Re: [strongSwan] Windows 7 IKEv2 Error

, at 3:15 PM, Chris Arnold wrote: On Jan 7, 2014, at 11:21 AM, Kimmo K wrote: Hello Chris Did you regenerate your server certificate when the public IP address changed? No. I asked earlier if this would be the problem. I am trying to do that now. If you remember, you created

Re: [strongSwan] SS5.1.0 and libipsec, configuration and usage questions

2014/1/8 Martin Willi mar...@strongswan.org: Hello Martin Would it be possible (in theory) to use two backends at the same, by defining it connection based? Theoretically, why not. However, we currently create only one kernel backend instance. Creating another one and selecting the correct

Re: [strongSwan] Windows 7 IKEv2 Error

Hello Chris Did you regenerate your server certificate when the public IP address changed? You really should use DNS for your server (example server1.edens.domain.com) and then add that to your certificate CN field and optionally to Subject Alternative Name DNS field. Then you could use

Re: [strongSwan] SS5.1.0 and libipsec, configuration and usage questions

Hello Martin and others I have not tried libipsec after september but I'm still interested at the feature. What kind of plans you have for the libipsec, what kinds of features there will be in the future? Would it be possible (in theory) to use two backends at the same, by defining it connection

Re: [strongSwan] Centos6.5, building SS 5.1.1 or 5.1.2dr2 fails

Hello Tobias Thanks for your help, I was able to track this down. It builds fine (with or without patch) as long as I don't define --with-capabilities=libcap With --with-capabilities=libcap, it does build 5.1.0 but won't build 5.1.1 or 5.1.2dr2. I don't even know that that does, but maybe it

Re: [strongSwan] Centos6.5, building SS 5.1.1 or 5.1.2dr2 fails

=== yy.yy.yy.yy/32 out ... Regards, Kimmo 2013/12/19 Kimmo K koi...@gmail.com: Hello Tobias Thanks for your help, I was able to track this down. It builds fine (with or without patch) as long as I don't define --with-capabilities=libcap With --with-capabilities=libcap, it does build 5.1.0

Re: [strongSwan] Centos6.5, building SS 5.1.1 or 5.1.2dr2 fails

HAVE_SYS_CAPABILITY_H # include sys/capability.h 2013/12/19 Kimmo K koi...@gmail.com: update: --with-capabilities=native fails too. And I cannot get 5.1.1 to work without --with-capabilities: Dec 19 19:34:27 10[CFG] received stroke: route 'conn1' Dec 19 19:34:27 10[KNL] received netlink error

[strongSwan] Centos6.5, building SS 5.1.1 or 5.1.2dr2 fails

Hello I'm have built strongswan rpm's with mock in Centos 6.5 (2.6.32-431.el6.x86_64). Building 5.1.0 works okay, but 5.1.1 or 5.1.2dr2 does not. Any ideas, what should I do to get it to build? Best Regards, Kimmo Mockbuild: mv -f $depbase.Tpo $depbase.Plo libtool: compile: gcc

Re: [strongSwan] Centos6.5, building SS 5.1.1 or 5.1.2dr2 fails

Hi Martin Did not help, is there any other patches for this issue? Regards, Kimmo Script started on Wed 18 Dec 2013 09:37:45 PM EET ]0;yes@build-server:~/rpm/SOURCES/tmp/strongswan-5.1.1[?1034h[yes@build-server strongswan-5.1.1]$ cat ../../strongswan-centos6.patch ---

Re: [strongSwan] Azure dynamic routing VPN and Strongswan

Hello I have tried to get this up and running with 5.1.0, having some problems: # strongswan up to-azure initiating IKE_SA to-azure[1] to azure-public-ip generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] sending packet: from ss-public-ip[500] to azure-public-ip[500] (648

[strongSwan] Fwd: Azure dynamic routing VPN and Strongswan

think, that Azure wants you to authenticate using a signed certificate. Look for that line: Sep 26 15:04:21 11[IKE] received 24 cert requests for an unknown ca Regards Noel Kuntze On 26.09.2013 18:37, Kimmo K wrote: Hello I have tried to get this up and running with 5.1.0, having some

Re: [strongSwan] Azure dynamic routing VPN and Strongswan

. But I'll keep trying, I appreciate any ideas how to get this working. Regards, Kimmo Regards Noel Kuntze On 26.09.2013 19:28, Kimmo K wrote: Hello Noel I think it just sends cert request but still wants to do PSK. There is no option to use certificates, as fas as I have understood

Re: [strongSwan] Azure dynamic routing VPN and Strongswan

And now I was able to negotiate SA's just fine... I re-generated PSK from azure and replaced the old one with it, it helped. So, Strongswan 5.1.0 is able to negotiate IKEv2 tunnel to MS Azure Dynamic Route VPN. Regards, Kimmo 2013/9/26 Kimmo K koi...@gmail.com: 2013/9/26 Noel Kuntze n

[strongSwan] Azure dynamic routing VPN and Strongswan

Hello There is IKEv2 based dynamic routing VPN option to connect Microsoft Azure network. With that option, site-to-site connection is made with IKEv2 and PSK. Connection requirements: http://msdn.microsoft.com/en-us/library/windowsazure/jj156075.aspx Is there any way to connect Azure with

Re: [strongSwan] Azure dynamic routing VPN and Strongswan

2013/9/20 Martin Willi mar...@strongswan.org Is there any way to connect Azure with Strongswan, using IKEv2 and this dynamic routing VPN option? According to the documentation, this looks like standard IKEv2 with PSK authentication. I wouldn't expect any interoperability problems with