[strongSwan] Scepclien failed to generate certificate

Hi, Im new to scepclient feature, im trying to get certificate and currently with no success. im using the exmples provided in scepclient man: ipsec scepclient --out caCert --url * -f - finishes successfully and generates 3 cert files under cacerts dir. ipsec scepclient --out

Re: [strongSwan] Accessing VPN client from private network

Hi Marco, > VPN Client -> Gateway -> internal network with some servers > The VPN gets an IP from DHCP Server (i.e 192.168.1.100) > Gateway has IP 192.168.1.10, can ping the VPN client 192.168.1.100 > Pinging the VPN client from a server in the network (e.g. 192.168.1.20) does > not work. > >

[strongSwan] Accessing VPN client from private network

Hi, sorry if my question has already been posted, but could not find an answer: Is it possible to access to a VPN client from the private network? I’ll make an example (I have strongswan in place for the VPN): VPN Client -> Gateway -> internal network with some servers The VPN gets an IP from

[strongSwan] Which strongSwan plugin to securely store/retrieve the PSKs ?

Hello, For a strongSwan client/server configuration using PSKs for IPsec authentication I am looking for a way to securely store/retrieve the PSKs. The client uses a HW based TPM. The server uses an in-house CryptoAgent software with similar TPM functionalities. I have seen the "Trusted Platform

Re: [strongSwan] Pre-shared secret and digital certificate simultaneously

You can have server (responder) authenticate itself using certificate and client (initiator) authenticate using PSK something like this, client leftauth=secret rightauth=pubkey server leftauth=pubkey rightauth=secret Yes you put both the entries in ipsec.secrets : RSA : PSK

Re: [strongSwan] can't connect to SonicWall VPN with strongSwan

I tried enabling the unity option as shown below but I still get the same log output. /etc/strongswan.d/charon.conf:# Send Cisco Unity vendor ID payload (IKEv1 only). /etc/strongswan.d/charon.conf:cisco_unity = yes /etc/strongswan.d/charon/unity.conf:unity {

Re: [strongSwan] can't connect to SonicWall VPN with strongSwan

Thanks Justin. I tried changing modecfg to pull and already had leftsourceip=%config. The connection still failed similarly but this time there was no attempt to assign an IP to the responder. These are the parameters from the Global VPN client in Windows that will successfully connect:

[strongSwan] Using ipsec.conf with sql-pools

Hi! We would like to become a little more control over the usage of the IP-addresses to lease, that for I think that SQL-IP-Pools could be a solution. Until now we are using ipsec.conf to configure the Charon and I hope we shouldn't change that. But I'm a little confused about using sql ip

[strongSwan] osx Sierra ikev2 connection successful but no traffic

Hi, I have successful connection from my Sierra Mac using strongswan-5.6.1 to our vpn server $ sudo ipsec up vpn Password: initiating IKE_SA vpn[2] to *...* *installing 10.245.250.251 as DNS server* *installing 10.245.250.227 as DNS server* *installing new virtual IP 10.244.15.1*