Hello together,
I'm currently trying to set up a IKEv1 connection with strongswan 5.6.0 on
Fedora 27.
It uses a local nssdb in /etc/ipsec.d to handle certificates / private keys.
The connection definition loads fine. When I tell the client
to connect, it fails to verify the certificate from the
Thanks for your response. I did fix that by changing to 0.0.0.0/0 ..
On Thu, Feb 15, 2018 at 2:50 PM, Tobias Brunner
wrote:
> Hi Karthik,
>
> > CHILD_SA vpn{2} established with SPIs c13091e4_i c869298c_o and TS
> 10.244.15.1/32 === 0.0.0.0/32
>
> This remote traffic
Hi Marco,
> FARP is configured on both client and gateway, and I can reach
> all the internal network from the vpn client (ubuntu linux).
> ...
> Still pinging the vpn client from the internal network does not work.
You mean you are able to e.g. ping hosts in the remote network from the
client
Hi,
> 1). public node can create IPsec connection with 2 or more private nodes
> behind NAT?
Sure.
> 2). IPv6 behind NAT?
> https://lists.libreswan.org/pipermail/swan/2018/002489.html shows
> that libreswan does NOT support it because "Linux does not yet have
> support for
Hi Karthik,
> CHILD_SA vpn{2} established with SPIs c13091e4_i c869298c_o and TS
> 10.244.15.1/32 === 0.0.0.0/32
This remote traffic selector (0.0.0.0/32) doesn't look right. This
should probably be 0.0.0.0/0. Since your client config looks OK, check
how the server is configured.
Regards,