[strongSwan] Sharing virtual IP address with IP masquerading

2010-03-02 Thread aecomm
Hi. I am new to strongSwan, and after examining the documentation, I do not think it supports my particular application. I would appreciate if someone could help explain if I missed something, or if there is a mechanism to do what I need. Thanks. I have a setup like this: Box A (client)

Re: [strongSwan] Please help - Using strongSwan to connect to CheckPoint VPN-1

2010-03-02 Thread Martin Willi
Hi, > conn test >authby=xauthrsasig >forceencaps=yes >keyexchange=ikev1 >keyingtries=1 >type=tunnel >xauth=client >right= >leftsourceip=%modeconfig > ipsec up test > 021 no connection named "test" You additionally need the "auto" pa

Re: [strongSwan] create_rng fails

2010-03-02 Thread Martin Willi
Hi Anil, > While trying to run Pluto on my platform, create_rng function is > failing. RNGs are provided through plugins, by default via the "random" plugin. The plugin reads random data from /dev/random and /dev/urandom. Double check that the plugin is loaded properly and these files are availa

[strongSwan] create_rng fails

2010-03-02 Thread NAGARAJAN, ANIL (ANIL)
Hi All, While trying to run Pluto on my platform, create_rng function is failing. Is there any extra configuration required so that init_secret() which internally calls create_rng() doesn't fail. Regds Anil N ___ Users mailing list Users@lists.strongsw

Re: [strongSwan] Please help - Using strongSwan to connect to CheckPoint VPN-1

2010-03-02 Thread Sucha Singh
Thanks Daniel, I've made some progress, please could you take a look at my ipsec.conf: # ipsec.conf - strongSwan IPsec configuration file # basic configuration config setup     plutostart=yes     nat_traversal=yes     plutodebug=all # Add connections here. conn test    authby=xaut

Re: [strongSwan] Possibly a bug in charon when auto=start

2010-03-02 Thread Martin Willi
Hi, > This means that we can access each other directly without IPsec while > charon is setting up the tunnel. And when I set "auto=route" - charon > works ok and filters unsecured packets back and forth. Yes, this is the intended behavior. auto=start does not install policies until the tunnel ha

[strongSwan] Possibly a bug in charon when auto=start

2010-03-02 Thread Владимир Подобаев
Hello! I've discovered a strange behaviour of charon. I'm building a tunnel on esp 3des and IKEv2. When I set "auto=start" option in conn section and my peer is up but without running charon - I'm still able to ping my peer and the peer can ping me also. This means that we can access each other