[strongSwan] peer cert verification: X509: temporary cert import operation failed

Hello together, I'm currently trying to set up a IKEv1 connection with strongswan 5.6.0 on Fedora 27. It uses a local nssdb in /etc/ipsec.d to handle certificates / private keys. The connection definition loads fine. When I tell the client to connect, it fails to verify the certificate from the

Re: [strongSwan] osx Sierra ikev2 connection successful but no traffic

Thanks for your response. I did fix that by changing to 0.0.0.0/0 .. On Thu, Feb 15, 2018 at 2:50 PM, Tobias Brunner wrote: > Hi Karthik, > > > CHILD_SA vpn{2} established with SPIs c13091e4_i c869298c_o and TS > 10.244.15.1/32 === 0.0.0.0/32 > > This remote traffic

Re: [strongSwan] Accessing VPN client from private network

Hi Marco, > FARP is configured on both client and gateway, and I can reach > all the internal network from the vpn client (ubuntu linux). > ... > Still pinging the vpn client from the internal network does not work. You mean you are able to e.g. ping hosts in the remote network from the client

Re: [strongSwan] Can strongSwan support "mutiple IPv6 nodes behind NAT"?

Hi, > 1). public node can create IPsec connection with 2 or more private nodes > behind NAT?  Sure. > 2). IPv6 behind NAT?  >       https://lists.libreswan.org/pipermail/swan/2018/002489.html shows > that libreswan does NOT support it because "Linux does not yet have > support for

Re: [strongSwan] osx Sierra ikev2 connection successful but no traffic

Hi Karthik, > CHILD_SA vpn{2} established with SPIs c13091e4_i c869298c_o and TS > 10.244.15.1/32 === 0.0.0.0/32 This remote traffic selector (0.0.0.0/32) doesn't look right. This should probably be 0.0.0.0/0. Since your client config looks OK, check how the server is configured. Regards,