Re: [strongSwan] Davici parsing of terminating an IKE connection
Thanks a lot.. Rajeev On Tue, Jun 26, 2018 at 8:00 AM, Tobias Brunner wrote: > > Question: Is there way to know when we parse response from Davici that > > which conenction is deleted? If yes what parameter of davici we get > > information? i see reqcb() parse the davici reponse. > > Two things: 1. Requests queued on the same connection are processed > sequentially. 2. You can pass user data when queuing a request that's > later passed to the callback. > > Regards, > Tobias >
Re: [strongSwan] TPM2.0 and ESAPI
Cześć Piotr, I've been aware of the emerging ESAPI which is indeed offering increased security in the communication with the TPM 2.0 and [hopefully] easier session handling but I wanted to wait for the 2.0.0 stable release, which apparently happened 5 days ago. Porting the strongSwan tpm plugin to ESAPI would be made much easier if the tpm2-tools would also adopt the ESAPI session handling, thus offering example code on how the new API is supposed to be used. Pozdrowienia Andreas On 26.06.2018 08:35, Piotr Parus wrote: > Hello! > > From the source code I see that when strongswan uses TPM2.0 chip it > uses TSS System API (SAPI) without sessions. Does the strongswan > maintainers have plans to switch to Enhanced System API (ESAPI) which > enables easier session handling and encrypting transmission on the wire > to the TPM chip? > > Best regards, > > Piotr Parus > -- == Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Networked Solutions HSR University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===[INS-HSR]==
Re: [strongSwan] Davici parsing of terminating an IKE connection
> Question: Is there way to know when we parse response from Davici that > which conenction is deleted? If yes what parameter of davici we get > information? i see reqcb() parse the davici reponse. Two things: 1. Requests queued on the same connection are processed sequentially. 2. You can pass user data when queuing a request that's later passed to the callback. Regards, Tobias
[strongSwan] Davici parsing of terminating an IKE connection
Scenario: Strongswan has established multiple IKE connections with different peers. Lets say we have three different connections. Out of those we plan to delete two connections via initiating using davici terminate command. Question: Is there way to know when we parse response from Davici that which conenction is deleted? If yes what parameter of davici we get information? i see reqcb() parse the davici reponse. Thanks, Rajeev
Re: [strongSwan] Stronswan to ignore IKE-SA-INIT response from a bogus IPv6 address
Hi Tobias, Which parameter to configure the specific remote IP address for a connection, so that we can reject the messages from any other IP address? I am assuming we are talking about one of parameter in swanctl.conf. If we are talking about connections..remote_addrs.. I did configure remote_addrs, that does not help in Stronswan to ignore IKE-SA-INIT response from a bogus IPv6 address. Is iptables only way to stop it. Thanks, Rajeev On Wed, May 23, 2018 at 3:42 AM, Tobias Brunner wrote: > Hi Rajeev, > > > I would > > imagine it should be rejected. > > Why? Unless you configure specific remote IP addresses for a connection > there is no reason to reject messages from any IPs. > > Regards, > Tobias >