Re: [strongSwan] Strongswan 5.5

Andreas, There was an issue with creating private RSA key. That has been resolved now. Thanks for the direction. Rajeev On Wed, Feb 7, 2018 at 1:05 AM, Andreas Steffen < andreas.stef...@strongswan.org> wrote: > Hi Rajeev, > > the private key itself does not pass the key integrity tests of >

Re: [strongSwan] Strongswan 5.5 - no private key found-

Let me know I can send you more information. On Thu, Feb 8, 2018 at 12:19 PM, rajeev nohria wrote: > > > Now I am getting the following error and not able to resolve this for > sometime. Any inkling is helpful here. > > > Using DAVICI, I did make sure local.id is "C=US,

Re: [strongSwan] received TS_UNACCEPTABLE notify, no CHILD_SA built

Sujoy,   Just to make sure everything is working OK. Try setting:     left=192.168.10.40     right=192.168.10.38 and     left=192.168.10.38     right=192.168.10.40 Comment out left/rightsubnet configs. They should default to the same IP addresses as left/right. --Jafar

Re: [strongSwan] received TS_UNACCEPTABLE notify, no CHILD_SA built

* Jafar Al-Gharaibeh > You can NOT have the least significant octet set to zero with a 32-bit > netmask Sure you can. There is no fundamental difference between 192.168.10.0/32 and, say, 192.168.10.10/32. Both are equally valid, and both refer to a single address/host. Tore

Re: [strongSwan] received TS_UNACCEPTABLE notify, no CHILD_SA built

Thanks Jafar, for the update. But after setting up without subnet and "type=tunnel or transport" it shows the same error "failed to establish CHILD_SA, keeping IKE_SA. What should be issue. Thanks On Friday 09 February 2018 01:53 AM, Jafar Al-Gharaibeh wrote: Sujoy,   Just to make sure

Re: [strongSwan] questions on eap-gtc and xauth

any help on this ? On Thu, Feb 8, 2018 at 8:54 PM, karthik kumar wrote: > Hi, >We are setting up oath based VPN connection with pam_oath > > I have setup in my local with the Xauth config something like this > > reponder > leftauth=pubkey > rightauth=pubkey >

[strongSwan] Strongswan 5.5 - no private key found-

Now I am getting the following error and not able to resolve this for sometime. Any inkling is helpful here. Using DAVICI, I did make sure local.id is "C=US, O=ARRIS Group, Inc., OU=DCA Remote Device Certificate, CN=FF:FF:05:E6:E7:80" What else I be missing? writing RSA key 11[CFG] loaded

Re: [strongSwan] received TS_UNACCEPTABLE notify, no CHILD_SA built

Hi Jafar/Noel, What means " received TS_UNACCEPTABLE notify, no CHILD_SA built [IKE] failed to establish CHILD_SA, keeping IKE_SA" . Same error comes in the new installed Linux also. root@client:~# ipsec up tunnel initiating IKE_SA tunnel[1] to 192.168.10.40 generating IKE_SA_INIT request 0

[strongSwan] questions on eap-gtc and xauth

Hi, We are setting up oath based VPN connection with pam_oath I have setup in my local with the Xauth config something like this reponder leftauth=pubkey rightauth=pubkey rightauth2=xauth-pam initiator leftauth=pubkey rightauth=pubkey leftauth2=xauth xauth=client xauth_identity= and it

Re: [strongSwan] received TS_UNACCEPTABLE notify, no CHILD_SA built

On 2/8/2018 2:53 AM, Tore Anderson wrote: * Jafar Al-Gharaibeh You can NOT have the least significant octet set to zero with a 32-bit netmask Sure you can. There is no fundamental difference between 192.168.10.0/32 and, say, 192.168.10.10/32. Both are equally valid, and