2011-02-10 20:32:07
stats:
replay-window 0 replay 0 failed 0
Pozdrowiena
Andreas
On 05.05.2011 12:10, Kamil Jońca wrote:
>
> How can I check if compression directive works?
> KJ
======
Andrea
On 05/05/2011 03:02 PM, Kamil Jońca wrote:
> Andreas Steffen
> writes:
>
> --8<---cut here---start->8---
>>
>> src 192.168.0.1 dst 192.168.0.100
>> proto comp spi 0xbdf9(48633) reqid 1(0x0001) mode tunnel
&g
; http://wiki.strongswan.org/projects/strongswan/wiki/Win7Config
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Techno
gt;
> config setup
> plutodebug=control
> charonstart=no
>
> conn %default
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> keyingtries=1
> keyexchange=ikev1
> authby=secret
>
> conn pskv1
> left=172.16.18.202
> leftfirewall=yes
&g
__
> Users mailing list
> Users@lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN S
TREQ IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR)
> N(MULT_AUTH) N(EAP_ONLY) ]
> May 9 23:11:26 vc2 charon: 15[NET] sending packet: from
> 10.58.113.118[4500] to 10.58.113.37[4500]
> May 9 23:11:30 vc2 charon: 09[IKE] retransmit 1 of request with message
> ID 1
> May 9 23:11
in about 10 days.
Kind regards
Andreas
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
Univ
> URL:http://www.visec.info
> |-|
======
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - th
all.
> Do you have any idea what can be wrong?
> Thanks,
> Regards,
> Pavel Arnost
>
>
>
> ___
> Users mailing list
> Users@lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
--
7.96.15).
>
> eth1 is external interface and eth0 is internal interface with IP
> 172.24.26.65 assigned:
>
> 2: eth0: mtu 1500 qdisc pfifo_fast qlen
> 1000
> link/ether 00:18:fe:32:56:08 brd ff:ff:ff:ff:ff:ff
> inet 192.168.0.1/24 brd 192.168.0.255 scope global eth0
> inet 172.24.26.65/26 brd 172.24.26.1
additional routes for the payload
traffic?
Andreas
On 05/10/2011 03:07 PM, Pavel Arnošt wrote:
> It looks like that there are zeroes everywhere.
>
> --
> From: "Andreas Steffen"
> Sent: Tuesday, May 10, 2011 2:50 PM
> To: &quo
ng Client Bob.
> Using a network sniffer I am able to see that Moon’s pings are being
> encapsulated, and Alice’s pings are being NATed but not encapsulated.
>
>
>
> Any suggestions?
>
>
>
> Thank you,
>
> Mark
=
#
> ike=3des-md5-modp1024!
> esp=3des-md5!
> ikelifetime=86400
> pfs=no
>
> Can you help me to understand what happens?
> (Omitting the strict !s from the config doesn't help.)
> Regards
> Zoltan
>
>
bytes, 133s ago) esp.f0adaa0a@...125 (764 bytes, 132s ago); tunnel
> 000 #1: "vtest" STATE_MAIN_R3 (sent MR3, ISAKMP SA established)
>
> Maybe this asymmetric working comes from some unusual
> setting of the Cisco, and I won't be able to eliminate it
> without their coo
as the following, without to set reauth=no.
>
> 1. IKE_SA_INIT
> 2. IKE_SA_INIT
> 3. IKE_AUTH
> 4. IKE_AUTH
> 5. INFORMATIONAL (deleting IKE_SA)
> 6. INFORMATIONAL (deleting IKE_SA confirm)
=======
y.z.t/a
>
>
>
> Do strongswan-4.2.8 have support it? In other way, does IP range is
> supported by strongswan? If not, then the IP range is in your plan?
>
>
>
> Thanks!
>
>
>
>
>
> Brian
>
--
certificates with an expiry date that far in
> the future on amd64?
>
> Thanks,
> Niels
======
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.st
gt; I hope anybody can help me out or lead me in the right direction.
>
> Thank you in advance,
>
> Stefan
>
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Ins
this possible though a custom _updown script?
>
>
>
> Thank you,
>
> Mark Marwil
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!
s always one initiator for
>> each connection.
>>
>
> ___________
> Users mailing list
> Users@lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
--
==
Andreas Steffen
psec.conf. the other
>> hosts' ipsec.conf is equivalent. there is always one initiator for
>> each connection.
>>
>
> ___________
> Users mailing list
> Users@lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
|
> |+---+ |
> | EAP-Response/SIM/Challenge (AT_MAC) |
> |->|
> | |
> | EAP-Success |
> |<
/wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites
Best regards
Andreas Steffen, Martin Willi, Tobias Brunner
The strongSwan Team
==========
Andreas Steffen andreas.stef...@stron
gt;
> When I run ipsec statusall dns1 gets to STATE_MAIN_I4 (ISAKMP SA
> ESTABLISHED) but the other ones doesn't seem to do anything.
> The DNS-traffic still goes out unencrypted.
>
> How can I replicate the ACL perfectly with strongswan?
>
> Mvh
>
> Hans-
efinitions are sufficients since the IPsec Policies
are set up pairwise in the kernel (both inbound and outbound).
> Regards,
> Hans-Kristian Bakke
>
>
>
>
> On Mon, May 30, 2011 at 09:17, Andreas Steffen
> wrote:
>> Hello Hans-Kristian,
>>
>> first I re
mobike=no/
>
> /ike=3des-sha1-md5-modp1024!/
>
> /esp=aes128-3des-sha1-md5!/
>
> /conn net-net/
>
> /authby=secret/
>
> / left=200.200.200.10/
>
> /leftsubnet=192.168.1.0/24/
>
> /leftfirewall
0.200.200.20...200.200.200.10
> net-ne.t: loc al: [200.200.200.20] uses pre-shared keey
> authenticationy
> remote: [200.2 00.200.1:0] uses 0any authentication
> net-net: child: 192.:168.2.0/24 === 192.168.12.0/24
> Security Associations:
> None
>
> Rega
12:21+02:00 alfa charon: 16[CFG] looking for peer configs
> matching 192.168.200.200[%any]...80.50.55.206[C=PL, ST=Mazowieckie,
> O=kjonca.kjonca, OU=ipsec, CN=host/bambus@KJONCA]
> 2011-06-08T13:12:21+02:00 alfa charon: 16[CFG] no matching peer config found
> 2011-06-08
06/08/2011 02:15 PM, Kamil Jońca wrote:
> Andreas Steffen
> writes:
>
>> Czesc Kamil,
>>
>> strongSwan uses ',' and '/' as reserved characters to separate
>> Relative Distinguished Names in an X.509 Distinguished Name.
>> Therefore CN=h
be a scenario where in single policy have multiple SA's
> and one of the SA might be active while rest inactive but the DPD won't
> be triggered for inactive SA's as the policy use_time will keep on updating.
>
> Regards,
> Malik
--
=
serted!
>
> Thanks in advance
>
>
> --
> N.Chavoshi
>
> ___
> Users mailing list
> Users@lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
--
========
Oops, the correct syntax is
./configure --with-routing-table= \
[ --with-routing-table-number= ]
Andreas
On 10.06.2011 20:55, Andreas Steffen wrote:
> Hello,
>
> for IKEv1 and IKEv2 you can define the actual routing table
> and additionally the table priority du
nd.
>
> Regards,
> Sandeep Malik
>
> On Fri, Jun 10, 2011 at 3:40 PM, Andreas Steffen
> mailto:andreas.stef...@strongswan.org>>
> wrote:
>
> Hello Malik,
>
> we are using policy_use_time, because the state_use_time gets set
> only once when
lto:esp.d798a9b8@10.46.155.153> included
> errno 3: No such process
> "conn65535" #3: max number of retransmissions (2) reached STATE_QUICK_R1
> "conn65535" #3: ERROR: netlink response for Del SA
> esp.bb700eae@10.46.155.153 <mailto:e
on the number of CHILD SAs that can be
> created under a single IKE SA/Tunnel. If yes. Then what is the Max Number
> Thanks and Regards
> Sajal
======
Andreas Steffen andreas.stef...@strongswan.org
s
ftrsasigkey=/home/some1/ssl/pki/elronde.key
>>leftsourceip=%config
>> right=21.12.5.22
>>rightid=vpn.domain.tld
>>rightsubnet=172.20.0.0/23
>>auto=add
>>
>> when I type sudo ipsec up strongswan, connection seems to come u
tual IP
>
> How comes it is different?
>
If moon's certificate is signed by a CA then you don't have to
import moon's cert via rightcert=. Just copy the CA certificate
into /etc/ipsec.d/cacerts and trust will be established into
moon.
Regards
Andreas
=
bles and iproute... Unfortunately it
> doesn't... well at least it doesn't with my config.
>
> Did I missunderstood this options?
==
Andreas Steffen andreas.stef...@strongswan.org
strongSw
get
> encrypted.
>
> Any suggestions?
>
> Thanks,
> Clifton
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Instit
at and mangle table as well as the
> filter table.
>
> Thanks
> -Daniel
======
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and App
t;
>
> Should be better... hopefully.
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences
06/15/2011 09:29 AM, Johannes Hubertz wrote:
Hallo zusammen,
On Wednesday 15 June 2011 08:59:52 Andreas Steffen wrote:
iptables-save shows all the rules but unfortunately without
the packet statistics
perhaps this helps?
iptables-save -c
Happy working
Johannes
re. AFAICT, it outputs the nat and mangle table as well as the
> filter table.
>
> Thanks
> -Daniel
======
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!
the policy? or is it mark are not visible with ip xfrm policy ls?
> Is the later is true how can I ensure mark in part of the policy?
>
> Best regards.
>
> P.S: Do you mind if I send my ifupdown sscript for kind of a validation
> from you?
>
> Le 15/06/2011 09:29, An
acket: from
> XX.XX.XX.68[4500] to YY.YY.YY.216[4500]
>
>>From this I'm guessing, that in fact I need a certificate,
> nevertheless. Is it possible to have the strongswan daemon relay the
> username to the freeradius daemon intact?
>
===
this
> work?
>
> Thanks, Clifton
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Appl
What is the preferred way
> to do this? Use iptables, mark the traffic and use tc rules
> that choose based on this mark instead?
>
> Thank you.
>
> --lyle
======
Andreas Steffen
gent xcbc hmac attr kernel-netlink resolve socket-raw stroke updown
> eap-identity eap-aka eap-aka-3gpp2 eap-md5 eap-gtc eap-mschapv2
> Jun 22 14:07:29 gw charon: 00[JOB] spawning 16 worker threads
> Jun 22 14:07:29 gw charon: 09[CFG] received stroke: add connection
>
srtongSwan 4.5.0
>
>
> Thanks a lot for your help
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and
e from ipsec.conf in file mode.
> I've directly set a value in ipsec_updown and it works like i want.
> With IKEv2 on sqlite database, can we configure this variable and does
> it take effect in ipsec_updown script ?
>>
>> Regards
>> Martin
>>
es. Is there a way to set up a net2net with the 2409 public key
> encryption authentication method (where the ID and Nonce in the second and
> third
> ISKAMP (main mode) messages are encrypted) using StrongSwan?
> Thanks
> Emil
=========
t; mutually exclusive are they?
>
>
> Terry Hennessy
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applicatio
s with Cisco routers (e.g. 3640 )
> set up with a crypto isakmp policy of authentication : rsa_enc? Best
> regards Emil
>
> ________ From: Andreas Steffen
> [andreas.stef...@strongswan.org] Sent: Tuesday, June 28, 2011 5:20
> AM To: Salib, Emil H
onnière wrote:
> Hello Andreas
>
> Thanks for all what you do.
> I wait for this.
>
> Regards
> Fabrice
>
> Le 28/06/2011 11:04, Andreas Steffen a écrit :
>> Hello Fabrice,
>>
>> probably today I'm going to release a strongSwan snapshot with
>>
Oops, "install_routes" should of course be set to *no*.
BTW - a shunt can be removed with
ipsec unroute local-net
and added again with
ipsec route local-net
Regards
Andreas
On 06/29/2011 07:43 AM, Andreas Steffen wrote:
> Bonjour Fabrice,
>
> strongswan-4.5.3dr
ecause no connection is known for
> 53.33.152.45/32===192.168.178.3:4500:17/1701...19.24.143.13:19739[10.152.73.157]:17/0===10.152.73.157/32
> Jun 29 21:55:14 adelheid pluto[3943]: "nat-t"[2] 19.24.143.13:19739 #1:
> sending encrypted notification INVALID_ID_INFORMATION to 19.24.143
.education.fr/agriates.crl');
>
> Logs at ipsec listall command execution in log joined file.
>
>
> Is there something wrong ?
>
> Regards,
> Fabrice
>
>
>
> ___
> Users mailing list
> Users@lists.strongswan.org
> https://li
x strongSwan, CN=strongSwan Root CA"
crl is valid: until Jun 13 17:32:37 2011
Regards
Andreas
On 07/07/2011 12:08 PM, Andreas Steffen wrote:
> Hello Fabrice,
>
> I'm testing the certificate_distribution_points table in the
> sql/multi-level-ca scenario, where moon n
@lists.strongswan.org
> Subject: trying to configure strongswan to act like a windows7 client
> Date: Sun, 10 Jul 2011 11:57:57 +0200
>
> Hello,
>
>
> I would like to emulate a windows7 ikev2 client by using strongswan.
> Does anyone have an idea?
>
> Cheers,
l 2011 12:32:42 +0200
>>
>> Hi Olivier,
>>
>> > authentication of 'CN=10.1.1.254, OU=TAC, O=Cisco, C=BE' with EAP
> successful
>> > constraint check failed: identity 'C=BE, O=CISCO, OU=TAC,
> CN=10.1.1.254' required
>>
>>
send such packets to?
>
> > mark_in=11
> > mark_out=10
>
> Using the same mark for in and out is probably simpler, you can set both
> marks by using:
>
> mark=10
>
> Regards
> Martin
>
>
>
>
>
> _
gt;
> Also is there any dependency on the kernel version for the
> support. Right now I have the kernel version 2.6.35
>
> Regards
> Arnab
==
Andreas Steffen
y an IP address in the
> range, or similar, and I'm at a complete loss how to accomplish this now.
> 3) this is somewhat less. there's no way to specify a certificate
> attribute as hostname or other, anything except the "ikev2 identity"
> can't be pa
, so I can't specify an IP address in the
>>> range, or similar, and I'm at a complete loss how to accomplish this
>>> now.
>>> 3) this is somewhat less. there's no way to specify a certificate
>>> attribute as hostname or other, anything except the "ik
166/
>
> / leftcert=/etc/ipsec.d/certs/hostB.pem/
>
> / right=172.19.2.101/
>
> / rightsubnet=0.0.0.0/0/
>
> / mark=20/
>
> / auto=add/
>
> / leftid=www.hostB.org/
>
> / rightid=www.hostA.org/
&g
v2/net2net-esn/
Please test the release candidate and give us a feedback.
ETA for the stable 4.5.3 release is end of July.
Kind regards
Andreas
======
Andreas Steffen andreas.stef...@strongswan.org
strongSwan -
.EL and if we disable firewall.
>
> Regards
> Arnab
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
ication = no
> }
>
> Is the above block required in the strongswan.conf file?..
>
>
> Regards
>
> Arnab
======
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the
Swan
> listening only on port 500 (and using port 500 for connections);
> nat_traversal=yes moves the listening port and destination port to 4500.
> This is contrary to what my belief was how NAT Traversal works.
>
> Can you comment please?
>
> Regards,
> Holger
>
C_IKE_INVALID_POLICY)
> [1]04C0.1600::07/21/2011-11:51:50.419 [user]IkeConstructOakQMInitiator
> failed with HRESULT 0x80073625(ERROR_IPSEC_IKE_INVALID_POLICY)
> [1]04C0.1600::07/21/2011-11:51:50.419 [user]IkeConstructQM failed with
> HRESULT 0x80073625(ERROR_IPSEC_IKE_INVALID_POLICY)
> [1]04C0.1600
Hello Thomas,
this NAT-T bug affects IKEv2 only.
Regards
Andreas
On 22.07.2011 09:15, Thomas Jarosch wrote:
> On Thursday, 21. July 2011 15:09:27 Andreas Steffen wrote:
>> Please be aware that a serious NAT-T bug was fixed in strongSwan
>> 4.5.1 and later versions which i
Hello Daniel,
On 22.07.2011 17:56, Daniel Mentz wrote:
> Dear strongSwan team,
>
> thanks for the great work. I have some comments regarding the following
> change:
>
> On 07/19/2011 01:00 AM, Andreas Steffen wrote:
>> PASS and DROP shunt policie
gt; SPI: /ca075713_i /
> /
> /
> I have attached my ipsec.conf file if you may need to have a look. Also
> I have checked the sysctl variables for ip forwarding and enabled the
> ipv4 forwarding for all interfaces.
>
> Can you help whether the previously established CHILD_SA
000 "VPN": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
> rekey_fuzz: 100%; keyingtries: 0
> 000 "VPN": policy: PUBKEY+ENCRYPT+TUNNEL+PFS+UP; prio: 24,32;
> interface: wlan0;
> 000 "VPN": newest ISAKMP SA: #3; newest IPsec SA: #0;
>
gt; I wanted to check if this is an expected behavior or is a bug (known)
> in strongswan.
>
> Thanks,
> Vinay
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!
fe80::215:17ff:fecc:4408 disappeared from eth3
> 05[KNL] interface eth3 deactivated
> 16[IKE] requesting address change using MOBIKE
> 16[ENC] generating INFORMATIONAL request 8 [ N(NO_ADD_ADDR) ]
> 16[IKE] checking path 10.xx.xx.197[4500]
>
>
>
>
> On Thu, Jul 28, 2011 at
tp://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=d7a59f19
> http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=f1c1965d
>
======
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN
in, any ideas?
>
> Regards,
> Tobias
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Scien
11 17:06, Patricia de Noriega wrote:
> How I can bind that interface by means of the ipsec.conf file?
>
> Best regards,
>
> On 29 July 2011 16:51, Andreas Steffen <mailto:andreas.stef...@strongswan.org>> wrote:
>
> Would it help to bind the virtual IP do a dumm
ERNAL_IP4_DNS") in the Configuration payload to my SeGW, but
> strongSwan always includes only one attribute
> ("INTERNAL_IP4_ADDRESS"), any configuration I am missing here? I
> remember strongSwan used to be able to send multiple. I
the Linux kernel
starting with 2.6.39.
http://www.strongswan.org/uml/testresults/ikev2/net2net-esn/
Best regards
Andreas Steffen, Tobias Brunner, Martin Willi
The strongSwan Team
======
Andre
ossible?
>
> Regards, Nerijus
>
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University
blished
> Aug 08 23:45:14 [pluto] "christchurch" #3: max number of retransmissions (2)
> reached STATE_MAIN_I3. Possible authentication failure: no acceptable
> response to our first encrypted message
>
>
> So, I'm scratching my head here.
>
> Any one have any cl
re. And of course we would welcome it if
you would contribute your enhanced toolkit back to the strongSwan
project or host it somewhere yourself.
>
> Riaan
>
Best regards
Andreas
==========
Andreas Steffen
still actively maintaining KLIPS..
> (in some cases it's easier to use KLIPS for easier debugging/tcpdumping etc)
>
> Thanks,
>
> -- Pasi
==========
Andreas Steffen andreas.stef...@strong
;
>
>
>
>
>
>
>
>
> ___
> Users mailing list
> Users@lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
--
==
Andreas Steffen
; validity: not before Jan 01 01:09:24 2000, ok
> not after Dec 31 01:09:24 2000, ok
> pubkey:RSA 2048 bits, has private key
> keyid: 30:b5:05:c2:27:13:46:d5:61:fe:fa:a7:4b:c7:ea:be:1b:cd:b2:07
> subjkey: 5a:d7:fb:ea:55:1f:d3:82:c4:51:48:8e:cc:4b:d3:55
ngswan-ikev1:
>
> Installed: 4.5.2-1.1
>
> Candidate: 4.5.2-1.1
>
> Version table:
>
> *** 4.5.2-1.1 0
>
> 100 /var/lib/dpkg/status
>
> We assume that IKEv1 is already installed from the above status.
>
> Can you let us know of any other way to checkifIKEv1is suppo
IPsec policy based rules are installed with the standard _updown
script which is activated with the ipsec.conf parameter
leftfirewall=yes
Regards
Andreas
On 08/22/2011 05:05 PM, kvunn...@rockwellcollins.com wrote:
>
> Hi Guys,
> we have a requirement related to IPSEC-Policy-based Firewall R
know that charon only support IKE2.
>
> Thanks for more help.
>
> On Tue, Aug 23, 2011 at 12:42 AM, Andreas Steffen
> wrote:
>> Hello,
>>
>> yes this is possible. Just have a look at the collection of our
>> example scenarios:
>>
>> http://www.strong
(strongSwan 4.5.0)
> 00[LIB] plugin 'md4' failed to load:
> /usr/libexec/ipsec/plugins/libstrongswan-md4.so: cannot open shared
> object file: No such file or directory
>
> What am I doing wrong?
>
> Thanks & Regards,
> Matt
=
>
>
>
> Starting strongSwan 4.3.2 IPsec [starter]...
>
> pluto is already running (/var/run/pluto.pid exists) -- skipping pluto start
>
> charon is already running (/var/run/charon.pid exists) -- skipping
> charon start
>
> starter is already running (/var
ment ??
> Also Please note that this Traffic not to be allowed once the Tunnel
> went down.
>
>
>
> Looking forward for the reply!!!
>
> -Best Regards,
> VKS.
>
>
>
> *Andreas Steffen *
>
> 08/23/2011 01:39 AM
>
>
> To
>
rinting out this error
>
> Thanks for your help
>
> Nan
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
Un
ay2" #1: unable to locate my
> private key for signature
>
> Aug 24 15:03:40 vc2_TPC1 pluto[8747]: "kay2" #1: sending encrypted
> notification AUTHENTICATION_FAILED to 169.254.0.70:500
>
> Aug 24 15:03:40 vc2_TPC1 pluto[8747]: | state transition function for
> STATE_MAIN_I
t from numerous networks, and would like to be able to browse the
> local network with all traffic beyond the current subnet being sent
> along the VPN.
==========
Andreas Steffen andreas.stef...@strongswan
ponse with message ID 0 processing failed
> 14[NET] received packet: from 10.19.61.35[500] to 10.19.61.67[500]
> 14[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
> 14[IKE] 10.19.61.35 is initiating an IKE_SA
> 14[IKE] no acceptable proposal found
>
> T
IKE_SA_INIT response with message ID 0 processing failed
>> 12[IKE] retransmit 1 of request with message ID 0
>> 12[NET] sending packet: from 10.19.61.67[500] to 10.19.61.35[500]
>> 13[NET] received packet: from 10.19.61.35[500] to 10.19.61.67[500]
>> 13[ENC] payload of ty
to
> 9.10.109.43[4500]
> Aug 25 20:45:00 09[ENC] parsing body of message, first payload is ENCRYPTED
> Aug 25 20:45:00 09[ENC] starting parsing a ENCRYPTED payload
> Aug 25 20:45:00 09[ENC] parsing ENCRYPTED payload, 48 bytes left
> Aug 25 20:45:00 09[ENC] parsing ENCRYPTED payload finished
> Aug 25 20:45:00 09[ENC] veri
dled locally (it's usually
> an arbitrary /24 or /22, and there's no way to know what it will be.
>
> On 8/24/2011 9:16 PM, Andreas Steffen wrote:
>> Hello,
>>
>> you can do this with strongswan-4.5.3 by defining a pass shunt policy
>> for the local net as
301 - 400 of 1348 matches
Mail list logo