stance a simultaneous login
from the iPhone and the iPad.
If this "uniqueness" is only determined by the login username and not
further data (like a mac address or name of the connecting device), I see
that this will not work.
Or do you have any other ideas to make this work?
Regards
Sven
-add dynamic --start 192.168.3.20 --end 192.168.3.254 --timeout 4h
ipsec pool --add static --addresses static.ippool --timeout 0
--
Sven Anders () UTF-8 Ribbon Campaign
/\ Support plain text e-mail
ANDURAS intranet securit
ge do you expect or what should I search for?
>
> For instance, messages around refcount changes of the policies. You can
> also post it somewhere for us to have a look at.
Thank you,
I will send you a link to download it. If anybody want the log output too, to
analys
ot; to "auto=route", which I found in a
>> description
>> of a similar problem, but that changed nothing...
>
> auto=route makes no sense on a gateway for roadwarriors.
Ok, just read about it in another similar problem and this was one idea
to solve it
of a similar problem, but that changed nothing...
Regards
Sven Anders
---8X-
Here is the configuration:
ipsec.conf:
---
config setup
uniqueids=never
charondebug = ike 2, net 2, pts 2, lib 2, tls 2, cfg 3,
0 50-0 - Fax: +49 (0)851-4 90 50-55
Rechtsform: Aktiengesellschaft - Sitz: Passau - Amtsgericht: Passau HRB 6032
Mitglieder des Vorstands: Dipl.-Inf. Sven Anders, Dipl.-Inf. Marcus Junker
Vorsitzender des Aufsichtsrats: RA Mark Peters
<>
Hello!
can nobody help me with this issue?
Or isn't the question worth it?
Regards
Sven
Am 27.08.18 um 23:32 schrieb Sven Anders:
> Am 22.08.2018 um 17:48 schrieb Sven Anders:
>> Hello!
>>
>> We are experiencing two problems when using CRLs.
>> Our Linux sy
Am 22.08.2018 um 17:48 schrieb Sven Anders:
> Hello!
>
> We are experiencing two problems when using CRLs.
> Our Linux systems runs strongSwan 5.6.2.
>
>
> 1) Because we want a hourly update of CRLs and the standard CRLs timeout
>is 7 days, we created a cronjob, tha
g 22 16:01:43 2101120420063 charon: 30400[IKE] no trusted RSA public key
found for 'testu...@company.de'
But as you can see here, the user is denied.
What happened here? Is the (delta) reason "remove from crl" misinterpreted as an
revocation reason?
Regards
Sven Anders
--
Sven Anders
no chance here, even if I set the data field to "TEXT NOT NULL COLLATE
NOCASE".
But thanks for the tips!
Regards
Sven Anders
--
Sven Anders () UTF-8 Ribbon Campaign
/\ Support plain text e-mail
ANDURAS in
n.
>
> Another option is probably to convert the identities to text and store
> and compare them as such, but that would also require several code changes.
>
> Regards,
> Tobias
Thank for the answer!
In other words:
I have to change to code to make it work this way
all certificates
> of the X.509 trust chain. See the following example scenario:
>
> https://www.strongswan.org/testing/testresults5dr/swanctl/rw-ed25519-certpol/
>
> Regards
>
> Andreas
>
> On 20.06.2018 13:41, Sven Anders wrote:
>> Am 20.06.2018 um 10:43 schrieb Andr
ve?
Or any other ideas?
Regards
Sven Anders
PS: Sorry for the first wrong posting...
--
Sven Anders () UTF-8 Ribbon Campaign
/\ Support plain text e-mail
ANDURAS intranet security AG
Messestrasse 3 - 94036 Passau - Ge
Hello!
I'm using the "attr-sql" plugin to make static user IP assignments.
The database matches the CN in the certificate.
Is it possible to match here case insensitive?
Regards
Sven Anders
--
Sven Anders () UTF-8 Ribbo
root ca with a path length of 1
8235[IKE] authentication of 'MYNAME@my-group.local' with RSA signature
successful
8235[CFG] constraint requires cert policy 1.3.6.1.5.5.7.3.2
8235[CFG] selected peer config 'ikev2-pubkey' inacceptable: non-matching
authentication done
8235[CFG] no alternative config foun
dedKeyUsage is a just a list of OIDs and there are no
restrictions I know of, we use this to differentiate between classes of
certificates we issue.
If this isn't supported, how can we use StrongSwan to distinguish between
groups of certificates without using Sub-CAs?
We cannot be the first with this requir
own space too.
How can I check in StrongSwan, if a certain EKU exists?
Regards
Sven Anders
--
Sven Anders () UTF-8 Ribbon Campaign
/\ Support plain text e-mail
ANDURAS intranet security AG
Messestrasse 3 - 94036 P
Kuntze:
> Hi,
>
> Try with O2, not O3.
>
> Kind regards
>
> Noel
>
> On 05.06.2018 22:11, Sven Anders wrote:
>> Hello!
>>
>> I'm experiencing a segmentation fault, if I set charondebug = cfg to a value
>> greater than 2.
>> I'm using
lly goes here)
#conn ikev2-eap-mschapv2
#also=rw-config
#keyexchange=ikev2
#auto=add
## right - remote (client) side
#rightauth=eap-mschapv2
#eap_identity=%identity
# Use RADIUS EAP plugin
#conn ikev2-eap-radius
#also=rw-config
#keyexchange=ikev2
erver.key
user : PSK "test"
user %any% : EAP "test"
Regards
Sven Anders
--
Sven Anders <and...@anduras.de> () UTF-8 Ribbon Campaign
/\ Support plain text e-mail
ANDURAS intranet security AG
Messestr
working configuration that I can use as a reference?
> Disabling replay protection does not improve performance.
Ok, I did read about this in some posting, so I tried this too.
Regards
Sven Anders
--
Sven Anders <and...@anduras.de> () UTF-8 Ribbon Campaign
socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0
src ::/0 dst ::/0
socket in priority 0
src ::/0 dst ::/0
socket out priority 0
src ::/0 dst ::/0
socket in priority 0
src ::/0 dst ::/0
socket out priority 0
--
Sven Anders <a
22 matches
Mail list logo
