ow i should start .
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapper
v2 ? If yes, how will the strongswan specifc
> server settings(like ipsec.conf) needs to be taken care on other vendor
> IPSec servers.
>
> Thanks in advance
> Deepika
>
> --
> If you think you can or if you think you can't, you are right.
> -Henry Ford
======
hing else changed on my setup during this time, which prompted me to
> ask if there was a change that could cause this drop in performance.
>
>
> Much Thanks
> Morgan Yang
==========
Andreas Steffen
; Much Thanks
> Morgan Yang
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
C
gt;
> Thanks & Best Regards,
>
> Mo
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologie
s strongswan support type=passthrough with IKEv2?
> Also, what about the additional routes? How can I create them when
> establishing the vpn connection?
>
> I hope my efforts will help someone else because there isn't much
> documentation on the net.
>
> Cheers,
> Niccolò Belli
>
not match xmac".
> is there any 3gpp plugin for strongswan?
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Interne
n
--
- Added session resumption support to the strongSwan TLS stack.
Please report any issues with the new release!
Best regards
Tobias Brunner, Andreas Steffen, Martin Willi
The strongSwan Team
can just remove
>> that configure option from the debian/rules file.
>
> Thank you. I'll study the options more carefully.
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan -
---
- Added session resumption support to the strongSwan TLS stack.
Please test the release candidate and give us a feedback. ETA for
the stable release is February 20 2012.
Best regards
Andreas
==
Andreas Steffen
tion might be useful in general
> for my intended setup? Nothing popped as being relevant. None of the
> UML test scenarios are filed under IKEv1 & IKEv2 together
==========
Andreas Steffen andreas.stef...@
ave to manually
> kill the process in order to start it again? At least these are the
> behaviors I see on my machines. Please let me know if this is as expected.
>
> Thanks and regards,
> Meera
==
Andreas Steffen
et of encryption/authentication
> keys for user packets) should last, from successful negotiation to
> expiry". So is this also for phase 1?
> In that case, what paramater should I use to re-negotiate phase 2?
> Sorry if these questions seem silly :(
>
> Thanks and regards,
&
Alcatel, CN=CMS"
>
> authentication of 'O=Alcatel, CN=123456.CMS1' (myself) with RSA
> signature successful
>
> sending end entity cert "O=Alcatel, CN=123456.CMS1"
>
> sending issuer cert "O=Alcatel, CN=CMS1"
>
> establishing CHILD_SA 3
t is
> already enabled by default?'
>
> -Original Message-
> From: Andreas Steffen [mailto:andreas.stef...@strongswan.org]
> Sent: jeudi 24 novembre 2011 12:51
> To: ABULIUS, MUGUR (MUGUR)
> Cc: users@lists.strongswan.org; SCARAZZINI, FABRICE (FABRICE); Pisano,
>
s
On 09.01.2012 12:05, Stefan Malte Schumacher wrote:
> 2012/1/9 Andreas Steffen :
>> Hello Stefan,
>>
>> could it be that you are using an older strongSwan version where
>> the ipsec pki commands do not support PEM format output yet, even
>> though the --outfor
ork when self-signing the CA certificate or
> issuing certificates for the peers. Am I missing something or are
> certificates
> generated from pem-keys automatically in the same format?
>
> Yours
> Stefan
==========
the certificate of CA1 to be
> used by strongSwan for CRL validation.
>
The CA certificates to be used for CRL validation must either be
stored in /etc/ipsec.d/cacerts or can be defined together with
additional CDPs in a ca section in ipsec.conf.
> Thank you
the system with pcsc daemon.
> Please suggest if I'm missing something here.
>
>
> Thanks
> Deepika
>
> --
> If you think you can or if you think you can't, you are right.
> -Henry Ford
==
uot; despite the fact that the
> deimosKey.der is containted in the current working directory. What am
> I doing wrong?
>
> Sincerely
> Stefan Malte Schumacher
==
Andreas Steffen and
D 0
> sending packet: from 192.168.1.105[500] to 192.168.1.100[500]
> retransmit 4 of request with message ID 0
> sending packet: from 192.168.1.105[500] to 192.168.1.100[500]
==========
Andreas Steffen
28gcm128!
>
> * 192 bit security
> ike=aes256-sha384-ecp384!
> esp=aes256gcm16!
>
> Regards
>
> Andreas
>
>
> -Original Message-
> From: Andreas Steffen [mailto:andreas.stef...@strongswan.org]
> Sent: Thursday, January 05, 2012 4:39 PM
> To:
> # right=192.168.0.2
> # rightsubnet=10.2.0.0/16
> # rightid="C=CH, O=Linux strongSwan CN=peer name"
> # keyexchange=ikev2
> # auto=start
>
> conn %default
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> k
Just something came to my mind:
Did you define an elliptic curve Diffie-Hellman group,
e.g. ecp256? If yes then you must load the openssl plugin
both on moon and carol which gives you ECC support.
Regards
Andreas
On 05.01.2012 06:00, Andreas Steffen wrote:
> Hello Anil,
>
> something
haron.pid exists) -- skipping
> charon start
> starter is already running (/var/run/starter.pid exists) -- no fork done
> ~$ sleep 1
> ~$ sudo ipsec up home
> initiating IKE_SA home[1] to 192.168.1.100
> configured DH group MODP_NONE not supported
> tried to check-in a
w{2}: INSTALLED, TUNNEL, ESP in UDP SPIs: c98b3206_i 0c27f19c_o
> rw{2}: 10.2.0.0/24 === 10.3.0.0/24
>
> i ping the ip 10.3.0.1, wich is the ip of the other side, and nothing
> happens, where should i go after establishing the connection?
======
ect to socket failed: Permission denied
>
> Anil
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Appl
Only if you use a GRE or L2TP tunnel within the IPsec tunnel.
Regards
Andreas
On 02.01.2012 14:53, nima chavooshi wrote:
> Hi
> Is it possible that I forward layer 2 packet in ipsec tunnel??
>
> Thanks in advance
======
correct or wrong.
>
> Thanks and regards,
> Meera
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University o
0 <http://0.0.0.0/0> dst 0.0.0.0/0 <http://0.0.0.0/0>
> dir 4 priority 0
> src 0.0.0.0/0 <http://0.0.0.0/0> dst 0.0.0.0/0 <http://0.0.0.0/0>
> dir 3 priority 0
> # ip xfrm state
> #
> # iptables -nvL
> Chain INPUT (policy
> SA not found (maybe expired)
> .
> Dec 25 21:19:34 2011 VPN Log ignoring Delete SA payload: IPSEC
> SA not found (maybe expired)
>
> Please help me - I've stuck :(
> Thanks
>
==
Andreas Steffen
ntitcy certificates is to define additional CDPs in ipsec.conf
in a special ca section.
>
> Regards Mugur
Regards
Andreas
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux
gin. Does
> anyone have it? Is it available somewere?
>
> Thanks everyone,
>
> Lorenzo
>
> [1] http://www.mail-archive.com/users@lists.strongswan.org/msg03594.html
==========
Andreas Steffen and
rundschutz-Kataloge" chapter M 5.149.
> Are there similar values or fix default values in strongSwan ?
>
> Regards
>
> Rainer
>
>> -Ursprüngliche Nachricht-
>> Von: Andreas Steffen [mailto:andreas.stef...@strongswan.org]
>> Gesendet: Montag, 28. November
oon charon: 15[KNL] adding policy 10.3.19.0/24 ===
> 0.0.0.0/0 in
> Nov 28 11:18:06 moon charon: 15[KNL] policy 10.3.19.0/24 === 0.0.0.0/0
> fwd already exists, increasing refcount
> Nov 28 11:18:06 moon charon: 15[KNL] adding policy 10.3.19.0/24 ===
> 0.0.0.0/0 fwd
> Nov 28
son for this ?
>
> What are the configuration options in strongSwan for these timeout values ?
>
> Regards
>
> Rainer
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linu
lt; /etc/ipsec.d/crls> directory
> when started ?
> Best Regards
> Mugur
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongs
n uri and the
> corresponding
> CRL can be fetched from CDP.
> Thank you
> Mugur
>
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.
> Best Regards
> Mugur
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied
ntu1-OptiPlex-160L charon: 04[JOB] deleting half open
> IKE_SA after timeout
>
> Nov 22 13:32:38 ubuntu1-OptiPlex-160L charon: 04[MGR] checkin and
> destroy IKE_SA (unnamed)[4]
>
> Nov 22 13:32:38 ubuntu1-OptiPlex-160L charon: 04[IKE] IKE_SA
> (unnamed)[4] state change: CONNECTING
ass2"
> 22.19.53.13 %any : PSK "pass3"
>
> I seems that stronSwan only uses the first match when decoding the packet.
>
> Is there any workaround to use different PSKs for the road warriors?
>
>
> Thanks
> Klaus
>
> MOON
>
> ---
>
> # ipsec.conf - strongSwan IPsec configuration file
>
> # basic configuration
>
> config setup
>
> plutostart=no
>
> strictcrlpolicy=no
>
> conn %default
>
> ikelifetime=60m
>
> keylife=20m
>
> rekeymargin=3m
>
> keyingtries=1
>
> keyexchange
t; IKE_SA android[2] established between
> 192.168.1.2[192.168.1.2]...192.168.1.154[192.168.1.154]
> scheduling reauthentication in 3362s
> maximum IKE_SA lifetime 3542s
>
> I noticed that it doesn't request for virtual ip as it asked when I used
> the front-end related chan
est 1 [ IDi
> N(INIT_CONTACT) CERTREQ IDr CP(DNS) SA TSi TSr N(MOBIKE_SUP)
> N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
> I/charon ( 469): 15[NET] sending packet: from 192.168.1.2[4500] to
> 192.168.1.154[4500]
> I/charon ( 469): 03[NET] received packet: from 192.168.1.154[4500] to
> So unless you have a way to make StrongSwan support an interface for
> tunnelled traffic, I will have to concentrate on getting Openswan going
> on OpenWRT 10.03.1.
>
> Thanks for your effort,
> Luep Christoph
===
> the Android certificate store as described on the page you quoted. Then
> use this CA to issue a certificate for the gateway you want to test against.
>
> With 4.6.1 you now have also the option to build starter and stroke
> which allows you to use an ipsec.conf based configurati
s @ 0xbfcb9d58
> 0: 00 00 00 50 00 14 00 05 00 00 00 D3 00 00 20 41 ...P.. A
> 16: 32 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 2...
> 32: 3C 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 <...
> 48: 00 00 00 00 00 00 00 00 00 02 18 18 00 00 00
a time. Please
> correct me if this is wrong.
> Thanks,
> Meera
> On Tue, Nov 15, 2011 at 11:07 AM, Andreas Steffen
> mailto:andreas.stef...@strongswan.org>>
> wrote:
>
> Hello,
>
> you define only mark 10 but not mark 20. No traffic will go through
>
ump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes
> 01:07:43.492130 IP 169.254.0.70 > 169.254.1.70 <http://169.254.1.70>:
> ICMP echo request, id 27015, seq 1, length 64
> 01:07:43.492162 I
tached caKey.der.
> Please help.
>
> Regards,
> Anand
>
>
> - Original Message -
> From: Andreas Steffen
> To: anand rao
> Cc: "users@lists.strongswan.org"
> Sent: Friday, November 11, 2011 6:29 PM
> Subject: Re: [strongSwan] strong
/24 to the connection.
I still have a question about removing rightid=%any
Thanks again for all your help.
Matt Hymowitz, CISSP
Manager
GMP Networks, LLC
520 577-3891
From: Matthew F. Hymowitz
Sent: Tuesday, November 08, 2011 6:00 PM
To: Andreas Steffen
find the caKey.der attached. It was unreadable using cat command.
>
> Regards
> Anand
>
>
>
> - Original Message -
> From: Andreas Steffen
> To: anand rao
> Cc: "users@lists.strongswan.org"
> Sent: Friday, November 11, 2011 5:39 PM
> Subje
eason(13):NA:0:
>
>
> BR's
> Anand
>
>
> - Original Message -
> From: Andreas Steffen
> To: anand rao
> Cc: "users@lists.strongswan.org"
> Sent: Thursday, November 10, 2011 7:28 PM
> Subject: Re: [strongSwan] strongswan pki command error
>
> Hi A
3Wq
/>/rvYTM/PCJ+K0/Mbisihoi295yGXU074kzXhdVevpN8SarVHz2ktyjea5qPwFRySF
/>/089q6wJBAMf6ykuv9cmTTdv5HgiX3g2nO4fq1XyuHw52C2+KYhkyuViqFkAnGREy
/>/YubHsk0UsbYwSkaYTlXzH2PliBMjlvsCQBsWtcALQrb9lU/mR2ylrZrzYG8PHbrz
/>/XaIIb/4nomEmpY2hZwUyQ3gz+9rl+hBJCuesmKC8JA8O00+x3AOUU4cCQQCSn5WN
/>/Na04DmDpN
ormat, discarded
building CRED_PRIVATE_KEY - RSA failed, tried 6 builders
parsing private key failed
I have used the default load so all the plugins are loaded. Please help.
Thanks,
Anand
==========
Andreas Steffen
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH
tication of '10.0.0.90' (myself) with EAP
> Nov 8 %f 12[ENC] generating IKE_AUTH request 5 [ AUTH ]
> Nov 8 %f 12[NET] sending packet: from 10.0.0.90[4500] to 66.238.30.124[4500]
> Nov 8 %f 10[IKE] retransmit 1 of request with message ID 5
> Nov 8 %f 10[NET] sending packet: from 10.0.0.90[4500] to
gt; Matt Hymowitz, CISSP
> Manager
> GMP Networks, LLC
> 520 577-3891
======
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applicat
The IKEv1 pluto daemon and the starter process including the
> stroke and whack interfaces have been ported to Android."
>
> Does this mean that it is possible to use the ipsec.config file rather
> than the frontend?
>
> Federico
========
support expected for the 4.6.1 release.
For details consult the following link:
http://www.strongswan.org/uml/pts/
Best regards
Andreas Steffen, Tobias Brunner, Martin Willi
The strongSwan team
==
Andreas Steffen
> --
> Sridevi
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applie
there any document apart from Above link which can be
> refered for
> > Strongswan HA?
>
> No, the Wiki page is currently all we have.
>
> Regards
> Martin
==
Andreas Ste
}
> }
> }
>
> By setting FreeRADIUS to debug mode I found that the user name
> Strongswan passed to FreeRADIUS was incorrect (some gibberish), so I
> guess it's a secret code problem but I'm 100% sure the secret code is
> correct. Also I've tried changing it
>
> AES_CBC_128/DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536
>
> Is there any way to have charon accept WR44's proposal?
>
>
> Thank you
==
Andreas Steffen andreas.stef...@s
t; established with SPIs c3186b2f_i c0ed2141_o and TS 107.108.204.245/32
> === 107.108.204.246/32
>
> Oct 17 15:38:19 infba02071 charon: 08[ENC] generating IKE_AUTH response
> 1 [ IDr AUTH SA TSi TSr N(AUTH_LFT) ]
>
> Oct 17 15:38:19 infba02071 charon: 08[NET] sending pack
rongswan.org/)
> but i can not use it. because i don't know how to config it and how find
> host name or ip and ect
> please help me
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwa
aron: 11[IKE] peer supports MOBIKE
> Oct 13 18:03:03 tkh-fw charon: 11[IKE] no private key found for 'C=NZ,
> ST=N/A, O=XX.net.nz, CN=fw-1, E=n...@xx.net.nz'
> Oct 13 18:03:03 tkh-fw charon: 11[ENC] generating IKE_AUTH response 1 [
> N(AUTH_FAILED) ]
> Oct 13 1
would work around the issue anyway :-)
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rappers
net to net secure
> connection in StrongSwan?
>
> Thanks in advance
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for
more reliable? and which one do I use?
>
> Thanks in advance
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for I
for any help or guidance
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sci
quot;,
> "subjectAltName", "subject DN" field on X509 certification?
> According to your told, I should define lefid at least, is that true ?
>
> Thanks in advance for any help or guidance
>
> On Sun, Sep 25, 2011 at 2:16 PM, Andreas Steffen
> mailto:and
ed values I derive from certificates. May
> give me more information about possible values that I can set for these
> parameters?
> If I do not want use leftid or rightid, what option do I set instead of
> them?
>
> Thank in advance
===
10.2.2.2
> Connections:
> Security Associations:
> none
>
> Is this a known issue of StrongSwan or it just work as design?
>
> Thank you!
>
>
>
> ___
> Users mailing list
> Users@lists.strongswan.org
>
change
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of A
IKE_CERT_PRE
> IKE_AUTHENTICATE IKE_CERT_POST IKE_CONFIG CHILD_CREATE IKE_AUTH_LIFETIME
> IKE_MOBIKE
>
>
>
> *
>
> /usr/sbin/ipsec up host-host
>
> retransmit 4 of request with message ID 0
>
> sending packet: from 107.10
aversal: Result using RFC 3947: both are NATed Jun 26 14:30:04 demo-
>> master pluto[21962]: "v_IPSec_Server_f__r_XAUTH__richter"[1]
>> 80.153.148.144:4500 #624: Peer ID is ID_DER_ASN1_DN: 'DC=de, DC=demo,
>> OU=Benutzer, OU=Ecos, CN=richter'
>> Jun 26 14:30:04 demo-mas
>> Mon Sep 12 16:08:57 2011 : IPSec connection failed
>>
>>
>> On the Debian IPSec server in /var/log/pluto.log
>> added connection description "L2TP"
>> ...
>> packet from 96.57.xxx.xx:500: initial Main Mode message received on
>> 72.14.xxx.xx:500 but
n each end-point, I'll need two keys/certs as well.
> Could you please help me understand this better?
> Thanks and regards,
> Meera
>
==========
Andreas Steffen andreas.stef...@strongswan.org
str
ws tunnel1{3} and tunnel2{4}, while end-point 2 shows
> only tunnel1 with either {3} or {4}. Could you please tell me why it
> does not show tunnel2? Also, this varies from time to time. Sometimes
> the numbers in flower brackets are different, and sometimes they are the
> same.
&g
conduct this traffic on "ipsec" tunnel, how amount of
> performance will be decreased? maybe 200MG or more.
> anyhow, encapsulation of packets has some overhead on performance.
>
> Thanks in advance
>
> On Tue, Aug 30, 2011 at 1:42 PM, Andreas Steffen
> mail
roject.
> How bandwidth can StrongSwan handle?in fact I want to know maximum
> bandwidth that strongswan can handle.
>
> Thanks in advance
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSw
dled locally (it's usually
> an arbitrary /24 or /22, and there's no way to know what it will be.
>
> On 8/24/2011 9:16 PM, Andreas Steffen wrote:
>> Hello,
>>
>> you can do this with strongswan-4.5.3 by defining a pass shunt policy
>> for the local net as
to
> 9.10.109.43[4500]
> Aug 25 20:45:00 09[ENC] parsing body of message, first payload is ENCRYPTED
> Aug 25 20:45:00 09[ENC] starting parsing a ENCRYPTED payload
> Aug 25 20:45:00 09[ENC] parsing ENCRYPTED payload, 48 bytes left
> Aug 25 20:45:00 09[ENC] parsing ENCRYPTED payload finished
> Aug 25 20:45:00 09[ENC] veri
IKE_SA_INIT response with message ID 0 processing failed
>> 12[IKE] retransmit 1 of request with message ID 0
>> 12[NET] sending packet: from 10.19.61.67[500] to 10.19.61.35[500]
>> 13[NET] received packet: from 10.19.61.35[500] to 10.19.61.67[500]
>> 13[ENC] payload of ty
ponse with message ID 0 processing failed
> 14[NET] received packet: from 10.19.61.35[500] to 10.19.61.67[500]
> 14[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
> 14[IKE] 10.19.61.35 is initiating an IKE_SA
> 14[IKE] no acceptable proposal found
>
> T
t from numerous networks, and would like to be able to browse the
> local network with all traffic beyond the current subnet being sent
> along the VPN.
==========
Andreas Steffen andreas.stef...@strongswan
ay2" #1: unable to locate my
> private key for signature
>
> Aug 24 15:03:40 vc2_TPC1 pluto[8747]: "kay2" #1: sending encrypted
> notification AUTHENTICATION_FAILED to 169.254.0.70:500
>
> Aug 24 15:03:40 vc2_TPC1 pluto[8747]: | state transition function for
> STATE_MAIN_I
rinting out this error
>
> Thanks for your help
>
> Nan
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
Un
ment ??
> Also Please note that this Traffic not to be allowed once the Tunnel
> went down.
>
>
>
> Looking forward for the reply!!!
>
> -Best Regards,
> VKS.
>
>
>
> *Andreas Steffen *
>
> 08/23/2011 01:39 AM
>
>
> To
>
>
>
>
> Starting strongSwan 4.3.2 IPsec [starter]...
>
> pluto is already running (/var/run/pluto.pid exists) -- skipping pluto start
>
> charon is already running (/var/run/charon.pid exists) -- skipping
> charon start
>
> starter is already running (/var
(strongSwan 4.5.0)
> 00[LIB] plugin 'md4' failed to load:
> /usr/libexec/ipsec/plugins/libstrongswan-md4.so: cannot open shared
> object file: No such file or directory
>
> What am I doing wrong?
>
> Thanks & Regards,
> Matt
=
know that charon only support IKE2.
>
> Thanks for more help.
>
> On Tue, Aug 23, 2011 at 12:42 AM, Andreas Steffen
> wrote:
>> Hello,
>>
>> yes this is possible. Just have a look at the collection of our
>> example scenarios:
>>
>> http://www.strong
IPsec policy based rules are installed with the standard _updown
script which is activated with the ipsec.conf parameter
leftfirewall=yes
Regards
Andreas
On 08/22/2011 05:05 PM, kvunn...@rockwellcollins.com wrote:
>
> Hi Guys,
> we have a requirement related to IPSEC-Policy-based Firewall R
ngswan-ikev1:
>
> Installed: 4.5.2-1.1
>
> Candidate: 4.5.2-1.1
>
> Version table:
>
> *** 4.5.2-1.1 0
>
> 100 /var/lib/dpkg/status
>
> We assume that IKEv1 is already installed from the above status.
>
> Can you let us know of any other way to checkifIKEv1is suppo
; validity: not before Jan 01 01:09:24 2000, ok
> not after Dec 31 01:09:24 2000, ok
> pubkey:RSA 2048 bits, has private key
> keyid: 30:b5:05:c2:27:13:46:d5:61:fe:fa:a7:4b:c7:ea:be:1b:cd:b2:07
> subjkey: 5a:d7:fb:ea:55:1f:d3:82:c4:51:48:8e:cc:4b:d3:55
;
>
>
>
>
>
>
>
>
> ___
> Users mailing list
> Users@lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
--
==
Andreas Steffen
still actively maintaining KLIPS..
> (in some cases it's easier to use KLIPS for easier debugging/tcpdumping etc)
>
> Thanks,
>
> -- Pasi
==========
Andreas Steffen andreas.stef...@strong
re. And of course we would welcome it if
you would contribute your enhanced toolkit back to the strongSwan
project or host it somewhere yourself.
>
> Riaan
>
Best regards
Andreas
==========
Andreas Steffen
blished
> Aug 08 23:45:14 [pluto] "christchurch" #3: max number of retransmissions (2)
> reached STATE_MAIN_I3. Possible authentication failure: no acceptable
> response to our first encrypted message
>
>
> So, I'm scratching my head here.
>
> Any one have any cl
501 - 600 of 1348 matches
Mail list logo