, at 3:15 PM, Chris Arnold wrote:
On Jan 7, 2014, at 11:21 AM, Kimmo K wrote:
Hello Chris
Did you regenerate your server certificate when the public IP address
changed?
No. I asked earlier if this would be the problem. I am trying to do that
now. If you remember, you created
2014/1/8 Martin Willi mar...@strongswan.org:
Hello Martin
Would it be possible (in theory) to use two backends at the same, by
defining it connection based?
Theoretically, why not. However, we currently create only one kernel
backend instance. Creating another one and selecting the correct
Hello Chris
Did you regenerate your server certificate when the public IP address changed?
You really should use DNS for your server (example
server1.edens.domain.com) and then add that to your certificate CN
field and optionally to Subject Alternative Name DNS field.
Then you could use
Hello Martin and others
I have not tried libipsec after september but I'm still interested at
the feature. What kind of plans you have for the libipsec, what kinds
of features there will be in the future?
Would it be possible (in theory) to use two backends at the same, by
defining it connection
Hello Tobias
Thanks for your help, I was able to track this down.
It builds fine (with or without patch) as long as I don't define
--with-capabilities=libcap
With --with-capabilities=libcap, it does build 5.1.0 but won't build
5.1.1 or 5.1.2dr2.
I don't even know that that does, but maybe it
===
yy.yy.yy.yy/32 out
...
Regards,
Kimmo
2013/12/19 Kimmo K koi...@gmail.com:
Hello Tobias
Thanks for your help, I was able to track this down.
It builds fine (with or without patch) as long as I don't define
--with-capabilities=libcap
With --with-capabilities=libcap, it does build 5.1.0
HAVE_SYS_CAPABILITY_H
# include sys/capability.h
2013/12/19 Kimmo K koi...@gmail.com:
update: --with-capabilities=native fails too.
And I cannot get 5.1.1 to work without --with-capabilities:
Dec 19 19:34:27 10[CFG] received stroke: route 'conn1'
Dec 19 19:34:27 10[KNL] received netlink error
Hello
I'm have built strongswan rpm's with mock in Centos 6.5 (2.6.32-431.el6.x86_64).
Building 5.1.0 works okay, but 5.1.1 or 5.1.2dr2 does not.
Any ideas, what should I do to get it to build?
Best Regards,
Kimmo
Mockbuild:
mv -f $depbase.Tpo $depbase.Plo
libtool: compile: gcc
Hi Martin
Did not help, is there any other patches for this issue?
Regards,
Kimmo
Script started on Wed 18 Dec 2013 09:37:45 PM EET
]0;yes@build-server:~/rpm/SOURCES/tmp/strongswan-5.1.1[?1034h[yes@build-server
strongswan-5.1.1]$ cat ../../strongswan-centos6.patch
---
Hello
I have tried to get this up and running with 5.1.0, having some problems:
# strongswan up to-azure
initiating IKE_SA to-azure[1] to azure-public-ip
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from ss-public-ip[500] to azure-public-ip[500] (648
think, that Azure wants you to authenticate using a signed certificate.
Look for that line:
Sep 26 15:04:21 11[IKE] received 24 cert requests for an unknown ca
Regards
Noel Kuntze
On 26.09.2013 18:37, Kimmo K wrote:
Hello
I have tried to get this up and running with 5.1.0, having some
.
But I'll keep trying, I appreciate any ideas how to get this working.
Regards,
Kimmo
Regards
Noel Kuntze
On 26.09.2013 19:28, Kimmo K wrote:
Hello Noel
I think it just sends cert request but still wants to do PSK. There is
no option to use certificates, as fas as I have understood
And now I was able to negotiate SA's just fine...
I re-generated PSK from azure and replaced the old one with it, it helped.
So, Strongswan 5.1.0 is able to negotiate IKEv2 tunnel to MS Azure
Dynamic Route VPN.
Regards,
Kimmo
2013/9/26 Kimmo K koi...@gmail.com:
2013/9/26 Noel Kuntze n
Hello
There is IKEv2 based dynamic routing VPN option to connect Microsoft
Azure network.
With that option, site-to-site connection is made with IKEv2 and PSK.
Connection requirements:
http://msdn.microsoft.com/en-us/library/windowsazure/jj156075.aspx
Is there any way to connect Azure with
2013/9/20 Martin Willi mar...@strongswan.org
Is there any way to connect Azure with Strongswan, using IKEv2 and this
dynamic routing VPN option?
According to the documentation, this looks like standard IKEv2 with PSK
authentication. I wouldn't expect any interoperability problems with
15 matches
Mail list logo