Hello Phil,
> Client 1 send the packet addressed for 8.8.4.4, and the server receives it.
> Now the server doesn't know about the routing tables on client 1: it only
> knows it has this packet addressed to 8.8.4.4. How does the server know a
> packet for 8.8.4.4 should go through client 2?
It
Hi
I have a ikev1 session up, however i also see multiple child SA, if leave
the seesion for a log run. Would like to understand on this scenario and
should i take any actions if these scenarios is seen .
sl1childsa: #726, reqid 368, INSTALLED, TUNNEL-in-UDP,
ESP:AES_CBC-128/HMAC_SHA1_96
installe
On Fri, May 4, 2018 at 7:57 AM Arab Abdulla wrote:
> Dear Admins!
>
> Please help. Can't make work routing. I have net scheme:
> IPSEC Client 1 <--> IPSEC Server <--> IPSEC Client 2
>
> IPSEC IPs of computers:
> Server: 10.1.1.1
> Client 1: 10.1.2.1
> Client 2: 10.1.3.1
>
> I can ping 10.1.3.1 fr
Hi Tobias,
> So you're using IKEv1 now? (Was IKEv2 in your original mail, and you
> should definitely prefer that if you can.)
yes this is another customer. I should have opened another thread.
> Different IKE proposals. With ipsec.conf the default proposal(s) are
> added to whatever you confi
It's designed for a very specific use case, but if you install it in a
sandbox somewhere, you can get a feel for the powershell scripts and
other bits that are used to configure the clients.
It's all wrapped around Strongswan, so you can transfer the
functionality to your own setup, if you fin
We are working with very locked down systems so wouldn’t be able to install
that software unfortunately but will have a look out of interest,
Thanks
> On 4 May 2018, at 13:15, Tom Rymes wrote:
>
>> On 05/04/2018 3:45 AM, Christian Salway wrote:
>> Thanks to Dirk Hartmann and his scripting idea,
Hi Marco,
> Here are the two outputs:
>
> (non working)
> [IKE] initiating Main Mode IKE_SA cbt[494] to 31.169.105.210
> [ENC] generating ID_PROT request 0 [ SA V V V V V ]
> [NET] sending packet: from 205.223.229.254[500] to 31.169.105.210[500] (180
> bytes)
So you're using IKEv1 now? (Was IK
On 05/04/2018 3:45 AM, Christian Salway wrote:
Thanks to Dirk Hartmann and his scripting idea, The simplest way to add
a VPN connection to Windows 10 that includes the routing to the internal
IP, is by running the following commands in PowerShell commands. This
also enables strong ciphers (MO
Hi Tobias,
> The other end sends that notify back because it couldn't authenticate
> the initiator, so check the log there.
Unfortunately I have no access to the other ipsec peer.
I have also tried with another customer and I'm getting
the same behavior.
Here are the two outputs:
(non working)
Hi Marian,
> I checked it.
>
> Fedora 28:5.6.2-2
> Ubuntu 18.04: 5.6.2-1
>
> Both behave the same.
You can't compare these version numbers, only 5.6.2 is from upstream,
the stuff afterwards depends on the distribution (this is different for
Ubuntu and Debian as the Ubuntu packages are based
Hi Marco,
> [ENC] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
> [IKE] received AUTHENTICATION_FAILED notify error
The other end sends that notify back because it couldn't authenticate
the initiator, so check the log there.
Regards,
Tobias
Hi Darren,
>>> Just noting that https://download.strongswan.org/osx/ shows no current
>>> Mac native app builds. It's not mentioned at
>>> https://wiki.strongswan.org/projects/strongswan/wiki/MacOSX so I'm
>>> curious if these builds are no longer being done.
>>
>> See [1].
>
> Thanks! Would a su
Hi Marian,
> recent versions of NetworkManager-strongswan plugin cannot parse DNS
> settings correctly.
That's a known issue and it's not related to the plugin but the
charon-nm backend (i.e. the fix is on top of strongSwan 5.6.2, not the
NM plugin 1.4.x). See [1], and [2] for the fix (Debian's
On Thu, May 3, 2018 at 2:03 AM, Tobias Brunner wrote:
> > Just noting that https://download.strongswan.org/osx/ shows no current
> > Mac native app builds. It's not mentioned at
> > https://wiki.strongswan.org/projects/strongswan/wiki/MacOSX so I'm
> > curious if these builds are no longer being d
> mobike = no
> By the way I don't understand why strongswan is
> sending packets to 4500/udp.
Ok I found that "mobike = no" change the swap to the 4500/udp
However, I don't understand why the psk authentication is failing.
--On Friday, May 04, 2018 07:55:11 AM +0100 Christian Salway
wrote:
not sure if it was a bad copy paste but you need a space after
-PassThru
Set-VPNConnectionIPsecConfiguration -ConnectionName "my-vpn"
-AuthenticationTransformConstants SHA256128 -CipherTransformConstants
AES256 -Encryption
Dear Admins!
Please help. Can't make work routing. I have net scheme:
IPSEC Client 1 <--> IPSEC Server <--> IPSEC Client 2
IPSEC IPs of computers:
Server: 10.1.1.1
Client 1: 10.1.2.1
Client 2: 10.1.3.1
I can ping 10.1.3.1 from 10.1.2.1, traffic goes through 10.1.1.1. It works.
I need to make "C
Hi all,
recent versions of NetworkManager-strongswan plugin cannot parse DNS
settings correctly.
--
Detailed description of the bug
I upgraded two of my work computers:
from Ubuntu 17.10 to Ubuntu 18.04
and
from Fedora 27 to F
Thanks to Dirk Hartmann and his scripting idea, The simplest way to add a VPN
connection to Windows 10 that includes the routing to the internal IP, is by
running the following commands in PowerShell commands. This also enables
strong ciphers (MODP2048)
This is for a username/password VPN ava
Wow !
You are right. I opened the file in a text editor now and I saw the
entire folder (or whatever they call this branch in the windoze world).
Thanks for the warning. I didn't know windows could be that stupid when
I explicitly clicked on only one key.
On 2018-05-04 18:43, Christian Salw
20 matches
Mail list logo