for an example.
Beware that the linux crypto api is actively developed as we speak and
is constantly changing.
Dimitrios Siganos
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
NAGARAJAN, ANIL (ANIL) wrote:
Hi All,
I am trying to establish SA for site-to-site with ikev2. I am using
strongswan4.3.5.
I have added connection and brought up the connection using stroke
message framework.
SA gets established.
However when I try to send packets from
upgrade to 4.3.5 at least.
Thank you for your reply to my question and i would be interested in
buying a usb dongle. But it would be better to reply separately to my
question (for future reference), because our questions, although
related, are not on the same topic.
Regards,
Dimitrios Siganos
for this. Obviously a ready made solution
would be ideal but if we will have to develop it ourselves.
Regards,
Dimitrios Siganos
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
No, the IPv6 related modules are not necessary but you have to have
linux-2.6.29 or above.
Look at this thread for more details and workaround for earlier kernels:
http://www.mail-archive.com/users@lists.strongswan.org/msg00920.html
I am using 2.6.28 and I worked around the problem by applying
ashish mahalka wrote:
In the ipsec.conf file for Initiator, keyexchange is specified as
ikev2 whereas for the Responder it is specified as ikev1. But still i
am able to establish a ikev2 association between the two peers.
The keyexhange setting has no effect on the responder.
keyexchange =
Sucha Singh wrote:
Hi Andreas,
Reviewing the above settings I added the following line to the ipsec.conf:
ike=3des-sha1-md5-modp1024
I then get the following errors:
002 test #1: initiating Main Mode
003 test #1: no IKE algorithms for this connection (check ike algorithm
string)
003
or bug.
The IPsec gateway is a:
Linux strongSwan U4.2.11/K2.6.28-11-generic
The IPsec client is a:
Linux strongSwan U4.3.3/K2.6.28
Regards,
Dimitrios Siganos
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo
I should add that we are not trying to use DNS. As far as we can see, we
are not setting any DNS settings, in ipsec.conf or strongswan.conf, in
neither the gateway nor the client.
Dimitrios Siganos wrote:
Hi,
I am getting this strange log when I setup a strongswan tunnel
installing DNS
,
Dimitrios Siganos
Martin Willi wrote:
Hi,
I am assuming it is a mis-configuration or bug.
Maybe both. It seems that your client requests a DNS server, but your
server returns an empty or a 0.0.0.0 address.
The IPsec gateway is a:
Linux strongSwan U4.2.11/K2.6.28-11-generic
?
Is a single threaded mode possible, realistically, or would it require
complete re-engineering of charon?
Regards,
Dimitrios Siganos
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
Busybox doesn't have iproute2. They have a simple utility that looks
and feels like iproute2 and it doesn't have support for xfrm and many
other features of iproute2. You'll need to download the proper iproute2
package.
Dimitrios Siganos
Jessie Liu wrote:
Hi Andreas,
ip route list
Hi,
Is the following esp line, valid configuration?
conn west-east
esp=null-sha1-modp1024,null-null
Does it mean: add null-sha1-modp1024 and null-null to the default list
of proposals to be negotiated?
How do I know what the default list proposal list is?
Regards,
Dimitrios Siganos
I also have a problem on the arm platform. I am cross compiling from
Linux/Intel to arm platform.
The latest release that works for me is 4.3.3. I don't know if have the
same problem. I am investigating right now.
Dimitrios Siganos
Nguyễn Hoàng Anh wrote:
Hi Andreas and all members!
Today
critical signal
Regards,
Dimitris
Dimitrios Siganos wrote:
I also have a problem on the arm platform. I am cross compiling from
Linux/Intel to arm platform.
The latest release that works for me is 4.3.3. I don't know if have the
same problem. I am investigating right now.
Dimitrios Siganos
I have found out that the message is coming from the linux kernel and
not from charon as I thought.
It comes from the function:
int alg_test(const char *driver, const char *alg, u32 type, u32 mask)
I still don't know if it something to worry about though.
Regards,
Dimitrios Siganos
Dimitrios
on the behaviour of all the other scripts/binaries,
which I don't know.
Dimitrios Siganos
Zhang, Long (Roger) wrote:
Hi,
I want to put all configuration file under my directory. Then I exported
IPSEC_CONFDIR, but seems the IPSEC_CONFDIR does not work. Not sure why.
My shell is bash. Tried two ways
and shared
passwords, wouldn't.
Regards,
Dimitrios Siganos
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
Oops. I fell into the trap of thinking small scale. If you are talking
about large scale installations then your way is probably recommended.
Dimitrios Siganos
Dimitrios Siganos wrote:
Ivan Shmakov wrote:
Consider, e. g., two sites which are going to establish secure
will brake v6/v4 mixed operation)
Can you confirm that this is correct and complete?
I plan to stick with 2.6.28 because changing kernel would require a lot
of discussions and testing.
Regards,
Dimitrios Siganos
___
Users mailing list
Users
Cryptographic API
Select algorithms you want to use...
If we only want Ipv4 support, can this required kernel modules list be
shortened?
It seems that I I remove all of the Ipv6 modules the IPsec doesn't work
so there is some dependency.
Can you tell what it is?
Regards,
Dimitrios Siganos
it is wrong. I am guessing that you need to set dir like this (absolute
path):
dir = /etc/ssl
You had it set as : ./etc/dir, which is relative to the current working
directory (probably not what you intended).
Regards,
Dimitrios Siganos
Sushil Chaudhari wrote:
Hi Everyone,
I am trying
,
emailaddress=ho...@somewhere.com not confirmed by certificate,
defaulting to subject DN: C=UK, CN=host2, e=ho...@somewhere.com
That looks wrong, doesn't it?
Regards,
Dimitrios Siganos
___
Users mailing list
Users@lists.strongswan.org
https
The ipsec script has the following bashism (line 324 of ipsec script,
git commit 333b461aa689c29197dadb2a15abc3ccade0c89a):
loop=$(($loop - 1))
This doesn't work on my embedded board running busybox msh. I suggest
changing the live above, to:
loop=`expr $loop - 1`
to make it more portable.
Yes, it does fix it. Thank you.
I noticed that you commited some more changes related to email OIDs. Are
they important? Should I get those too?
I am referring to
http://wiki.strongswan.org/repositories/revision/strongswan/fc0ed07c1f44d56ac9a5353c23e4cd79ee2594dd.
Regards,
Dimitrios Siganos
25 matches
Mail list logo