I am using Strongswan 5.6.1 on my OpenVZ servers
And strongswan 5.6.1 is compiled by myself. kernel-libipsec enabled by
./configure --enable-eap-identity --enable-eap-md5 \ --enable-eap-mschapv2
--enable-eap-tls --enable-eap-ttls --enable-eap-peap \ --enable-eap-tnc
--enable-eap-dynamic --enable-e
kjonca-h7QdYz1kt/q...@public.gmane.org (Kamil Jońca) writes:
> Noel Kuntze
>
> writes:
>
>> 1. Did you test it?
> Yes.
>> 2. I wrote before that you can not pass the assigned DNS server you
>> get via DHCP.
> Yes, I mixed-up two things, and was innacurate. My fault, sorry.
>
>
>> You can use a po
Hi Michael,
in order to access the charon daemon via a vici UNIX socket you
either must be root or if capability dropping is enabled and
a vpn group is defined, you must be member of that vpn group.
The latter case allows mortals to initiate and terminate connections
without having root access to
Hello
? How to setup routing and firewall policy, when using VICI
Thanks
Hello Andreas
If the OCSP URI is included in the authorityInfoAccess extension:
? How does strongswan obtain the IP address
? Does it need to have a DNS client installed on the host
? Can it support secure DNS
Thanks
-Original Message-
From: Users [mailto:users-boun...@lists.strongswa
Noel Kuntze
writes:
> 1. Did you test it?
Yes.
> 2. I wrote before that you can not pass the assigned DNS server you
> get via DHCP.
Yes, I mixed-up two things, and was innacurate. My fault, sorry.
> You can use a pool though to pass it as an
> attribute. Read the manual for swanctl.conf. The s
1. Did you test it?
2. I wrote before that you can not pass the assigned DNS server you get via
DHCP. That is not possible at all. You can use a pool though to pass it as an
attribute. Read the manual for swanctl.conf. The syntax is mentioned there.
Just use two pools. One dhcp, one with the attr
Noel Kuntze
writes:
> 1. Never did that with swanctl. You have to play around with the pools or dig
> around. Maybe it's as simple as "connections..pools = dhcp" or
> "connections..pools = %dhcp". Maybe it's not.
Well, this can be done by simply
pools = dhcp
and alone is not a problem, but ..
1. Never did that with swanctl. You have to play around with the pools or dig
around. Maybe it's as simple as "connections..pools = dhcp" or
"connections..pools = %dhcp". Maybe it's not.
2. You can't.
On 18.12.2017 15:21, Kamil Jońca wrote:
> Noel Kuntze
>
> writes:
>
>> Use a pool. Look at the
Noel Kuntze
writes:
> Use a pool. Look at the UsableExamples[1] page.
> You can't pass dns servers from DHCP at all. It has nothing to do with
> the configuration backend you're using.
I was not too clear probably.
I want to do with swanctl:
1. have client addres taken from dhcp
2. somehow conf
Use a pool. Look at the UsableExamples[1] page.
You can't pass dns servers from DHCP at all. It has nothing to do with the
configuration backend you're using.
Kind regards
Noel
[1] https://wiki.strongswan.org/projects/strongswan/wiki/UsableExamples
On 17.12.2017 08:47, Kamil Jońca wrote:
> I a
Hi,
There's no authentication in VICI.
Kind regards
Noel
On 17.12.2017 14:58, Michael Schwartzkopff wrote:
> Hi,
>
>
> is there any kind of authentication / autorization in the vici
> interface? Or does everybody that has access to the socket (or tcp
> socket) full control over charon?
>
>
> I
Hello!
I'm trying to get the IPSec connection of the iPhone to work with StrongSwan.
Currently it runs with the old racoon (ipsec-tools) and IKEv1. In the old
configuration the password is checked against the AD via the LDAP module.
We want to change to StrongSwan and use IKEv2.
I've got the con
13 matches
Mail list logo