Re: [strongSwan] ARM and I386 ?
Version 4.3.4 does not work on my arm board, whereas v4.3.3 and the latest git development code, does. Hence, I am not chasing this problem any more. I will stick to 4.3.3 or git code, until the new release comes out. For the record, this is what I get with 4.3.4: Sep 14 17:05:13 ds-board authpriv.warn ipsec_starter[351]: Starting strongSwan 4.3.4 IPsec [starter]... Sep 14 17:05:13 ds-board authpriv.debug ipsec_starter[351]: | Default route found: iface=eth0, addr=10.224.2.101, nex0 Sep 14 17:05:13 ds-board authpriv.debug ipsec_starter[351]: | Loading config setup Sep 14 17:05:13 ds-board authpriv.debug ipsec_starter[351]: | Loading conn %default Sep 14 17:05:13 ds-board authpriv.debug ipsec_starter[351]: | Loading conn 'test' Sep 14 17:05:13 ds-board authpriv.debug ipsec_starter[351]: | Found netkey IPsec stack Sep 14 17:05:13 ds-board authpriv.debug ipsec_starter[365]: | Attempting to start charon... Sep 14 17:05:13 ds-board daemon.info charon: 01[DMN] Starting IKEv2 charon daemon (strongSwan 4.3.4) Sep 14 17:05:13 ds-board daemon.info charon: 01[DMN] thread 1073862784 received 4 Sep 14 17:05:13 ds-board daemon.info charon: 01[DMN] killing ourself, received critical signal Regards, Dimitris Dimitrios Siganos wrote: > I also have a problem on the arm platform. I am cross compiling from > Linux/Intel to arm platform. > The latest release that works for me is 4.3.3. I don't know if have the > same problem. I am investigating right now. > > Dimitrios Siganos > > Nguyễn Hoàng Anh wrote: > >> Hi Andreas and all members! >> >> Today, after finished "make" and "make install" strongswan 4.3.4 on an ARM >> architecture, I try setup it with a tunnel host-to-host to an I386, but I >> get this error in log file of pluto in I386: >> >> >> .. >> "client2" #2: we have a cert and are sending it upon request >> "server" #3: NAT-Traversal: Result using RFC 3947: no NAT detected >> "server" #3: we have a cert and are sending it upon request >> "client1" #1: next payload type of ISAKMP Hash Payload has an unknown value: >> 55 >> "client1" #1: malformed payload in packet >> "client2" #2: next payload type of ISAKMP Hash Payload has an unknown value: >> 181 >> "client2" #2: malformed payload in packet >> "server" #3: next payload type of ISAKMP Hash Payload has an unknown value: >> 164 >> "server" #3: malformed payload in packet >> .. >> >> What is this error and how can I solve it ? >> >> Many thanks! >> ___ >> Users mailing list >> Users@lists.strongswan.org >> https://lists.strongswan.org/mailman/listinfo/users >> >> > > ___ > Users mailing list > Users@lists.strongswan.org > https://lists.strongswan.org/mailman/listinfo/users > ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] ARM and I386 ?
I also have a problem on the arm platform. I am cross compiling from Linux/Intel to arm platform. The latest release that works for me is 4.3.3. I don't know if have the same problem. I am investigating right now. Dimitrios Siganos Nguyễn Hoàng Anh wrote: > Hi Andreas and all members! > > Today, after finished "make" and "make install" strongswan 4.3.4 on an ARM > architecture, I try setup it with a tunnel host-to-host to an I386, but I > get this error in log file of pluto in I386: > > > .. > "client2" #2: we have a cert and are sending it upon request > "server" #3: NAT-Traversal: Result using RFC 3947: no NAT detected > "server" #3: we have a cert and are sending it upon request > "client1" #1: next payload type of ISAKMP Hash Payload has an unknown value: > 55 > "client1" #1: malformed payload in packet > "client2" #2: next payload type of ISAKMP Hash Payload has an unknown value: > 181 > "client2" #2: malformed payload in packet > "server" #3: next payload type of ISAKMP Hash Payload has an unknown value: > 164 > "server" #3: malformed payload in packet > .. > > What is this error and how can I solve it ? > > Many thanks! > ___ > Users mailing list > Users@lists.strongswan.org > https://lists.strongswan.org/mailman/listinfo/users > ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] ARM and I386 ?
It looks like a problem in the IKE session key derivation. The encryption keys derived from the Diffie-Hellman secrets don't seem to be the same on both sides, so that the payloads encrypted by the sender cannot be decrypted by the receiver. In order diagnose this problem I recommend to ramp up the debugging level by setting plutodebug="control crypt" in the config setup section of /etc/ipsec.conf files on both sides so that you will get a debug output of the form: http://www.strongswan.org/uml/testresults43/ikev1/alg-blowfish/moon.auth.log showing the Diffie-Hellman secrets and the derived session keys. Best regards Andreas Nguyễn Hoàng Anh wrote: > Hi Andreas and all members! > > Today, after finished "make" and "make install" strongswan 4.3.4 on an ARM > architecture, I try setup it with a tunnel host-to-host to an I386, but I > get this error in log file of pluto in I386: > > > .. > "client2" #2: we have a cert and are sending it upon request > "server" #3: NAT-Traversal: Result using RFC 3947: no NAT detected > "server" #3: we have a cert and are sending it upon request > "client1" #1: next payload type of ISAKMP Hash Payload has an unknown value: > 55 > "client1" #1: malformed payload in packet > "client2" #2: next payload type of ISAKMP Hash Payload has an unknown value: > 181 > "client2" #2: malformed payload in packet > "server" #3: next payload type of ISAKMP Hash Payload has an unknown value: > 164 > "server" #3: malformed payload in packet > .. > > What is this error and how can I solve it ? > > Many thanks! == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution!www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===[ITA-HSR]== ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Support for AKA-Identity and AKA-Reauthentication in the EAP-AKA plugin
Hi, > these two messages are NOT supported by strongSwan Yes, our AKA implementation is not complete. It does not support Identity exchange, pseudonyms or Re-Authentication. > AKA-Identity There was no need for AKA-Identity so far, as most setups use a separate EAP-Identity exchange or directly use the identity of the IKEv2 exchange. > AKA-[Re]Authentication Yes, we don't support it. The IKEv2 exchange is usually more expensive than full AKA authentication, reducing the benefit of fast Re-Authentication to a minimum. > Are there plans to implement support for this anytime soon ? There is no real interest from our side to extend the EAP-AKA support, as it is not a feature an ordinary user needs. So if no one steps up to sponsor the development, we probably won't implement these features soon. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
[strongSwan] ARM and I386 ?
Hi Andreas and all members! Today, after finished "make" and "make install" strongswan 4.3.4 on an ARM architecture, I try setup it with a tunnel host-to-host to an I386, but I get this error in log file of pluto in I386: .. "client2" #2: we have a cert and are sending it upon request "server" #3: NAT-Traversal: Result using RFC 3947: no NAT detected "server" #3: we have a cert and are sending it upon request "client1" #1: next payload type of ISAKMP Hash Payload has an unknown value: 55 "client1" #1: malformed payload in packet "client2" #2: next payload type of ISAKMP Hash Payload has an unknown value: 181 "client2" #2: malformed payload in packet "server" #3: next payload type of ISAKMP Hash Payload has an unknown value: 164 "server" #3: malformed payload in packet .. What is this error and how can I solve it ? Many thanks! ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
[strongSwan] How to configure Mode Config virtual address lifetime on Strongswan...
Hi, I am trying to test modecfg feature. I am using Strongswan as Modecfg server. I am able to get virtual address from Strongswan, but i am not getting how to add lifetime. *I wanted to know, how to configure Mode Config virtual address lifetime on Strongswan.* Regards, Sunilkumar ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
