Hi All,
I am having a doubt regarding IPv4/AH support using
strongswan. Currently i can generate IP/AH/ESP using
strongswan (version 4.3.3), but is it possible to generate
IP/AH/Transport layer protocols. I am trying to pump
IP/AH/UDP using iperf and the ipsec.conf file is given
below.
Can any on
Hi All,
I am having a doubt regarding IPv4/AH support using
strongswan. Currently i can generate IP/AH/ESP using
strongswan (version 4.3.3), but is it possible to generate
IP/AH/Transport layer protocols. I am trying to pump
IP/AH/UDP using iperf and the ipsec.conf file is given
below.
Can any on
Hi All,
I am having a doubt regarding IPv4/AH support using
strongswan. Currently i can generate IP/AH/ESP using
strongswan (version 4.3.3), but is it possible to generate
IP/AH/Transport layer protocols. I am trying to pump
IP/AH/UDP using iperf and the ipsec.conf file is given
below.
Can any on
Hi Mugur,
automated protocols like SCEP use DER format [embedded in PKCS#7]
and web-based CAs offer copy-and-paste functionality in PEM format.
Regards
Andreas
ABULIUS, MUGUR (MUGUR) wrote:
> Hi Martin,
>> the only supported output format of a certificate request file is
>> binary DER.
>
> Fo
Yeah, the synopsis is truly misleading. In all functions we support
input either in der or pem format, irrespectively of the actual file
suffix but currently we can output only binary DER format. We just
lack the time to implement the DER-to-PEM converter.
Best regards
Andreas
ABULIUS, MUGUR (MU
Hi Martin,
>
> the only supported output format of a certificate request file is
> binary DER.
For which reason one will choose "ipsec pki -req" on a strongSwan system
instead openssl to generate certificate request files in DER format?
More general question: Do you know which one of DER or PE
Hi Mugur,
>
> the only supported output format of a certificate request file is
> binary DER.
This is correct.
> How can be created a certificate request file in a PEM format with
> strongSwan commands?
We currently do not support PEM encoding. You'll have to use other tools
for the conversion
Hi.
On Monday 08 March 2010 09:54:42 Daniel Mentz wrote:
> [...]
> So in your case, it's all about the source address.
Thanks for your great explanations. That cleared a lot of things up for me. Do
you happen to know any good recent source where I could read up on how all the
tables work toget
Hi Daniel.
On Monday 08 March 2010 10:02:48 Daniel Mentz wrote:
> One might also argue that the current behavior is more secure [...]
>
> Now, imagine that the hotel's LAN uses the same IP address space as some
> resource on the corporate network. The traffic would then be sent to the
> incorrec
Peter Winterer wrote:
> Hi Daniel,
>
> Am 08.03.2010 10:02, schrieb Daniel Mentz:
>> Matthias Dahl wrote:
To tunnel all internet traffic, you'll need a 0.0.0.0/0 rightsubnet.
This however, includes your local network in the tunnel too.
>>>
>>> One could consider this a bug. Most people c
Hello,
The Synopsis and examples of "ipsec pki -req" command at
http://wiki.strongswan.org/projects/strongswan/wiki/IpsecPkiReq suggest that
the only supported output format of a certificate request file is binary DER.
How can be created a certificate request file in a PEM format with strongSwa
ashish mahalka wrote:
> In the ipsec.conf file for Initiator, keyexchange is specified as
> ikev2 whereas for the Responder it is specified as ikev1. But still i
> am able to establish a ikev2 association between the two peers.
>
The keyexhange setting has no effect on the responder.
keyexchang
Hello Andreas,
I am seeing some strange behaviour while establishing security association.
10.10.10.3 10.10.10.5
(Initiator) (Responder)
(keyexchange=ikev2)
(keyexchange=ikev1)
In the ipsec.conf file for Initia
13 matches
Mail list logo