailto:k...@cazena.com wrote:
Hi,
I’m trying to configure a Linux machine to act as an IPSec VPN gateway, with
the first supported clients being Mac OS X road warriors. I want to support
split tunneling at the client as I only want traffic destined
Does StrongSwan have support for authenticating remote access clients against a
Free IPA Server using Kerberos? I want to authenticate road warrior clients
running Mac OS X connecting to a StrongSwan VPN server (using IKEv1) and
authenticate them against an IPA Server using Kerberos. Is this
Hi,
I’m trying to configure a Linux machine to act as an IPSec VPN gateway, with
the first supported clients being Mac OS X road warriors. I want to support
split tunneling at the client as I only want traffic destined to certain
subnets to be routed to the StrongSwan VPN GW.
The VPN GW
14 matches
Mail list logo