[strongSwan] no response from port 4500, port 500 is ok

Hello Case 1: no response from port 4500, port 500 is ok We have a case were charon does not respond to port 4500 (500 is ok). Charon is our IPSEC client on Linux. Using strongswan 5.8.2 The IPSEC server is Windows 2012R2 * Sending packet on 500 * 2022 Feb 3 20:04:46+00:00

Re: [strongSwan] strict crl policy

Thanks Teledyne Confidential; Commercially Sensitive Business Data -Original Message- From: Users On Behalf Of Andreas Steffen Sent: Sunday, September 26, 2021 12:25 AM To: Modster, Anthony ; users@lists.strongswan.org Subject: Re: [strongSwan] strict crl policy ---External Email

[strongSwan] strict crl policy

Hello Does setting strict CRL policy to yes still work ? The CRL's for TA and SCA are removed. Was expecting the VPN tunnel not to make a connection. strongSwan 5.8.2 # ipsec.conf - strongSwan IPsec configuration file # basic configuration config setup charondebug="ike 2,cfg

[strongSwan] docker strongswan image

Hello Is there information on creating a Docker Strongswan image ? Thanks Teledyne Confidential; Commercially Sensitive Business Data

[strongSwan] URL timeout

Hello Is there a way to increase the URL lookup timeout ? Note: When using OCSP and CDP Thanks Teledyne Confidential; Commercially Sensitive Business Data

Re: [strongSwan] OCSP and libcurl

Hello Does strongswan support libcurl curl_easy_setopt() CURLOPT_INTERFACE curl_easy_setopt - set options for a curl easy handle Teledyne Confidential; Commercially Sensitive Business Data From: Modster, Anthony Sent: Thursday, April 15, 2021 10:36 AM To: users@lists.strongswan.org Subject

[strongSwan] OCSP and libcurl

Hello What path does charon libcurl use when sending OCSP protocol ? The URL is resolved, but the network is not found. *charon [info] 07[CFG] requesting ocsp status from \'http://www.carillon.ca/sha2-ocsp\' ... *charon [info] 07[LIB] libcurl request failed [7]: Failed to

Re: [strongSwan] error notify plugin

Thanks -Original Message- From: Tobias Brunner Sent: Monday, October 19, 2020 4:20 AM To: Modster, Anthony ; users@lists.strongswan.org Subject: Re: [strongSwan] error notify plugin ---External Email--- Hi Anthony, > What causes this error on the peer side ? Hard to say, co

[strongSwan] error notify plugin

Hello We are using the strongswan Error Notify plugin. Charon reported the below error. 2020 Oct 6 23:13:08+00:00 wglng-6957 charon [info] 05[IKE] received AUTHENTICATION_FAILED notify error The Error Notify plugin reported error_notify_msg_t::type = 2. And the information string was

[strongSwan] creating local authentication data failed

Hello What would cause the below error ? 2020 Oct 6 23:13:08+00:00 wglng-6957 charon [info] 05[IKE] received AUTHENTICATION_FAILED notify error 2020 Oct 6 23:13:08+00:00 wglng-6957 IPSecCfgIfManager [notice] bool ErrorNotifyMonitor::ProcessEvents() rx message is new or changed type=2

[strongSwan] unbound

Hello I am looking to see if strongswan can use unbound for OCSP and CRL requests. Looking at the plugin files, it seems it can not ( is this true ? ). revocation

[strongSwan] plugin unbound

Hello Are there examples for using "plugin unbound" ? We want to use it for OCSP and CRL. Thanks

Re: [strongSwan] charon and unbound

? is there any information on this item From: Modster, Anthony Sent: Tuesday, April 21, 2020 10:37 AM To: users@lists.strongswan.org Subject: charon and unbound Hello I am not seeing unbound being used by charon for OCSP or CRL, the log file does not show an attempt to start unbound. Attached

[strongSwan] charon and unbound

Hello I am not seeing unbound being used by charon for OCSP or CRL, the log file does not show an attempt to start unbound. Attached is the log file, and below are configuration and events. What should I check for ? I am using the default configuration of charon (which is): strongswan unbound

[strongSwan] strongswan plugin unbound cant detect ldns

Hello Configure cant detect ldns. I have the path to the staging lib dir. Also checked that the symbol configure looks for is in the libldns.a file. ls -l /home/amodster/montavista/workspace/CGE_6_1_711999_J/tmp/staging/mips-mv-linux/usr/lib32/libldns.a -rw-r--r-- 1 amodster amodster 1650592

[strongSwan] plugin unbound configurations

Hello https://www.strongswan.org/testing/testresults/ikev2/rw-dnssec/ ? where can I find the files used for the test above ( strongswan.conf, unbound.conf, resolv.conf, dnssec.keys ) Looking at the strongswan.conf for dave and carol, it looks like the defaults were used. Thanks

[strongSwan] plugin unbound

Hello Will charon start another "unbound resolver" if one was already started for another task ? Note: plugin unbound

Re: [strongSwan] DNSSEC

Any information on this item. From: Modster, Anthony Sent: Monday, February 24, 2020 12:48 PM To: users@lists.strongswan.org Subject: DNSSEC Hello What plugin and library does strongswan use when doing DNSSEC protocol ? Thanks

[strongSwan] DNSSEC

Hello What plugin and library does strongswan use when doing DNSSEC protocol ? Thanks

[strongSwan] plugins

Hello Is "pki tool" needed for curve25519 ? How to load "pki tool" ?, its not in the plugin list Note: * https://wiki.strongswan.org/projects/strongswan/wiki/PluginList * The plugin list states curve25519 is loaded by default Thanks

[strongSwan] botan plugin

Hello How does the "botan plugin" help ? Note: we are using strongswan client configured for: VICI loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt fips-prf xcbc cmac hmac curl files

[strongSwan] addrblock

Hello If the parameter charon.plugins.addrblock.strict = "no", and address blocks exist in the certificates. Will the addrblock plugin try to set the traffic selectors ? The pki tool gained support for generating certificates

[strongSwan] SHA2 ESP

Hello Can openssl 1.0.2 support ESP SHA2 ? Or do we need to update openssl to 1.1. Thanks

Re: [strongSwan] large CRL file

Thanks -Original Message- From: Users On Behalf Of Thomas Egerer Sent: Saturday, January 11, 2020 4:47 AM To: users@lists.strongswan.org Subject: Re: [strongSwan] large CRL file ---External Email--- Hello Anthony, On 1/11/20 12:37 AM, Modster, Anthony wrote: > Hello > >  

[strongSwan] large CRL file

Hello Does the latest strongswan 5.8.2 address the problem found when loading large CRL files (not using the authorities section) ? Thanks

[strongSwan] MOBIKE

Hello ? where can I find information on MOBIKE routing path selection (descripted in this reference) https://wiki.strongswan.org/projects/strongswan/repository/revisions/597e8c9e009946c994fcba525bacc647f46bae60

[strongSwan] SPI

Hello The range from which SPIs for IPsec SAs are allocated by the kernel is now configurable. (AM), ? is this only for IPSec servers that are using IKEv1

[strongSwan] forecast

Hello ? does strongswan generate any traffic using multicast or broadcast ports https://wiki.strongswan.org/projects/strongswan/repository/revisions/094a4d15cff37b786b9afec2c1cfe834dcd13147 Thanks

Re: [strongSwan] OCSP nonce parameter

? is 5.8.2 stable enough for production -Original Message- From: Tobias Brunner Sent: Thursday, December 19, 2019 10:42 AM To: Modster, Anthony ; users@lists.strongswan.org; Andreas Steffen Cc: Amare, Mesfin Subject: Re: [strongSwan] OCSP nonce parameter ---External Email--- Hi

Re: [strongSwan] OCSP nonce parameter

Hello ? was the nonce parameter fixed in 5.5.8 -Original Message- From: Users On Behalf Of Tobias Brunner Sent: Monday, November 25, 2019 4:36 AM To: Modster, Anthony ; users@lists.strongswan.org; Andreas Steffen Cc: Amare, Mesfin Subject: Re: [strongSwan] OCSP nonce parameter

Re: [strongSwan] OCSP and CDP

Thanks I will take a look, I may write a custom plugin or try python w/openssl -Original Message- From: Tobias Brunner Sent: Thursday, December 19, 2019 9:25 AM To: Modster, Anthony ; users@lists.strongswan.org Subject: Re: [strongSwan] OCSP and CDP ---External Email--- Hi Anthony

Re: [strongSwan] OCSP and CDP

OK, now I am curious ? is there a developers guide for writing plugins ? what would the plugin do ? does (RFC 6960) apply Thanks -Original Message- From: Tobias Brunner Sent: Thursday, December 19, 2019 8:53 AM To: Modster, Anthony ; users@lists.strongswan.org Subject: Re

[strongSwan] OCSP and CDP

Hello ? can strongswan be a OCSP or CDP server We are using strongswan version:5.5.1

[strongSwan] purge user cert

Hello ? is there a way to purge a selected User Cert If 2 VPN tunnels are up, and each VPN tunnel uses its own User Cert (for its organization). Is there a way to purge and reload the first VPN tunnel User Cert. Note: * We are using VICI * We have tried the following: *

Re: [strongSwan] road warrior MTU issues (IPv4)

These are the providers that have MTU issues for us. - Panasonic - BoardConnect/Inmarsat - Verizon - Vodafone -Original Message- From: Users On Behalf Of Harald Dunkel Sent: Wednesday, December 11, 2019 2:09 PM To: users@lists.strongswan.org Subject: Re: [strongSwan] road warrior MTU

Re: [strongSwan] dynamic user cert updates

? any thoughts on this item From: Modster, Anthony Sent: Tuesday, December 10, 2019 4:00 PM To: users@lists.strongswan.org Subject: dynamic user cert updates Hello We cant seem to update our user cert dynamically ( without stopping charon ). Our procedure is * Load User Cert 1 into /etc

Re: [strongSwan] road warrior MTU issues (IPv4)

Let use know the answer to this We also have the same problem on some networks (were are using an embedded system). -Original Message- From: Users On Behalf Of Harald Dunkel Sent: Wednesday, December 11, 2019 1:39 PM To: users@lists.strongswan.org Subject: [strongSwan] road warrior MTU

[strongSwan] dynamic user cert updates

Hello We cant seem to update our user cert dynamically ( without stopping charon ). Our procedure is * Load User Cert 1 into /etc/swanctl/x509/my-cert.crt * vici_do_load()->load_conn() * vici_do_connect()->init_conn() * VPN tunnel comes up * swanctl --list-certs, User Cert

[strongSwan] CDP enable/disable

Hello ? is this the correct parameter for enabling/disabling CDP charon.plugins.revocation.enable_crl

Re: [strongSwan] OCSP nonce parameter

Thanks -Original Message- From: Users On Behalf Of Tobias Brunner Sent: Monday, November 25, 2019 4:36 AM To: Modster, Anthony ; users@lists.strongswan.org; Andreas Steffen Cc: Amare, Mesfin Subject: Re: [strongSwan] OCSP nonce parameter ---External Email--- Hi Anthony, >

[strongSwan] OCSP network unreachable

Hello Error: Failed to connect to 192.64.30.9: Network is unreachable ? Is there a way to configure VICI to point to an interface. When charon is using OCSP, libcurl cant find a path to the server. The VPN it configured to use "swanconf connections..local_addrs". And were are communicating IKE

[strongSwan] CDP CRL

Hello When using CDP, ? will strongswan do the following: * check the signature of the CRL to make sure it is signed by the entity that we trust * CRL should not be expired as well (i.e., nextupdate is not earlier than the system local time) Thanks

Re: [strongSwan] OCSP nonce parameter

Hello Andreas Our security department is insisting that strongswan validate the nonce parameter when received. Is there a way strongswan can accommodate this request. If not we need a way to disable OCSP. Thanks -Original Message- From: Modster, Anthony Sent: Friday, November 8

Re: [strongSwan] OCSP nonce parameter

Hello Andreas Our security department is insisting that strongswan validate the nonce parameter when received. Is there a way strongswan can accommodate this request. If not we need a way to disable OCSP. Thanks -Original Message- From: Modster, Anthony Sent: Friday, November 8

[strongSwan] CDP

Hello When a CRL is uploaded (using CDP): * ? does strongwan validate the trust chain * ? are both CRL's needed ( one for sca and other for ta ) Thanks

[strongSwan] OSCP validation

Hello When strongswan validates the "OCSP signing certificate", ? will it always use the stored trust chain (TA and SCA) Will strongswan, ? always pull the CRL published by the SCA to make sure the "OCSP singing certificate" is nor revoked Thanks

[strongSwan] CRL revoke

Hello ? can charon revoke the user cert from a CRL We are using charon as a client, that has loaded a user cert and a CRL. strongswan 5.5.1 Sample CRL used to revoke user cert. root@wglng-17:/etc/swanctl/ourCrl# openssl crl -in Org1.scacrl1 -text -noout Certificate Revocation List (CRL):

[strongSwan] oscp url

Hello ? how to specify the protocol types in the URI Example: file://xxx http://xxx ldap://xxx authorities..crl_uris Thanks

Re: [strongSwan] OCSP update dime

Hello Noel ? any information on this item -Original Message- From: Noel Kuntze Sent: Wednesday, November 6, 2019 3:50 PM To: Modster, Anthony ; users@lists.strongswan.org Subject: Re: [strongSwan] OCSP update dime I think it takes all of them and tries them in order or something, I'd

Re: [strongSwan] application hook for CPD

Thanks -Original Message- From: Noel Kuntze Sent: Monday, November 11, 2019 11:41 AM To: Modster, Anthony ; users@lists.strongswan.org Subject: Re: [strongSwan] application hook for CPD That's what the first sentence is about. Am 11.11.19 um 20:39 schrieb Modster, Anthony: > ?

Re: [strongSwan] application hook for CPD

? how about the ErrorNotifyPlugin -Original Message- From: Noel Kuntze Sent: Monday, November 11, 2019 11:14 AM To: Modster, Anthony ; users@lists.strongswan.org Subject: Re: [strongSwan] application hook for CPD Hello Anthony, Nope, there is no alert for that in error_notify. I

Re: [strongSwan] application hook for CPD

Hello Is there any information on this item? Also, ? is there an event notification for CPD loading if a CRL is in cache memory and has not expired, and a CPD is uploaded. From: Modster, Anthony Sent: Friday, November 08, 2019 9:41 AM To: users@lists.strongswan.org Subject: application hook

Re: [strongSwan] vici functions thread safe

Sorry, I found the answer, forgot I already asked this question https://lists.strongswan.org/pipermail/users/2017-September/011496.html From: Modster, Anthony Sent: Friday, November 08, 2019 2:07 PM To: users@lists.strongswan.org Subject: vici functions thread safe Hello ? are the following

[strongSwan] vici functions thread safe

Hello ? are the following VICI functions thread safe vici_connect() vici_disconnect() terminate_conn() load_conn() init_conn() Thanks

Re: [strongSwan] OCSP nonce parameter

? is there a possibility of a patch to allow checking the received nonce -Original Message- From: Tobias Brunner Sent: Thursday, November 07, 2019 11:27 PM To: Modster, Anthony ; users@lists.strongswan.org Subject: Re: [strongSwan] OCSP nonce parameter ---External Email--- Hi Anthony

[strongSwan] application hook for CPD

Hello ? does VICI or "error notify plugin" provide a callback when CPD has loaded a CRL CDP enabled There is a loaded CRL in memory, and has expired CPD loads a new CRL Note: In this case charon will only load to memory the new CRL, if expired, or the cache has been flushed manually. Thanks

[strongSwan] OCSP nonce parameter

Hello When using OCSP, ? is the nonce parameter always set.

Re: [strongSwan] OCSP update dime

Hello Noel If the URLs are not set, ? will strongswan read them from the User Cert swanctl: authorities..ocsp_uris “comma-separated list of OCSP URL’s” ? would it be the same for CPD -Original Message- From: Noel Kuntze Sent: Wednesday, November 06, 2019 2:52 PM To: Modster, Anthony

Re: [strongSwan] OCSP update dime

thanks -Original Message- From: Noel Kuntze Sent: Wednesday, November 06, 2019 2:52 PM To: Modster, Anthony ; users@lists.strongswan.org Subject: Re: [strongSwan] OCSP update dime Check the man page for swanctl.conf on the system running strongSwan. Search for authorities or scroll

Re: [strongSwan] OCSP update dime

? were are the configuration parameters for OCSP Note: we are using swanctl (VICI) -Original Message- From: Noel Kuntze Sent: Wednesday, November 06, 2019 2:13 PM To: Modster, Anthony ; users@lists.strongswan.org Subject: Re: [strongSwan] OCSP update dime Answers and question

Re: [strongSwan] OCSP update dime

Thanks See below (A.M.) -Original Message- From: Noel Kuntze Sent: Wednesday, November 06, 2019 1:35 PM To: Modster, Anthony ; users@lists.strongswan.org Subject: Re: [strongSwan] OCSP update dime Hello Anthony, The exact paragraph is > the strongSwan IKE daemon will not try to fe

Re: [strongSwan] OCSP update dime

To: Modster, Anthony ; users@lists.strongswan.org Subject: Re: [strongSwan] OCSP update dime Hello, The request doesn't really make sense. There's no OCSP nextUpdate time, that's part of a CRL. Kind regards Noel Am 06.11.19 um 00:03 schrieb Modster, Anthony: > Hello > >   > > ? what is

[strongSwan] OCSP update dime

Hello ? what is the nextUpdate time ? is it configurable https://wiki.strongswan.org/issues/568 Thanks

[strongSwan] CRL loading

Hello ? does this item effect our version of strongswan 5.5.1 https://wiki.strongswan.org/issues/354 If so, ? was there a CRL already loaded before the connection attempt was made ? are there any other issues when using OCSP for strongswan 5.5.1 Thanks

Re: [strongSwan] DNS support

Hello Tobias ? what are the possible fetcher plugins for CRLs and OCSP -Original Message- From: Tobias Brunner Sent: Monday, September 16, 2019 1:33 AM To: Modster, Anthony ; users@lists.strongswan.org Subject: Re: [strongSwan] DNS support ---External Email--- Hi Anthony, > ? d

[strongSwan] DNS support

Hello ? does strongswan support "HTTPS DNS" Will be using it for: OCSP, CRL and "VICI struct s_connection_parameters:remote_address"

Re: [strongSwan] error handling

) 12[IKE] IKE_SA ELS-VPAPP-WGL08[1] state change: CONNECTING => DESTROYING -Original Message- From: Modster, Anthony Sent: Wednesday, June 26, 2019 9:19 AM To: 'Tobias Brunner' ; users@lists.strongswan.org Cc: Mesfin Amare Subject: RE: [strongSwan] error handling Thanks Our systems gr

Re: [strongSwan] error handling

Thanks Our systems group will be testing most (if not all the errors). But it takes them a while to create all the test cases (we need to test CISCO and Windows gateways). -Original Message- From: Tobias Brunner Sent: Wednesday, June 26, 2019 1:22 AM To: Modster, Anthony ; users

[strongSwan] error handling

Hello When the errors below occur. ? will our application be able to detect them using ether: VICI "event callbacks" or "ErrorNotifyPlugin" If so, which error flags should be monitored. Inacceptable Constraint check failed charon [info] 13[CFG] constraint check failed: identity \'C=US,

Re: [strongSwan] ErrorNotifyPlugin error code

Hello ? any information on the below From: Modster, Anthony Sent: Thursday, June 20, 2019 8:03 AM To: users@lists.strongswan.org Subject: ErrorNotifyPlugin error code Hello ? is there a detailed description on the causes for the ErrorNotifyPlugins error codes below

[strongSwan] ErrorNotify plugin

Hello We started using the ErrorNotifyPlugin. I have noticed that sometimes the charon.enfy does not get created. Note: the VPN tunnel is up and running Prototyping strongswan ErrorNotifyPlugin Location of information files: /var/volatile/run/charon.enfy

Re: [strongSwan] expired CRL

Tobias If we have a CRL the revoked a "secure gateway", and later the CRL expired. ? will strongswan still use the expired CRL We still want strongswan to use the CRL to revoke. -Original Message- From: Tobias Brunner Sent: Thursday, June 13, 2019 1:28 AM To: Modster, Antho

[strongSwan] expired CRL

Hello ? is there a swanctl configuration setting, that if enable will allow an expired CRL to be used Thanks

Re: [strongSwan] VICI event callbacks

Tobias ? does this replace VICI, “event callbacks” This is what we are currently using. -Original Message- From: Tobias Brunner Sent: Wednesday, June 12, 2019 1:35 AM To: Modster, Anthony ; users@lists.strongswan.org Subject: Re: [strongSwan] VICI event callbacks ---External Email

[strongSwan] VICI event callbacks

Hello Are application is using strongswan VICI, event callbacks for VPN status. The following events we want to detect using the "event callbacks". ? is the below possible, and what parameters in the "event callback" should we monitor. Itemized list of conditions that trigger switching from

Re: [strongSwan] EU and EKU

; iKEIntermediate {1.3.6.1.5.5.8.2.2}; id-kp-ipsecIKE {1.3.6.1.5.5.7.3.17}". And we want to make sure that during the VPN connection initiation, the "IPSec gateway" certificate has the right KU and EKU set in the certificate field. Thanks -Original Message- From: Tobias

[strongSwan] VPN tunnel firewall rules

Hello ? can strongswan set firewall policies Looking for a way to set the firewall to block all traffic inside the VPN tunnel, except for what is expected. I could use swanctlconf "connections.,children.updown scripts and add iptables rules there. Thanks

[strongSwan] EU and EKU

Hello ? does the latest version of strongswan provide better "checking of the peer certificate EU and EKU" Our current version is: strongswan swanctl 5.5.1

Re: [strongSwan] charon and CRL loading

Thanks -Original Message- From: Tobias Brunner Sent: Thursday, May 09, 2019 9:26 AM To: Modster, Anthony ; users@lists.strongswan.org Cc: Amare, Mesfin Subject: Re: [strongSwan] charon and CRL loading ---External Email--- Hi Anthony, > If a CRL comes in, then I think we would n

Re: [strongSwan] charon and CRL loading

thorities section" "crl_uirs = fill:///xxx" in swanctl.conf 2. --load-authorities 3. --load-creds -Original Message- From: Users On Behalf Of Tobias Brunner Sent: Thursday, May 09, 2019 8:09 AM To: Modster, Anthony ; users@lists.strongswan.org Cc: Amare, Mesfin Subject: Re

Re: [strongSwan] charon and CRL loading

Thanks -Original Message- From: Tobias Brunner Sent: Thursday, May 09, 2019 8:32 AM To: Modster, Anthony ; users@lists.strongswan.org Cc: Amare, Mesfin Subject: Re: [strongSwan] charon and CRL loading ---External Email--- Hi Anthony, > ? for the CRL cases below, does the host n

Re: [strongSwan] charon and CRL loading

Tobias Sorry one other question. ? for the CRL cases below, does the host need to "drop the connection" for the CRL updates -Original Message- From: Users On Behalf Of Tobias Brunner Sent: Thursday, May 09, 2019 8:09 AM To: Modster, Anthony ; users@lists.strongswan.org

Re: [strongSwan] charon and CRL loading

Thanks -Original Message- From: Users On Behalf Of Tobias Brunner Sent: Thursday, May 09, 2019 8:09 AM To: Modster, Anthony ; users@lists.strongswan.org Cc: Amare, Mesfin Subject: Re: [strongSwan] charon and CRL loading ---External Email--- Hi Anthony, > Item 1, if a new

Re: [strongSwan] charon and CRL loading

ot;, ? will charon automatically re-load the CRL -Original Message- From: Tobias Brunner Sent: Thursday, May 09, 2019 12:59 AM To: Modster, Anthony ; users@lists.strongswan.org Subject: Re: [strongSwan] charon and CRL loading ---External Email--- Hi Anthony, > ? does charon reload t

[strongSwan] charon and CRL loading

Hello ? does charon reload the CRL during ( re-authentication and re-connection ) VPN tunnels are up, and initial CRL's are loaded. If new CRL's arrive, ? will charon use them during ( re-authentication and re-connection ). Thanks

Re: [strongSwan] VPN tunnel using TLS EAP is using wrong SCA cert

Thanks -Original Message- From: Tobias Brunner Sent: Thursday, November 29, 2018 5:12 AM To: Modster, Anthony ; users@lists.strongswan.org Cc: Wong, Richard Subject: Re: [strongSwan] VPN tunnel using TLS EAP is using wrong SCA cert Hi Anthony, > ? can VICI be configured to l

Re: [strongSwan] VPN tunnel using TLS EAP is using wrong SCA cert

Hello Tobias ? can VICI be configured to load a specific SCA cert per VPN (would this help) -Original Message- From: Tobias Brunner Sent: Wednesday, November 28, 2018 2:21 AM To: Modster, Anthony ; users@lists.strongswan.org Subject: Re: [strongSwan] VPN tunnel using TLS EAP is using

Re: [strongSwan] VPN tunnel using TLS EAP is using wrong SCA cert

Hello Tobias ? did you get my last email with attachments -Original Message- From: Modster, Anthony Sent: Monday, November 26, 2018 3:46 PM To: 'Tobias Brunner' ; users@lists.strongswan.org Subject: RE: [strongSwan] VPN tunnel using TLS EAP is using wrong SCA cert Hello Tobias Sorry

Re: [strongSwan] VPN tunnel using TLS EAP is using wrong SCA cert

d_dpd_action=restart dpd_timeout= keying_tries=0 Thanks -Original Message- From: Tobias Brunner Sent: Monday, November 19, 2018 3:00 AM To: Modster, Anthony ; users@lists.strongswan.org Subject: Re: [strongSwan] VPN tunnel using TLS EAP is using wrong SCA cert Hi Anthony, > For this setup a

Re: [strongSwan] VPN tunnel using TLS EAP is using wrong SCA cert

//connections..children..dpd_action //connections..children..ipcomp //connections..children..inactivity //connections..children..reqid //connections..children..mark_in //connections..children..mark_out //connections..children.

[strongSwan] VPN tunnel using TLS EAP is using wrong SCA cert

Hello If VPN tunnel 1 is started before VPN tunnel 2. Then VPN tunnel 2 does not select the correct SCA cert during TLS EAP. It does show the correct SCA cert during configuration. VPN tunnel 1 is ok If VPN tunnel 2 is started before VPN tunnel 1. Then both VPN tunnels are ok. VPN

[strongSwan] VICI and PSK

Hello ? how to configure VICI for PSK Thanks

[strongSwan] routing and firewall policy

Hello ? How to setup routing and firewall policy, when using VICI Thanks

Re: [strongSwan] OSCP

...@lists.strongswan.org] On Behalf Of Andreas Steffen Sent: Saturday, December 16, 2017 2:23 AM To: Modster, Anthony <anthony.mods...@teledyne.com>; users@lists.strongswan.org Subject: Re: [strongSwan] OSCP Hello Anthony, if the OCSP URI is not included via an authorityInfoAccess extension in the end

[strongSwan] OSCP

Hello ? how do we setup OSCP, when using VICI Is there a writeup for this item. ? what support tools are needed on the host Thanks

Re: [strongSwan] VICI and multiple threads

Hello Martin That’s good to know, were currently using VICI, if we run into issues and need to switch to DAVICI, it should be easy. -Original Message- From: Martin Willi [mailto:mar...@strongswan.org] Sent: Friday, September 08, 2017 12:02 AM To: Modster, Anthony <anthony.m

[strongSwan] VICI and multiple threads

Hello ? is the VICI library considered thread safe Can a host use multiple threads to access the library functions.

Re: [strongSwan] [SUSPECT EMAIL: No Reputation] Re: [SUSPECT EMAIL: No Reputation] Re: [SUSPECT EMAIL: No Reputation] Re: [SUSPECT EMAIL: No Reputation] Re: [SUSPECT EMAIL: No Reputation] multiple tun

Hello Noel With routing disabled, then creating the routes manually adding a metric to each route seems to work Thanks ? any other suggestions -Original Message- From: Modster, Anthony Sent: Thursday, May 04, 2017 8:47 AM To: 'Noel Kuntze' <noel.kuntze+strongswan-users

Re: [strongSwan] [SUSPECT EMAIL: No Reputation] Re: [SUSPECT EMAIL: No Reputation] Re: [SUSPECT EMAIL: No Reputation] Re: [SUSPECT EMAIL: No Reputation] Re: [SUSPECT EMAIL: No Reputation] Re: [SUSPECT

Hello Noel OK -Original Message- From: Users [mailto:users-boun...@lists.strongswan.org] On Behalf Of Noel Kuntze Sent: Saturday, May 06, 2017 8:52 AM To: Modster, Anthony <anthony.mods...@teledyne.com>; users@lists.strongswan.org Subject: Re: [strongSwan] [SUSPECT EMAIL: No Repu

Re: [strongSwan] [SUSPECT EMAIL: No Reputation] Re: [SUSPECT EMAIL: No Reputation] Re: [SUSPECT EMAIL: No Reputation] Re: [SUSPECT EMAIL: No Reputation] Re: [SUSPECT EMAIL: No Reputation] Re: [SUSPECT

Hello Noel ? can the gateway IP address be added to the list of variables, to be passed to the _updown script -Original Message- From: Noel Kuntze [mailto:noel.kuntze+strongswan-users-ml@thermi.consulting] Sent: Thursday, May 04, 2017 8:59 AM To: Modster, Anthony <anthony.m

  1   2   >