On 8/27/20 7:29 AM, Tobias Brunner wrote:
Hi Michael,
Is there anything needed on the Android client side to recognize Let's
Encrypt?
No.
The StrongSwan App lists DST_Root_CA_X3, but I don't see the
LE cert. Is it needed?
On the server, you need the intermediate CA cert (if you used
Hi,
I have a fedora 30 server with Android Galaxy S8 clients working using
self signed certs on both the server and the StrongSwan android client.
It's been working for years, but now the server cert is about to
expire. I'm trying to migrate to using Let's Encrypt rather than to
continue
Hi,
I've set up an IPv6 in IPv4 tunnel based on
https://www.strongswan.org/testing/testresults/ipv6/net2net-ip6-in-ip4-ikev1/index.html
There are slight changes (e.g. I'm using PSK to get started) but really
just basic stuff. When I compare that page with what I see, I notice
that I don't
I'm trying to get familiar with the load test plugin. To start, I'm
trying the self test [
https://wiki.strongswan.org/projects/strongswan/wiki/LoadTests#Testing-against-self
]
I'm obviously doing something wrong, I can't even get one (two total if
I understand correctly) connection up.
On 06/04/2015 11:28 AM, jsulli...@opensourcedevel.com wrote:
[deleted]
snip
We appear to be chasing a compound problem perhaps also involving
problems with GRE. As we try to isolate components, one issue we see is
TCP Window size. For some reason, even though the w/rmem_max and tcp
have
Hi,
How does one set both leftauth=pubkey and rightauth=pubkey using sql?
The peer_configs table [0] is the only place I see something close. The
table has auth_method, which defaults to 1. According to [1] this is
AUTH_CLASS_PUBKEY
The problem is that ipsec statusall shows the remove as
On 05/29/2015 03:32 PM, Michael C. Cambria wrote:
Hi,
Is there an example of MySQL configuration for host2host?
I'm migrating a working host2host setup from .conf to MySql. To keep
things simple, only one end is moving to sql.
I've been looking at [0] as a guide and have something
Hi,
Is there an example of MySQL configuration for host2host?
I'm migrating a working host2host setup from .conf to MySql. To keep
things simple, only one end is moving to sql.
I've been looking at [0] as a guide and have something almost working.
For host2host, I don't know what values
Hi Tobias,
First, thanks for the help. Replies, Follow-up comments inline.
On 05/26/2015 05:04 AM, Tobias Brunner wrote:
Hi Michael,
What fails isn't obvious. Looking at one test I was interested in,
net2net-cert-sha2, it looked like the test actually did pass (or I just
can't find the
Do all tests pass? I had 30+ fail using strongswan-5.3.0tarball + this
patch.
What fails isn't obvious. Looking at one test I was interested in,
net2net-cert-sha2, it looked like the test actually did pass (or I just
can't find the failure.) I did notice 9 plugin features couldn't be
On 05/22/2015 09:31 AM, Tobias Brunner wrote:
Hi Michael,
What fails isn't obvious. Looking at one test I was interested in,
net2net-cert-sha2, it looked like the test actually did pass (or I just
can't find the failure.)
You may compare your results to the ones at [1].
I did, other than
, uniqueids=never. I'll play with that value next, thanks.
Refer to the man page of 'ipsec.conf' for all the details.
Mit freundlichen Grüßen/Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 16.12.2014 um 21:27 schrieb Michael C. Cambria
Hi,
Is there a way to have StrongSwan defer starting (or StrongSwan
reload) until %defaultroute is set?
I have a few remote sites that get their IPv4 address via DHCP.
StrongSwan starts at boot. On occasion DHCP hasn't assigned the IP
address or default route before StrongSwan starts, so
Using rightsubnet=0.0.0.0/0seems to be working.
On 10/29/2014 04:08 PM, Michael C. Cambria wrote:
Hi,
Is host to host supported when one side is behind NAT? I'm using
strongSwan U5.1.2/K3.13.0-35-generic on Ubuntu 14.04 and IKEv2
The configuration below only works when I explicitly tell
Hi,
Is host to host supported when one side is behind NAT? I'm using
strongSwan U5.1.2/K3.13.0-35-generic on Ubuntu 14.04 and IKEv2
The configuration below only works when I explicitly tell the server
what the IPv4 address is of the client that is behind NAT. e.g. I
uncomment
15 matches
Mail list logo