the client.
Any ideas?
Cheers,
Michael.
v4.conf.all.send_redirects" as well completely removes
the ICMP. Not sure if this is intentional or a bug somewhere?
Anyway, thanks again.
Michael.
Sent: Wednesday, April 11, 2018 at 7:50 PM
From: "Noel Kuntze" <noel.kuntze+strongswan-users-ml@thermi.consulting>
To:
observed:
net.ipv4.conf.eth0.send_redirects = 0
I had to have both lines present to resolve the issue and stop the ICMP
redirect being sent. This didn't seem to make sense to me?
Michael.
Sent: Wednesday, April 11, 2018 at 10:40 PM
From: "Noel Kuntze" <noel.kuntze+strong
Hello Strongswan-team,
is there a setup with strongswan for username and password (one time
password, otp) authentication with a checkpoint vpn-server ?
Best regards
Michael
--
Dr. Michael von Mengershausen, MR-Physik / PET
Max-Planck-Institute for Neurological Research
Gleueler Str
lacks its description in man ipsec.conf.
Best regards,
Michael.
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
,
Michael.
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
case.
Btw, what do you think about the parameter overridemtu? Shall it help?
Best regards,
Michael.
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
leftsendcert=never
rightcert=peerCert.pem
Yes. It works as I already said it.
Best regards,
Michael.
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
Hello,
I am a relative newbie with strongswan but i have sucessfully gotten it
installed and working on my CENTOS Linux Box.
I am having a weird issue but I am sure it will be a quick fix when
someone points me in the right direction.
First a brief layout...
Server 1(10.0.2.3)10.0.2.0/24
Hi Andreas,
thanks for your help, but the problem still exists in V4.3.4rc1. I am currently
using
kernel V2.6.27.28.
i will try out the V4.3.3 with the patch ...
kind regards,
Michael
Am Dienstag, 28. Juli 2009 16:00 schrieb Andreas Steffen:
Hi Michael,
due to the additional keywords
such a test in the starter.
What do you think, is that the right way to do it ?
kind regards,
Michael
Am Sonntag, 2. August 2009 17:15 schrieben Sie:
Hi Michael,
I found and fixed another bug introduced by the redefinition of the bool
standard type some time ago. bool now maps to a char
an ipsec reload or
restart but only relative to 1 vpn-connection, ipsec down and up is not
enought ?
I am currently using on vpn1 Linux V2.6.27.34 and Strongswan V4.3.4 and on
vpn2 Linux V2.4.37 and Strongswan V2.5.7.
best regards,
Michael
--
Michael Niehren
=192.168.1.0/24
rightid=C=AT, ST=Wien, O=Company, OU=Department, CN=support,
e=em...@test.tld
keyexchange=ikev2
auto=add
Is the used strongSwan version too old?
Kind regards,
Michael
___
Users mailing list
Users@lists.strongswan.org
I need help getting a linux laptop to connect to office VPN running on
Sonicwall Pro 3060. Apologies in advance if I have missed something in
the manual or public domain, I really don't know how to take this
further to determine what settings are required. Any clue appreciated. I
I have confirmed
Hi,
I am having problems getting StrongSwan to use ECP algorithms. I built with:
./configure --prefix /usr --sysconfdir=/etc --libexecdir=/usr/libexec
--enable-openssl
But when I try to bring up a connection specifying:
Hi,
I am having problems getting StrongSwan to use ECP algorithms. I built with:
./configure --prefix /usr --sysconfdir=/etc --libexecdir=/usr/libexec
--enable-openssl
But when I try to bring up a connection specifying:
ike=aes128-sha256-ecp256!
esp=aes128gcm16!
I get:
002 suiteB #1:
...@hotmail.com
CC: users@lists.strongswan.org
Subject: Re: [strongSwan] (no subject)
Yeah, this is strange indeed. Have Elliptic Curves been enabled in
libcrypto.so-0.9.8e ? We know of some Linux distributions where this
hasn't been the case.
Regards
Andreas
On 21.10.2010 20:24, Michael Sneed
is StrongSwan identifying the peer by ID_IPV4 when
the certificate is being sent and parsed?
Thanks,
Michael Holstein
Cleveland State University
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
to
put it in/out of airplane mode to get a new IP to reconnect).
Begs the question .. is there an easy way to clean up unexpired but
unused EROUTES with whack?
Thanks,
Michael Holstein
Cleveland State University
___
Users mailing list
Users
(or)
(packet) - ipsec - ipsec-natt - host
Cheers,
Michael Holstein
Cleveland State University
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
this?
Yes, I realize all the reasons why you wouldn't want to do that, since
Strongswan was built for its certificate support.
TIA,
Michael Holstein
Cleveland State University
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org
for
172.16.1.0/24===172.16.1.102:4500[C=US, O=AnsibleThreshold strongSwan,
CN=server ip]...174.252.36.126:3047[C=US, O=AnsibleThreshold strongSwan,
CN=My iPhone]===10.0.8.1/32
Some help would be very much appreciated,
~ Michael Gorbach
smime.p7s
Description: S/MIME cryptographic signature
/24
}
}
}
The 28676 and 28675 are the the SPIT_INCLUDE and DOMAIN attributes.makes a
- Switched strongSwan to running as root, though I don't know if that made a
difference.
~ M.
On Mar 7, 2012, at 11:13 PM, Michael Gorbach wrote:
(Don't know if this email will get
|~
leftsubnet=172.16.1.0/24
~ M.
On Mar 9, 2012, at 1:00 PM, Michael Gorbach wrote:
I've got this working as follows:
- Removed the UNITU_SPLIT_INCLUDE attribute from the SQL DB.
- In StrongSwan.conf:
pluto {
plugins {
attr
Hi,
I'm using StrongSwan on my OpenWRT based router to setup a VPN for my
roadwarrior iOS 5 using XAUTH with PSK.
My setup is like this:
My internal network:
Network and range 172.16.67.96/255.255.255.224 (172.16.67.96 -
172.16.67.126)Gateway 172.16.67.97DNS 172.16.67.97
My OpenWRT is the
Is there a way to specify in Strongswan 5.0.1 an authentication combination of
xauth-pam and rsa? Rather than storing accounts and passwords for XAUTH
authentication in ipsec.secrets I'd like to have xauth use PAM to look up
accounts and passwords. There's an xauth-pam method, but I don't see
In the wiki page that specifies a configuration that works for iOS devices
(http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple) ) it says in
the section titled Install Certificates:
It is not necessary to keep the client certificate on the server, but it
can be useful to use
According to the Apple Enterprise Deployment Guide, you can distribute an IPSec
VPN profile to an iOS device with Xauth authentication set to '0' which would
imply that you can have a connection authenticated only by a client
certificate. Does anyone out there use this with Strongswan or know
I'm a little puzzled here. Apple's own website has a document VPN Server for
iOS Devices: IPSec settings (at
help.apple.com/iosdeployment-vpn/mac/1.2/#app36c95bff) that states it does not
support Re-keying of phase 1 and recommends rekeying times on the server of 1
hour. But in an earlier
documentation pages for iOS / OS X
connections.
Yours,
~ M.
On Feb 18, 2013, at 12:03 AM, Brian Mastenbrook br...@mastenbrook.net wrote:
On 2/17/2013 12:49 PM, Michael Durket wrote:
I'm a little puzzled here. Apple's own website has a document VPN Server
for iOS Devices: IPSec settings
(based on your
information on modeconfig on rekeying). I have no problem with giving each
device a separate X509 certificate but the xauth problems and statically
assigned IPs is a real dealbreaker.
On Feb 17, 2013, at 9:03 PM, Brian Mastenbrook wrote:
On 2/17/2013 12:49 PM, Michael Durket
(NO_PROP) ]
--
mit freundlichen Grüssen,
Michael Monnerie, Ing. BSc | Tel: +43 660 415 6531
XING: https://www.xing.com/profile/Michael_Monnerie
Facebook: https://www.facebook.com/michael.monnerie
Twitter: @MichaelMonnerie https://twitter.com/MichaelMonnerie
LinkedIn: http://lnkd.in/uGx6ug
Google+: https
=xauth
right=%any
rightsubnet.0.0.0/24
rightsourceip.0.0.2
rightcert=zmiPadCert.pem
rightid=C=AT, O=Proteger, CN=*
compress=no
auto�d
#pfs=no
--
mit freundlichen Grüssen,
Michael Monnerie, Ing. BSc | Tel: +43 660 415 6531
XING
Grüssen,
Michael Monnerie, Ing. BSc | Tel: +43 660 415 6531
XING: https://www.xing.com/profile/Michael_Monnerie
Facebook: https://www.facebook.com/michael.monnerie
Twitter: @MichaelMonnerie https://twitter.com/MichaelMonnerie
LinkedIn: http://lnkd.in/uGx6ug
Google+: https://plus.google.com/u/0
Any ideas someone?
Am Samstag, 16. März 2013, 09:15:54 schrieb Michael Monnerie:
Am Freitag, 15. März 2013, 09:14:31 schrieb Larsen:
try using another IKE version. If it´s the same for the iPad as for the
iPhone it should be IKEv1.
Thank you for the response. I took the config from
.
Thanks,
Michael
On Monday, July 22, 2013 02:43:33 PM Paton, Andy wrote:
Some useful info from the
Wikihttp://wiki.strongswan.org/projects/strongswan/wiki/Windows7 which may
help you on this one:
Rekeying behavior
IKE_SA rekeying
The Windows 7 client supports IKE_SA rekeying, but can't
route gets used since
the 10 subnet is not configured anywhere (and would be impossible to
predict for a road warrior).
Does anyone have experience using the android strongswan client and a voip
android app successfully?
Michael
___
Users mailing list
Hi all,
I have used the scepclient (strongswan 5.1.1) and NDES to enroll a certificate
to a linux box. Then I configured a host-host connection and I am able to
establish a SA from right to left (using ICMP ping from the server).
When the left side initiates the IKE negotiation, the server
Hi Martin,
AFAIK, Windows 2008 Server does not support IKEv2 when using non-RAS
transport mode connections.
Great advice! using:
keyexchange=ikev1
the main mode now completes!
On to the quick mode neg., which fails:
generating QUICK_MODE request 2717344713 [ HASH SA No KE ID ID ]
sending
,
Michael
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
ACCEPT
My problem is that there are wrong devices (eth0) in the rules. I need
eth1 instead eth0.
Where can I define the device?
Or can I disable the generation of the rules?
Best regards,
Michael
___
Users mailing list
Users@lists.strongswan.org
https
Am 13.02.2014 21:26, schrieb Pawel Grzesik:
On 13 Feb 2014, at 18:52, Wagenknecht Michael mwagenkne...@gmx.net wrote:
Hi,
I have another question.
After activating a connection between the Fritzbox and strongswan, I
have 4 additional iptables rules:
-A INPUT -s 192.168.0.0/24 -d
I was configuring IPsec transport mode between a strongswan client and Windows
2008,
but ran into problems:
On to the quick mode neg., which fails:
generating QUICK_MODE request 2717344713 [ HASH SA No KE ID ID ]
sending packet: from 192.168.0.3[500] to 192.168.0.2[500] (300 bytes)
received
Hi Martin,
esp=3des-sha1,3des-sha1-modp1024
If you have both non-PFS (3des-sha1) and PFS (3des-sha1-modp1024)
proposals included, strongSwan includes a KE payload for the DH
exchange. The responder is free to ignore the KE payload if it picks the
non-PFS proposal, but it seems that this
/WAN distuingish between both boxes? If yes, how?
Thanks for any hints.
Mit freundlichen Grüßen,
Michael Schwartzkopff
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
=never
rightsubnet=192.168.56.0/24
#
auto = add
Anybody here who could help me why this authentication is failing?
Mit freundlichen Grüßen,
Michael Schwartzkopff
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
Franziskanerstraße 15, 81669 München
Am Mittwoch, 14. Januar 2015, 10:24:06 schrieb Michael Schwartzkopff:
Hi,
I have a IPv4 transport network. so moon (responder) and carol machines have
IPv4 adresses. The IPv4 IPsec tunnel works.
Can I assign IPv6 addresses to my carol host? Something like
rightsourceip = 192.168.100.0
?
Mit freundlichen Grüßen,
Michael Schwartzkopff
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender
to set up such a config, you have to configure the correct MAC
address in the switches in the ports. Atherwise you could have loops and you
will see much traffic.
(...)
Mit freundlichen Grüßen,
Michael Schwartzkopff
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
of the authentication protocol and password storage
compatibility matrix?
http://deployingradius.com/documents/protocols/compatibility.html
Do you do a ldapbind oder ldapsearch?
Mit freundlichen Grüßen,
Michael Schwartzkopff
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
,
Michael Schwartzkopff
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Am Dienstag, 4. August 2015, 10:36:21 schrieb Tobias Brunner:
Hi Michael,
VPN connection is established:
There are no CHILD_SAs listed there. Only IKE_SAs. Could you send the
logs of when the SAs are established (including the initial messages
where the NAT is detected). What strongSwan
in clear text.
Any ideas what might be wrong?
Mit freundlichen Grüßen,
Michael Schwartzkopff
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben
Hi,
I tried to find a gocumentation of the entries in the strongswan log file.
Especially I am looking to the dokumentation of the IKE attributes like
NATD_S_IP, NATD_D_IP, INVAL_KE, IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr
N(EAP_ONLY).
An good hints?
Mit freundlichen Grüßen,
Michael
Am Freitag, 31. Juli 2015, 19:37:01 schrieb Nitin Agarwal:
Hello Monti and Michael
I also wanted to do same things and my team started the work on same.
We have done good work on this and trying to update information via SNMP in
OpenNMS.
We wanted to integrate with OpenNMS, so that we can
Am Freitag, 31. Juli 2015, 19:37:01 schrieb Nitin Agarwal:
Hello Monti and Michael
I also wanted to do same things and my team started the work on same.
We have done good work on this and trying to update information via SNMP in
OpenNMS.
We wanted to integrate with OpenNMS, so that we can
Am Freitag, 31. Juli 2015, 10:38:39 schrieb Monti, Marco:
Hi Michael,
So there is not any MIBs to use for ipsec as you know I would have to write
a subagent from scratch I have tried to find out but seems there is not any
What language and API would you suggest?
Marco
Standard is C
-Agent ist quite a task. But I could help you a
little bit. But beware, I do not have too much time.
Mit freundlichen Grüßen,
Michael Schwartzkopff
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München
The question is:
Is there some obvious misconfiguration which causes the routes in table 220 to
appear.
It looks like the strange routes do no harm, as everything works as expected so
far or will they?
Any general hints for this setup?
Thanks and best regards,
Michael
traceroute to
8.8.8.8.
This was configured like this:
leftsubnet=0.0.0.0/2,64.0.0.0/4,80.0.0.0/8,...,128.0.0.0/1
Any clues?
I tried to configure ike2 using the iOS gui config, but had no success so far.
Would any one share a working ike2 config with iOS 9.1 which is multi-client and
gui conf
Hi Marcel,
i tried to establish an ike2 connection using ios9.1 and strongswan 5.3.3 but
was not able to connect so far.
Could you please share your configuration (especially ios config). If i'm able
to connect i can try to
reproduce your problem.
Best regards,
Michael
> Hello every
r 20 ms
Oct 1 16:40:15 charon: 09[IKE] initiating Main Mode IKE_SA testvpn[1] to
79.232.231.58
after starting the connection with
robo@/etc/ipsec.d/connections# ipsec start
Starting strongSwan 5.3.3 IPsec [starter]...
Hope for you help, best regards
M
Hi,
Note: below I use the term "VIP". By this, I mean the IP address
associated with a Linux virtual network interface, like eth1:0. I want
to avoid confusion with the strongSwan concept of "Virtual IP".
I have configured strongSwan so that the "left" conn parameter refers to
a VIP. This
le to hand out it own IP
adresses.
See:
https://wiki.strongswan.org/projects/strongswan/wiki/VirtualIp
https://wiki.strongswan.org/projects/strongswan/wiki/Dhcpplugin
Is this an otion in your setup? Or do the IP addresses really have to be
passed on to the central DHCP server?
Mit freundlichen Grüßen,
M
e x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8
pkcs12 pgp dnskey sshkey pem fips-prf gmp xcbc cmac hmac attr load-tester
kernel-netlink resolve socket-default stroke updown xauth-generic
On Sun, Jan 31, 2016 at 1:57 AM, Thomas Egerer <hakke_...@gmx.de> wrote:
> -BEGIN PGP S
local
gateway?
Any ideas? Thanks.
Mit freundlichen Grüßen,
Michael Schwartzkopff
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc
Hi,
Is it possible to use load-tester plugin with EAP disabled?
Thanks,
Michael
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
] retransmit 2 of request with message ID 0
charon: 12[NET] sending packet: from 2.2.2.20[500] to 2.2.2.1[500] (288
bytes)
charon: 13[IKE] retransmit 3 of request with message ID 0
On Fri, Feb 5, 2016 at 6:31 AM, Tobias Brunner <tob...@strongswan.org>
wrote:
> Hi Michael,
>
> I think
? I have the following parameter
in my load-tester.conf file.
proposal = aes-sha1-modp1024
On Fri, Jan 29, 2016 at 12:40 PM, Michael Chan <mcha...@gmail.com> wrote:
> Hi,
> I'm wanting to use the load-tester plugin to perform load testing on
> remote host, but the remote hos
Hash: SHA256
>
> Michael,
>
> while unloading the dishwasher I gave your issue another thought ;)
> It seems I have somehow misread your problem. The peer you are trying
> to connect the load tester to, runs which VPN-service? If it is a
> strongwan instance, you should pro
esp and proposal to use modp1024, but it doesn't change the key exchange
payload DH group at all. Is there a way to set the group in load-tester?
Thanks,
Michael
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman
Hi,
I wanted to give it a try, but failed with the first statement.
What does "charondebug=..." in ipsec.conf map to in swanctl.conf?
- Michael
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
en..local_ts", but I
have no idea what value to use for "". The examples use "net",
but I don't understand where this value comes from. If there were
several "connections..children." sections with different
"&qu
payload length, decryption failed?" and
found several bug reports, most closed without real solution. I tried
every hint I could find there to no avail.
- Michael
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
Hi, with current reduced privilege configuration option it requires use of
libcap which is only available in Linux.
Can the --with-user option be used for FreeBSD to reduce privilege of the
daemon running on FreeBSD? What is the downside?
--
Rgds, Michael
I would like to setup a more stable secure connection between my servers.
Currently I'm using ssh socks5 proxy, which does work:
ssh -fN -D localhost:1080 myuser@my-remote-ip
and then I'm able to cURL with curl --socks5-hostname:localhost:1080 ...
I'm able to setup StrongSWAN between my to
Hello,
I'm trying to find some documentation on what algorithms, if any,
StrongSwan uses for pre-shared key conditioning. Can anyone point me to an
RFC or a web page that has this?
Thanks,
*Michael Wages*
___
Users mailing list
Users
Am Montag, 16. Januar 2017, 18:30:15 schrieb Varun Singh:
> On Mon, Jan 16, 2017 at 6:18 PM, Michael Schwartzkopff <m...@sys4.de> wrote:
> > Am Montag, 16. Januar 2017, 18:09:00 schrieb Varun Singh:
> >> On Mon, Jan 16, 2017 at 6:04 PM, Michael Schwartzkopff <m...@sys4
Am Montag, 16. Januar 2017, 18:55:35 schrieben Sie:
> On Mon, Jan 16, 2017 at 6:32 PM, Michael Schwartzkopff <m...@sys4.de> wrote:
> > Am Montag, 16. Januar 2017, 18:30:15 schrieb Varun Singh:
> >> On Mon, Jan 16, 2017 at 6:18 PM, Michael Schwartzkopff <m...@sys4.de>
stood what the expert was saying. If not, I
> > should discuss this with him.
>
> Neither strongSwan, nor openvpn do that. I have never seen something like
> that.
Old versions of openswan / freeswan did create interfaces.
Mit freundlichen Grüßen,
Michael Schwartzkopff
--
[*] sys4 AG
opic was discussed
here on the list.
Mit freundlichen Grüßen,
Michael Schwartzkopff
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
Schleißheimer Straße 26/MG, 80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schi
to the charon
subsection. However, I am seeing that traffic going to interfaces b and c
are still attempting to negotiate IPsec. Conversely, I tried interfaces_use
= a and still saw the same result.
Is there something I am missing?
Thanks,
*Michael Wages
alell?
What bandwidth (aggregated)?
How many re-authentications per second (or minute)?
Any recent CPU should be able to handle "normal" internet connection speeds up
to 100 MBit/s and user figures as given above.
Mit freundlichen Grüßen,
Michael Schwartzkopff
--
[*] sys4 AG
http://sys
d trust the hardware
vendors.
Also have an eye on the VPN setup rate. Establishing a VPN link needs
performance ,so you would like to have as few renegitiations per second as
possible.
If you have 10k clients and a tunnel lifetime of 3600 sec, you would have
about 3 IPsec SA negotioations per sec. Th
Hi
We are using strong swan on a box which should connect to another
Firewall.
The strongswan initiates the connection. We have wiresharked the packets
on the receiving site and we see that strongswan is sending XAUTH and
PSK but I have only configured to use xauth.
I've also disabled XAUTH
Is it simply removing right side parameters and adding:
right=%any
On Wednesday, December 14, 2016, Michael Nielsen <mic.nie...@gmail.com>
wrote:
> I'm running StrongSwan for site2site VPN connections.
> It works fine.
>
> I have a client who cannot use site2site.
>
> H
Hi,
are there any reliable performance figures for IPsec throughput on x86_64 Linux
machines?
Is 10 GBit/s feasable? If yes, how?
Mit freundlichen Grüßen,
Michael Schwartzkopff
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG, 80333 München
Sitz der
the site C.
Is such a scenario possible? How? Any hints?
Mit freundlichen Grüßen,
Michael Schwartzkopff
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG, 80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter
fact that Strongswan seems to take
>> down the tunnel automatically (?) after a few hours.
>>
>> How can I 1) make sure there’s no timeout (?) and 2) that IF
>> the tunnel goes down, for whatever reason, that it will reinitiate
>> the connection automaticall
Am 15.11.2017 um 08:24 schrieb Houman:
> Hi,
>
> I'm new to the concept of EAP and might be misunderstanding something.
> Apologies up front.
>
> I have finally been able to install FreeRadius and enable the SQL module.
> I have created a user in the database and was hoping to establish a VPN
>
Am 15.11.2017 um 09:58 schrieb Houman:
> Hallo Michael,
>
>
> Thanks for your reply. Indeed I should have checked the radius log. It
> seems the shared secret is incorrect, but there do match in configs as
> pasted below.
> Where else could the secret have been used that I
Hi,
is there any kind of authentication / autorization in the vici
interface? Or does everybody that has access to the socket (or tcp
socket) full control over charon?
I did not find anything the docs.
Mit freundlichen Grüßen,
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Am 14.12.2017 um 11:49 schrieb Michael Stiller:
> Ah ok,
>
> for that i enabled the vici plugin in strongswan and have a go program using
> github.com/bronze1man/goStrongswanVici which implements a small http
> listening healthcheck program.
>
> Best regards,
>
&g
Hi,
What is the best way to do a fault monitoring of a strongswan server? In
the first place, my monitoring service should check if the server is
able to offer the VPN service, which means i.e. that UDP/500 will send a
correct answer if checked from the outside.
Any ideas?
Mit freundlichen
d
compare it with the expected value (e.g. address of the vpn server)
If not -> alarm.
Best regards,
Michael
> On 14. Dec 2017, at 11:29, Michael Schwartzkopff <m...@sys4.de> wrote:
>
> Hi,
>
>
> What is the best way to do a fault monitoring of a strongswan server? In
>
Am 10.01.2018 um 04:39 schrieb RA:
> Hi.
>
> Thanks for your reply. 'NT-Password' isn't working with Strongswan
> though radtest is checking it just fine:
>
> # smbencrypt mypass
> LM Hash NT Hash
>
>
Am 14.01.2018 um 15:34 schrieb Noel Kuntze:
> Hi,
>
> A wrapper script or some patches to strongSwan and add a feature to VICI to
> specify a different destination IP for the CHILD_SA you want to initiate.
>
> Kind regards
>
> Noel
>
> On 12.01.2018 20:56, Mich
Hi,
is it possible to configure several / multiple VPN servers as entry
points to a data center?
My idea is to have several VPN servers with different IP addresses. The
client checks which one is available and connets to it to get a
connection to the data center.
Is this scenario possible
Am 04.12.18 um 14:09 schrieb Dmitry Soloshenko:
> Hello, Tobias.
>
> Thank you for response.
>
>>> As an example, on Cisco router I would create 2 access groups and
>>> have 2
>>> profiles on Cisco VPN client: one for local auth, one for RADIUS.
>> And how/when does it switch between the two?
> In
Am 16.09.2018 um 09:34 schrieb Markus P. Beckhaus:
> Dear all,
>
> we are thinking about using a DNS Load-Balancer to distribute a huge count of
> strongswan clients to multiple VPN gatweways. Also, the DNS Load-Balancer
> should detect the failure of VPN gateways and remove them from the DNS
>
1 - 100 of 172 matches
Mail list logo