Hi Dirk,
Not sure why the behavior changed between 5.1.3 and 5.2.0 in this
regard; likely that it is related to the replaced ipsec.conf parser.
It's probably the new parser.
Checking the logs on the gateway running 5.1.3 I discovered that the
rightsendcert = never wasn't honoured for any
Hi Tobias,
--On Wednesday, July 16, 2014 10:48:30 AM +0200 Tobias Brunner
tob...@strongswan.org wrote:
Not sure why the behavior changed between 5.1.3 and 5.2.0 in this
regard; likely that it is related to the replaced ipsec.conf parser.
It's probably the new parser.
Checking the logs on
Hi Dirk,
Not sure why the behavior changed between 5.1.3 and 5.2.0 in this
regard; likely that it is related to the replaced ipsec.conf parser.
It's probably the new parser.
Checking the logs on the gateway running 5.1.3 I discovered that the
rightsendcert = never wasn't honoured for any
Hi Martin,
--On Friday, July 11, 2014 03:04:27 PM +0200 Martin Willi
mar...@strongswan.org wrote:
ipsec_starter[3318]: notifying watcher failed: Broken pipe
I got: no trusted RSA public key found for NAME
Btw, I don't think these two issues are directly related. While
asynchronous IPC
Dirk,
was there a change in 5.2 about charon asking for the certificate of
the peer? I can establish a connection when I add leftsendcert=yes to
the configuration of my roadwarrior.
None that I'm aware of. leftsendcert=ifasked was the policy ever since.
If I don't add it I get a connection
With this connection active it doesn't matter if I set rightsendcert to
ifasked or yes in the default section or the specific connection
section of my linux roadwarrior. I can't connect because charon doesn't
send a certificate request.
If I remove the conn section for win 7 eap, I can
Hi Martin,
--On Tuesday, July 15, 2014 01:52:45 PM +0200 Martin Willi
mar...@strongswan.org wrote:
With this connection active it doesn't matter if I set rightsendcert
to ifasked or yes in the default section or the specific connection
section of my linux roadwarrior. I can't connect
Hi Noel,
--On Thursday, July 10, 2014 06:35:40 PM +0200 Noel Kuntze
n...@familie-kuntze.de wrote:
Can you please provide your strongswan.conf?
sure.
Server now back on 5.1.3 is simple using still the single
strongswan.conf:
=
charon {
threads = 16
Dirk,
1. I get this error on both systems after upgrade:
ipsec_starter[3318]: notifying watcher failed: Broken pipe
Hm, interesting, not sure were this broken pipe could come from, nor do
I see this error on my 64bit Wheezy.
Can you provide a little more context to this error message? What
Hi Martin,
--On Friday, July 11, 2014 09:52:40 AM +0200 Martin Willi
mar...@strongswan.org wrote:
1. I get this error on both systems after upgrade:
ipsec_starter[3318]: notifying watcher failed: Broken pipe
Hm, interesting, not sure were this broken pipe could come from, nor
do I see this
Dirk,
Thanks for the update. I could reproduce the issue, it happens when
starter forks() to the background. I haven't seen that, as starter logs
to a different file here.
Due to [1], starter closefrom()s all open file descriptors after the
fork. As we now use libstrongswan to manage IPC
ipsec_starter[3318]: notifying watcher failed: Broken pipe
I got: no trusted RSA public key found for NAME
Btw, I don't think these two issues are directly related. While
asynchronous IPC operation is affected, starter actually doesn't use
that.
Probably something else is wrong with that
Hi Martin,
--On Friday, July 11, 2014 02:55:26 PM +0200 Martin Willi
mar...@strongswan.org wrote:
Thanks for the update. I could reproduce the issue, it happens when
starter forks() to the background. I haven't seen that, as starter
logs to a different file here.
ah yes I use auth.log for
Hi Martin,
@Tobias: What do you think about reverting [1]? Could we use a less
aggressive mechanism to close these FDs for Android?
I guess we could. I don't remember what the problem was exactly,
probably that charon was still attached to the shell somehow. Looking
at the time stamp, this
Hi,
I hit two problems after upgrading to 5.2.
System on both sides is a Debian wheezy 64. Strongswan compiled with:
[client]
./configure --prefix=/usr --sysconfdir=/etc --enable-blowfish
--enable-curl --enable-openssl --disable-ikev1 --enable-ntru
[gateway]
./configure --prefix=/usr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello Dirk,
Can you please provide your strongswan.conf?
Regards,
Noel Kuntze
GPG Key id: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 10.07.2014 15:54, schrieb Dirk Hartmann:
Hi,
I hit two problems after
16 matches
Mail list logo