Hi Mario,
if the Cisco ASA does not tunnel the strongSwan IKE traffic then just
do remote attestation via the PT-TLS protocol. On the client side you
can use the strongSwan pt-tls-client and on the server side add the
tnc-pdp plugin listening on the PT-TLS TCP port 271 to the strongSwan
charon
Hi all,
I wish to use StrongSwan for remote attestation through a Cisco ASA, eg:
StrongSwan gateway 192.168.0.0/24 ASA 192.168.1.0/24 Device
With no ASA I have successfully configured StrongSwan with remote
attestation using the EAP-TTLS plugin. I have also managed to configure a
Hi,
I tried to make strongSwan work in road warrior mode with VPN server
integrated in Aruba controller, the tunnel is established successfully and
the communication is OK, but I found the tunnel is shut down after IKE
re-authentication.
After some study, I found between after msg MM6 strongSwan
Well, looking at the source code (5.6.0 release tarball), the "offending
line" is at revocation_validator.c:264:
if (revoked)
{ /* revoked always counts, even if stale */
*valid = VALIDATION_REVOKED;
}
So two questions now come to my mind:
1.
Hi,
I'm trying to set up a use case where user certificates are revoked
temporarily and then re-activated (think of a user being banned from
accessing the server at set times, according to a policy). So I've got
an OCSP server that returns either "good" or "revoked" responses
according to
I have changed both configs to 127.0.0.1 and restarted both StrongSwan and
FreeRadius but I got the same error message.
Then I changed them both to 0.0.0.0 and restarted both servers, and I still
get the same error message.
Any idea what this could be?
On Wed, Nov 15, 2017 at 9:01 AM, Michael
Am 15.11.2017 um 09:58 schrieb Houman:
> Hallo Michael,
>
>
> Thanks for your reply. Indeed I should have checked the radius log. It
> seems the shared secret is incorrect, but there do match in configs as
> pasted below.
> Where else could the secret have been used that I have missed? Thanks
>
Hallo Michael,
Thanks for your reply. Indeed I should have checked the radius log. It
seems the shared secret is incorrect, but there do match in configs as
pasted below.
Where else could the secret have been used that I have missed? Thanks
*vim /var/log/freeradius/radius.log*
Wed Nov 15
