Hi,
Im new to scepclient feature, im trying to get certificate and currently
with no success.
im using the exmples provided in scepclient man:
ipsec scepclient --out caCert --url * -f - finishes successfully
and generates 3 cert files under cacerts dir.
ipsec scepclient --out
Hi Marco,
> VPN Client -> Gateway -> internal network with some servers
> The VPN gets an IP from DHCP Server (i.e 192.168.1.100)
> Gateway has IP 192.168.1.10, can ping the VPN client 192.168.1.100
> Pinging the VPN client from a server in the network (e.g. 192.168.1.20) does
> not work.
>
>
Hi,
sorry if my question has already been posted, but could not find an answer:
Is it possible to access to a VPN client from the private network?
I’ll make an example (I have strongswan in place for the VPN):
VPN Client -> Gateway -> internal network with some servers
The VPN gets an IP from
Hello,
For a strongSwan client/server configuration using PSKs for IPsec
authentication I am looking for a way to securely store/retrieve the PSKs.
The client uses a HW based TPM. The server uses an in-house CryptoAgent
software with similar TPM functionalities.
I have seen the "Trusted Platform
You can have server (responder) authenticate itself using certificate and
client (initiator) authenticate using PSK
something like this,
client
leftauth=secret
rightauth=pubkey
server
leftauth=pubkey
rightauth=secret
Yes you put both the entries in ipsec.secrets
: RSA
: PSK
I tried enabling the unity option as shown below but I still get the same
log output.
/etc/strongswan.d/charon.conf:# Send Cisco Unity vendor ID payload
(IKEv1 only).
/etc/strongswan.d/charon.conf:cisco_unity = yes
/etc/strongswan.d/charon/unity.conf:unity {
Thanks Justin. I tried changing modecfg to pull and already had
leftsourceip=%config. The connection still failed similarly but this time
there was no attempt to assign an IP to the responder.
These are the parameters from the Global VPN client in Windows that will
successfully connect:
Hi!
We would like to become a little more control over the usage of the
IP-addresses to lease, that for I think that SQL-IP-Pools could be a solution.
Until now we are using ipsec.conf to configure the Charon and I hope we
shouldn't change that.
But I'm a little confused about using sql ip
Hi,
I have successful connection from my Sierra Mac using strongswan-5.6.1 to
our vpn server
$ sudo ipsec up vpn
Password:
initiating IKE_SA vpn[2] to
*...*
*installing 10.245.250.251 as DNS server*
*installing 10.245.250.227 as DNS server*
*installing new virtual IP 10.244.15.1*