On 05/05/2011 03:02 PM, Kamil Jońca wrote:
Andreas Steffen
andreas.stef...@strongswan.org writes:
--8---cut here---start-8---
src 192.168.0.1 dst 192.168.0.100
proto comp spi 0xbdf9(48633) reqid 1(0x0001) mode tunnel
replay-window 0
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640
regards
Andreas
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied
URL:http://www.visec.info
|-|
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux
,
Pavel Arnost
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University
a network sniffer I am able to see that Moon’s pings are being
encapsulated, and Alice’s pings are being NATed but not encapsulated.
Any suggestions?
Thank you,
Mark
==
Andreas Steffen
the strict !s from the config doesn't help.)
Regards
Zoltan
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
--
==
Andreas
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland
with --debug-all i see IKE sending cert request
immediatly followed by error 13806 on the Windows Box.
I hope anybody can help me out or lead me in the right direction.
Thank you in advance,
Stefan
==
Andreas Steffen
. there is always one initiator for
each connection.
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
--
==
Andreas Steffen
/mailman/listinfo/users
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
/projects/strongswan/wiki/IKEv2CipherSuites
Best regards
Andreas Steffen, Martin Willi, Tobias Brunner
The strongSwan Team
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland
at 09:17, Andreas Steffen
andreas.stef...@strongswan.org wrote:
Hello Hans-Kristian,
first I recommend to use IKEv2 which is much faster
and more robust:
config setup
charonstart=yes
plutostart=no
conn %default
keyexchange=ikev2
ikelifetime=28800
: [200.200.200.20] uses pre-shared keey
authenticationy
remote: [200.2 00.200.1:0] uses 0any authentication
net-net: child: 192.:168.2.0/24 === 192.168.12.0/24
Security Associations:
None
Regards,
Hemant
-Original Message-
From: Andreas Steffen [mailto:andreas.stef
: from
192.168.200.200[4500] to 80.50.55.206[4500]
[...]
Any ideas?
KJ
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
On 06/08/2011 02:15 PM, Kamil Jońca wrote:
Andreas Steffen
andreas.stef...@strongswan.org writes:
Czesc Kamil,
strongSwan uses ',' and '/' as reserved characters to separate
Relative Distinguished Names in an X.509 Distinguished Name.
Therefore CN=host/bambus@KJONCA will be incorrectly encoded
of the SA might be active while rest inactive but the DPD won't
be triggered for inactive SA's as the policy use_time will keep on updating.
Regards,
Malik
--
==
Andreas Steffen andreas.stef
!
Thanks in advance
--
N.Chavoshi
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
--
==
Andreas Steffen
Oops, the correct syntax is
./configure --with-routing-table=table number \
[ --with-routing-table-number=table_priority ]
Andreas
On 10.06.2011 20:55, Andreas Steffen wrote:
Hello,
for IKEv1 and IKEv2 you can define the actual routing table
and additionally the table
at 3:40 PM, Andreas Steffen
andreas.stef...@strongswan.org mailto:andreas.stef...@strongswan.org
wrote:
Hello Malik,
we are using policy_use_time, because the state_use_time gets set
only once when the first packet is processed and is never updated
after that.
Regards
configuration?
Thanks and regards
R.K Swetha
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies
on the number of CHILD SAs that can be
created under a single IKE SA/Tunnel. If yes. Then what is the Max Number
Thanks and Regards
Sajal
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN
auto=add
when I type sudo ipsec up strongswan, connection seems to come up, but
routing does not work and looking ip xfrm policy I can see there is
none. Does any know where is my issue?
==
Andreas Steffen
via rightcert=. Just copy the CA certificate
into /etc/ipsec.d/cacerts and trust will be established into
moon.
Regards
Andreas
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH
from the nat and mangle tables are missing.
Wouldn't it make more sense to use iptables-save to dump the complete
picture. AFAICT, it outputs the nat and mangle table as well as the
filter table.
Thanks
-Daniel
==
Andreas
.
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences
On 06/15/2011 09:29 AM, Johannes Hubertz wrote:
Hallo zusammen,
On Wednesday 15 June 2011 08:59:52 Andreas Steffen wrote:
iptables-save shows all the rules but unfortunately without
the packet statistics
perhaps this helps?
iptables-save -c
Happy working
Johannes
/2011 09:29, Andreas Steffen a écrit :
Hello Alexandre,
your configuration should look like this:
conn customer1
rightid=customer 1 ID
leftsubnet=VLAN1
mark=10
also=gateway
auto=add
conn customer2
rightid=customer 1 ID
leftsubnet=VLAN1
mark=20
also=gateway
auto=add
conn gateway
and use tc rules
that choose based on this mark instead?
Thank you.
--lyle
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
charon: 09[CFG] adding virtual IP address pool
'edba-nat-ikev2': 192.168.7.0/24 http://192.168.7.0/24
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil
a net2net with the 2409 public key
encryption authentication method (where the ID and Nonce in the second and
third
ISKAMP (main mode) messages are encrypted) using StrongSwan?
Thanks
Emil
==
Andreas Steffen
Le 28/06/2011 11:04, Andreas Steffen a écrit :
Hello Fabrice,
probably today I'm going to release a strongSwan snapshot with
integrated PASS and DROP shunt policies support. These policies
can be configured either via ipsec.conf or an SQL database.
So just have a little patience.
Best
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
--
==
Andreas Steffen andreas.stef...@strongswan.org
for the
support. Right now I have the kernel version 2.6.35
Regards
Arnab
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution
. there's no way to specify a certificate
attribute as hostname or other, anything except the ikev2 identity
can't be passed in the dhcp request insofar as I can identify.
==
Andreas Steffen andreas.stef
, I carefully examined both scanarios, however, both of them fail to
autonomously identify any ikev2 request and require that identities or
auto-generated MAC addresses be entered into dhcpd.conf ahead of time,
which is just infeasible on a large scale.
On 7/14/2011 11:14, Andreas Steffen
://lists.strongswan.org/mailman/listinfo/users
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet
/
Please test the release candidate and give us a feedback.
ETA for the stable 4.5.3 release is end of July.
Kind regards
Andreas
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland
in the strongswan.conf file?..
Regards
Arnab
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
for connections);
nat_traversal=yes moves the listening port and destination port to 4500.
This is contrary to what my belief was how NAT Traversal works.
Can you comment please?
Regards,
Holger
==
Andreas Steffen
Hello Thomas,
this NAT-T bug affects IKEv2 only.
Regards
Andreas
On 22.07.2011 09:15, Thomas Jarosch wrote:
On Thursday, 21. July 2011 15:09:27 Andreas Steffen wrote:
Please be aware that a serious NAT-T bug was fixed in strongSwan
4.5.1 and later versions which in the case of a responder
Hello Daniel,
On 22.07.2011 17:56, Daniel Mentz wrote:
Dear strongSwan team,
thanks for the great work. I have some comments regarding the following
change:
On 07/19/2011 01:00 AM, Andreas Steffen wrote:
PASS and DROP shunt policies configurable by charon
the previously established CHILD_SA will not be
used at all if a new SA is available..?
Regards
Arnab
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution
for VPN replacing #0
000
In the logfiles, I can see, that my roadwarrior tries to get an ip, but
why does my vpn route don't give him one?
Anyone tried to get such a combination running?
rest regards
Andre
==
Andreas
behavior or is a bug (known)
in strongswan.
Thanks,
Vinay
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet
:4408 disappeared from eth3
05[KNL] interface eth3 deactivated
16[IKE] requesting address change using MOBIKE
16[ENC] generating INFORMATIONAL request 8 [ N(NO_ADD_ADDR) ]
16[IKE] checking path 10.xx.xx.197[4500]
On Thu, Jul 28, 2011 at 10:55 PM, Andreas Steffen
andreas.stef
;a=commitdiff;h=f1c1965d
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland
:06, Patricia de Noriega wrote:
How I can bind that interface by means of the ipsec.conf file?
Best regards,
On 29 July 2011 16:51, Andreas Steffen andreas.stef...@strongswan.org
mailto:andreas.stef...@strongswan.org wrote:
Would it help to bind the virtual IP do a dummy interface, so
includes only one attribute
(INTERNAL_IP4_ADDRESS), any configuration I am missing here? I
remember strongSwan used to be able to send multiple. I am using
srtongSwan 4.5.0
==
Andreas Steffen
kernel
starting with 2.6.39.
http://www.strongswan.org/uml/testresults/ikev2/net2net-esn/
Best regards
Andreas Steffen, Tobias Brunner, Martin Willi
The strongSwan Team
==
Andreas Steffen andreas.stef
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil
back to the strongSwan
project or host it somewhere yourself.
Riaan
Best regards
Andreas
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
--
==
Andreas Steffen
/users
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied
IKE2.
Thanks for more help.
On Tue, Aug 23, 2011 at 12:42 AM, Andreas Steffen
andreas.stef...@strongswan.org wrote:
Hello,
yes this is possible. Just have a look at the collection of our
example scenarios:
http://www.strongswan.org/uml/testresults/sql/
The following wiki entry helps
/ipsec/plugins/libstrongswan-md4.so: cannot open shared
object file: No such file or directory
What am I doing wrong?
Thanks Regards,
Matt
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan
auto=add in the
/etc/ipsec.conf. But it didn’t help.
Can someone please help resolving this.
Thanks,
Murali
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN
not to be allowed once the Tunnel
went down.
Looking forward for the reply!!!
-Best Regards,
VKS.
*Andreas Steffen andreas.stef...@strongswan.org*
08/23/2011 01:39 AM
To
kvunn...@rockwellcollins.com
cc
users@lists.strongswan.org
Subject
Re: [strongSwan
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland
tcpdump_src.txt authlog_dst.txt
Thanks Regards,
Kavitha
-Original Message-
From:ext Andreas Steffen [mailto:andreas.stef...@strongswan.org]
Sent:Friday, August 19, 2011 4:23 PM
To:Lm, Kavitha (NSN - IN/Bangalore)
Cc:Users@lists.strongswan.org; Sudhakar, Meera (NSN - IN/Bangalore
..
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences
and server (more than once) and I'm still hitting it.
Any ideas on what I'm doing wrong?
Terry Hennessy
Dept MR6 : IBM i Security Development
IBM Rochester, MN
(507) 253-4448
==
Andreas Steffen
usually
an arbitrary /24 or /22, and there's no way to know what it will be.
On 8/24/2011 9:16 PM, Andreas Steffen wrote:
Hello,
you can do this with strongswan-4.5.3 by defining a pass shunt policy
for the local net as shown in the following example scenario:
http://www.strongswan.org
bandwidth can StrongSwan handle?in fact I want to know maximum
bandwidth that strongswan can handle.
Thanks in advance
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution
this traffic on ipsec tunnel, how amount of
performance will be decreased? maybe 200MG or more.
anyhow, encapsulation of packets has some overhead on performance.
Thanks in advance
On Tue, Aug 30, 2011 at 1:42 PM, Andreas Steffen
andreas.stef...@strongswan.org mailto:andreas.stef...@strongswan.org
story. But maybe I am reading it wrong. Any advice?
-a
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet
]
80.153.148.144:4500 #624: sending XAUTH request
There is no answer to this XAUTH request, while it work for the initial XAUTH
request
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied
?
If I do not want use leftid or rightid, what option do I set instead of
them?
Thank in advance
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution
on X509 certification?
According to your told, I should define lefid at least, is that true ?
Thanks in advance for any help or guidance
On Sun, Sep 25, 2011 at 2:16 PM, Andreas Steffen
andreas.stef...@strongswan.org mailto:andreas.stef...@strongswan.org
wrote:
Hello,
left
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640
connection in StrongSwan?
Thanks in advance
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies
.
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640
can not use it. because i don't know how to config it and how find
host name or ip and ect
please help me
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland
WR44's proposal?
Thank you
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
/advices would be appreciated.
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
Martin
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University
support expected for the 4.6.1 release.
For details consult the following link:
http://www.strongswan.org/uml/pts/
Best regards
Andreas Steffen, Tobias Brunner, Martin Willi
The strongSwan team
==
Andreas Steffen
and the starter process including the
stroke and whack interfaces have been ported to Android.
Does this mean that it is possible to use the ipsec.config file rather
than the frontend?
Federico
==
Andreas Steffen
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH
building CRED_PRIVATE_KEY - RSA failed, tried 6 builders
parsing private key failed
I have used the default load so all the plugins are loaded. Please help.
Thanks,
Anand
==
Andreas Steffen andreas.stef
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux
-
From: Andreas Steffen andreas.stef...@strongswan.org
To: anand rao anandrao...@yahoo.co.in
Cc: users@lists.strongswan.org users@lists.strongswan.org
Sent: Thursday, November 10, 2011 7:28 PM
Subject: Re: [strongSwan] strongswan pki command error
Hi Anand,
If I execute the same commands
. It was unreadable using cat command.
Regards
Anand
- Original Message -
From: Andreas Steffen andreas.stef...@strongswan.org
To: anand rao anandrao...@yahoo.co.in
Cc: users@lists.strongswan.org users@lists.strongswan.org
Sent: Friday, November 11, 2011 5:39 PM
Subject: Re: [strongSwan
to the connection.
I still have a question about removing rightid=%any
Thanks again for all your help.
Matt Hymowitz, CISSP
Manager
GMP Networks, LLC
520 577-3891
From: Matthew F. Hymowitz
Sent: Tuesday, November 08, 2011 6:00 PM
To: Andreas Steffen
Cc: users
--self --in caKey.der --dn C=IN, O=strongSwan, CN=strongSwanCA
caCert.der
building CRED_PRIVATE_KEY - RSA failed, tried 6 builders
parsing private key failed
I have attached caKey.der.
Please help.
Regards,
Anand
- Original Message -
From: Andreas Steffen andreas.stef
if there is anything more I need to do? The
above works fine only when dscp is set to BE.
Thanks and regards,
Meera
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution
seconds for #2
Thanks and Regards,
Amit Tamboli
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil
Christoph
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied
401 - 500 of 946 matches
Mail list logo
