Let me know if I am incorrect , user_data is the last parameter in the
davici_queue?
1) Now Is it right practice to add few more elements in tester stucture to
passed in call back function? These additional elements can be used to
mange the response of deleting the connections.
2) If there
Thanks a lot..
Rajeev
On Tue, Jun 26, 2018 at 8:00 AM, Tobias Brunner
wrote:
> > Question: Is there way to know when we parse response from Davici that
> > which conenction is deleted? If yes what parameter of davici we get
> > information? i see reqcb() parse the davici reponse.
>
> Two
Scenario: Strongswan has established multiple IKE connections with
different peers.
Lets say we have three different connections. Out of those we plan to
delete two connections via initiating using davici terminate command.
Question: Is there way to know when we parse response from Davici that
Hi Tobias,
Which parameter to configure the specific remote IP address for a
connection, so that we can reject the messages from any other IP address?
I am assuming we are talking about one of parameter in swanctl.conf.
If we are talking about connections..remote_addrs..
I did configure
For following scenario, is it Strongswan bug? Responder IP address is
*fc00:cada:c406::200. *But if reply come from even different IPv6 address
everything goes successful like nothing is wrong. In following case
IKE_SA_INIT
response came from *fc00:cada:c406::500. *I would imagine it should
I use Davici Interface with Strongswan 5.5
Is there way to Stronswan to ignore IKE-SA-INIT response from a bogus IPv6
address? Strongswan replies to all the IKE-SA-INIT receive from all IP
addresses.
thanks,
Rajeev
jeev
On Fri, Apr 27, 2018 at 5:08 PM, Phil Frost <p...@postmates.com> wrote:
> Does dpdaction=clear do what you need?
>
>
> On Fri, Apr 27, 2018, 10:11 rajeev nohria <rajnoh...@gmail.com> wrote:
>
>> I am using Strongswan5.5.0 and using Davici interface. Is th
I am using Strongswan5.5.0 and using Davici interface. Is there way (any
options) to delete the SA immediately if peer goes down instead of going
through retries?
Any help is appreciated. I could not find anything so far..
Thanks,
Rajeev
In DAVICI, what are the events and what are they for? I see davici_register
and davici_unregister function.
I am looking for events like certificate failed or certificate revoked or
IKEv2 connection failed. I do see it is in log but I would like to receive
those events so that code can react to
Thanks, Based on response i was able to resolve my issue. I was removing
"/" when reading the subject.
-Rajeev
On Fri, Feb 9, 2018 at 11:02 AM, Tobias Brunner
wrote:
> Hi Rajeev,
>
> > Using DAVICI, I did make sure local.id is "C=US,
> > O=ARRIS Group, Inc., OU=DCA
Let me know I can send you more information.
On Thu, Feb 8, 2018 at 12:19 PM, rajeev nohria <rajnoh...@gmail.com> wrote:
>
>
> Now I am getting the following error and not able to resolve this for
> sometime. Any inkling is helpful here.
>
>
> Using DAVICI, I did make
Now I am getting the following error and not able to resolve this for
sometime. Any inkling is helpful here.
Using DAVICI, I did make sure local.id is "C=US, O=ARRIS Group, Inc.,
OU=DCA Remote Device Certificate, CN=FF:FF:05:E6:E7:80"
What else I be missing?
writing RSA key
11[CFG] loaded
integrity tests of
> the gpm plugin. How did you create the private RSA key?
>
> Regards
>
> Andreas
>
> On 07.02.2018 04:43, rajeev nohria wrote:
> >
> >
> > I am getting following error.
> >
> > writing RSA key
> > 11[LIB] key integrity tests fai
I am getting following error.
writing RSA key
11[LIB] key integrity tests failed
11[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 8 builders
What could be wrong? I verified the certificate and private key from
following site and they matched.
means local
is also not using TFC padding?
Why would local would send msg with TFC when TFC disabled by default. I
have tried tfc_padding = 0 in configuration and get the same message. Just
trying to understand..
On Wed, Jan 10, 2018 at 10:51 AM, rajeev nohria <rajnoh...@gmail.com> wr
I am trying to understand if ESP_TFC_PADDING_NOT_SUPPORTED means Local is
using the TFC.
I am getting ESP_TFC_PADDING_NOT_SUPPORTED msg from remote. Is that means
local is using the TFC.
On local I have to configured tfc_padding and by default it is disabled.
If by default it is disabled why
PEM format files..
On Tue, Dec 12, 2017 at 9:33 AM, rajeev nohria <rajnoh...@gmail.com> wrote:
> This is at originator side where we are seeing the issue..
>
> ~# ipsec listcerts
>
> List of X.509 End Entity Certificates
>
> subject: "C=US, O=ARRIS G
Let me know if you need more info..
On Mon, Dec 11, 2017 at 2:45 PM, rajeev nohria <rajnoh...@gmail.com> wrote:
> Please find the key and config. I am using davici so I am printing the
> configuration from log as commands are executing.
>
> Load-Connection command
>
at 10:39 AM, Jafar Al-Gharaibeh <ja...@atcorp.com>
wrote:
> Can you share your config/secret files ?
>
> --Jafar
>
>
> On 12/11/2017 9:17 AM, rajeev nohria wrote:
>
> Anyone can help in this issue, I have setup the id with Subject id. Still
> have this issue. Is any
Anyone can help in this issue, I have setup the id with Subject id. Still
have this issue. Is anything else I am missing?
Thanks,
Rajeev
On Tue, Nov 14, 2017 at 12:44 PM, rajeev nohria <rajnoh...@gmail.com> wrote:
>
> Not sure what is wrong here, Can you let me know if
Not sure what is wrong here, Can you let me know if I am missing
something here.
16[KNL] creating acquire job for policy
fc00:cada:c406:607::1001/128[tcp/43005] ===
fc00:cada:c406::200/128[tcp/8190] with reqid {2}
2017-11-13 15:58:56,001-HalTransport.py-94-INFO-Start a agent transport
I figured out, one of certificate was not loaded. Fixed it and working now.
On Mon, Oct 9, 2017 at 10:36 AM, rajeev nohria <rajnoh...@gmail.com> wrote:
> I am using swanctl, and having "no matching peer config found" issue.
>
> Please find logs and swanctl.conf
I am using swanctl, and having "no matching peer config found" issue.
Please find logs and swanctl.conf in this email.
Thanks,
Rajeev
9[NET] received packet: from fc00:cada:c402:607::1001[500] to
2017::5002[500] (264 bytes)
09[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP)
I resolved the issue by setting up id properly. Thanks for the direction.
On Fri, Oct 6, 2017 at 8:37 AM, rajeev nohria <rajnoh...@gmail.com> wrote:
> Anderas,
>
> Thanks for reply. I am using davici interface instead of swanctl.conf. I
> do set the id as id: fc00:c
fine the following in swanctl.conf:
>
> local {
>auth = pubkey
>certs = myCert.pem
> }
>
> This first causes the private key to be found automatically based
> on the fingerprint of the public key contained in the certificate and
> the ID to be set to the subject disting
I have seen this issue before and fixed it. But this time I am not able to
figure you. Let me know if anyone see issue or any suggestion. Thanks in
advance.
Problem:
Getting error while initiating the connection.
*[IKE] no private key found for 'fc00:cada:c404:607::1001'*
*11[IKE] no private
Following capture is taken on responder side. Can you give any idea what
could be wrong?
15[ENC] parsed IKE_AUTH request 1 [ IDi IDr AUTH N(USE_TRANSP) SA TSi TSr
N(MOBIKE_SUP) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
15[CFG] looking for peer configs matching 2001:2016:0:1::23e[2001:2016:0
Ok, I will register on the issue tracker.
On Thu, Oct 27, 2016 at 2:37 PM, Noel Kuntze <n...@familie-kuntze.de> wrote:
> On 27.10.2016 20:34, rajeev nohria wrote:
> >
> > I am getting similar to following issue. Not sure how it was resolved.
> > https://wiki
(-h) show usage information
libgcc_s.so.1 must be installed for pthread_cancel to work
Aborted
On Wed, Oct 19, 2016 at 2:43 PM, rajeev nohria <rajnoh...@gmail.com> wrote:
> Thomas,
>
> I tired both way and did not help. Not sure what I could be missing. In
> foll
/projects/strongswan/wiki/Strongs
> wandirectory
>
>
> On 10/18/2016 04:37 PM, rajeev nohria wrote:
>
>> Noel,
>>
>> I still having issue after going through many hit and trial method to
>> fix this,
>>
>> root@Xilinx-ZCU102-2016_1:~# charon
>> 00[DMN] S
Noel,
I still having issue after going through many hit and trial method to fix
this,
root@Xilinx-ZCU102-2016_1:~# charon
00[DMN] Starting IKE charon daemon (strongSwan 5.5.0, Linux 4.4.0, aarch64)
00[LIB] feature CUSTOM:libcharon in critical plugin 'charon' has unmet
dependency: NONCE_GEN
I am all set after adding libatomic.so.1 in lib directory.
On Tue, Oct 4, 2016 at 3:05 PM, rajeev nohria <rajnoh...@gmail.com> wrote:
> Andreas,
>
> Thank you for all your help. I have compiled the Strongswan with
> petalinux . Whenever I run the charon I get t
blob.
>
> Regards
>
> Andreas
>
> On 15.09.2016 21:20, rajeev nohria wrote:
> > Anderas,
> >
> > When using davici-
> > For the loading of private rsa keys, that has to be loaded like the
> > certificate?
> >
> > Thanks,
> >
Anderas,
When using davici-
For the loading of private rsa keys, that has to be loaded like the
certificate?
Thanks,
Rajeev
On Thu, Sep 15, 2016 at 3:19 PM, rajeev nohria <rajnoh...@gmail.com> wrote:
> Anderas,
>
> For the loading of private rsa keys, that has to
r the vici socket using davici.
>
> Regards
>
> Andreas
>
> On 04.08.2016 05:03, rajeev nohria wrote:
> > Thanks Andreas,
> >
> > It worked, I know started to implement in Davici. I had PSK working in
> > Davici. With certificates, I am having following
oy the Root CA
> certificate on both hosts.
>
> Best regards
>
> Andreas
>
> On 01.08.2016 21:24, rajeev nohria wrote:
> >
> > I was able to establish IKE connection using PSK but when using pubkey I
> > am not able to able to establish the IKE connection.
> >
I have very simple config file and trying to implement the same with DAVICI
APIs. Please find attached file for config and its implementation. Not sure
what is wrong, any insight would help me. Tester.c file is also compiled
with cmd.c.
Thanks,
Rajeev
/*
* Copyright (C) 2015 CloudGuard Software
Noel,
I was able to install policy using swanctl --install and a packet from data
plane was able to trigger the SAs.
Thanks for you help.
Rajeev
On Mon, Jun 13, 2016 at 1:24 PM, rajeev nohria <rajnoh...@gmail.com> wrote:
> Noel,
> I am using Strongswan 5.4 with swanctl.conf and str
Noel,
I am using Strongswan 5.4 with swanctl.conf and strongswan.conf. There is
no option for auto=route. Is there anything equivalent?
Thanks,
Rajeev
On Mon, Jun 6, 2016 at 10:15 AM, Noel Kuntze <n...@familie-kuntze.de> wrote:
> On 06.06.2016 14:28, rajeev nohria wrote:
> >
&
++
> then consider the DAVICI library:
>
> https://github.com/strongswan/davici/blob/master/README.md
>
> Regards
>
> Andreas
>
> On 11.05.2016 13:50, rajeev nohria wrote:
> > Andreas,
> >
> > I appreciate helping me out. Now I am making progress with Charon
t.
>
> And there's still the VICI API to charon that you can use to dynamically
> load and unload any configuration.
>
> On 02.06.2016 19:26, rajeev nohria wrote:
> > Noel,
> >
> > We are planning to install SA and policies dynamically. We don't want to
> use t
Does anyone has example of DAVICI code example and willing to share?
Rajeev
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
I added manual entries for policy using "ip xfrm policy" both at receptor
and initiator. Both are host and IP address of 10.13.199.185 and
10.13.199.130.
Initiator:
sudo ip xfrm policy add src 10.13.199.185 dst 10.13.199.130 dir out tmpl
src 10.13.199.185 dst 10.13.199.130 proto esp reqid
I am testing between two Ubuntus. We are using Strongswan 5.4.0. with
certificate and keys in swanctl/x509, swanctl/x509ca and swanctl/rsa.
I could not figure how to resolve this. I am creating certificates using
ipsec pki as an example on strongSwan website. Is it anything obvious I am
> If you intend to write your management application in C or C++
> then consider the DAVICI library:
>
> https://github.com/strongswan/davici/blob/master/README.md
>
> Regards
>
> Andreas
>
> On 11.05.2016 13:50, rajeev nohria wrote:
> > Andreas,
> >
> > I
ig --enable-systemd
>
> and enable and start the strongswan-swanctl service.
>
> BTW - in order to use the vici socket you must be root. Thus
>
> sudo swanctl --load-conn
>
> Best regards
>
> Andreas
>
>
> On 09.05.2016 16:34, rajeev nohria wrote:
>
&g
tef...@strongswan.org> wrote:
> Hi Rajeev,
>
> try running charon in the foreground:
>
>sudo /usr/local/libexec/ipsec/charon
>
> and check for error messages in the console window.
>
> Cheers Andreas
>
> On 11.05.2016 11:53, rajeev nohria wrote:
>
>> Andreas,
ocess status
> (ps aux | grep charon)?
>
> Regards
>
> Andreas
>
> On 05/11/2016 04:04 AM, rajeev nohria wrote:
> > Thanks Andreas,
> >
> > I ran the charon and also copied the charon script file to /etc/init.d.
> > Now when I run sudo swanctl --load-c
I am new user of Strongswan and running 5.4.0. After creating certificates
and configuring two Ubuntu m/c with Strongswan 5.4.0. I try to create
connection as following and get error. Please advise, how to resolve
following issue?
$swanctl --load-conn
connecting to 'unix:///var/run/charon.vici'
49 matches
Mail list logo