Re: [strongSwan] [Strongswan][Error] Loaded 0 Radius server configurations

2013-10-06 Thread Ccf Cloud 
Hi Martin,

Thanks for the quick guidance.

On Fri, Oct 4, 2013 at 3:51 PM, Martin Willi mar...@strongswan.org wrote:


  For my setup all the configurations are read from /usr/local/etc/*.conf.

  ./configure [...] --with-strongswan-conf

 ./configure --help says:

--with-strongswan-conf=arg
set the strongswan.conf file location (default:
${sysconfdir}/strongswan.conf).

 So it sets a path. Most likely omitting the argument breaks that. Just
 leave out that option.


Removing the --with-strongswan-conf option works for me. Now I am able to
start ipsec on my gateway machine (Linux box).



 Also, your log shows:

  00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'

 This indicates that your installations uses the ${sysconfdir} /etc,
 not /usr/local/etc.

 Regards
 Martin


I've another question. Do you have any sample code for working eap-sim or
eap-aka based authentication from Android? I mean I want my Android device
to be the road-warrior (based on your examples) and my linux box is the
gateway. My radius server (hostapd based) is hosted on some other machine
which gateway has access to.

Currently I'm trying to modify libandroidbridge code to do that but I'm
getting NO_PROPOSAL_CHOOSEN error at the IKE_SA_INIT itself. Can you please
help me on this?

Thanks.

--Regards
Sam
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

[strongSwan] IKEv1 fragmentation support for Windows clients

2013-10-06 Thread Volker RĂ¼melin 
Hi strongSwan developers,

sometimes I have problems to build up a VPN connection to strongswan 
with my Windows clients because of misconfigured or broken routers 
dropping IP fragments. A few months ago I tried to enable IKEv1 
fragmentation support for Windows clients with a small patch. This works 
for Windows XP clients, but breaks Windows 7 l2tp/ipsec clients. It 
seems Windows 7 ignores IKE fragments for the second exchange. As a 
quick workaround I set fragment_size = 1196. In my case now only 
messages containing certificates are sent as IKE fragments, which makes 
Windows 7 clients work again.

Now I have a few patches which enable just this behaviour. With 
fragmentation=onlycerts strongswan only sends IKE fragments if the peer 
supports it and the message contains certificates.

Before I continue I would like to know if this is something you can 
accept for the repository?

Thanks,

Volker

___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users