Hi Tobias,
Thanks for the answer. So it looks like for us, by default, openssl
plugin does all the job (overriding gmp) which means almost invulnerable (
*almost* because rare case of openssl can't verify signature and so gmp
takes over) of CVE-2017-11185. woohooo !!!
Regards
On Tue, Aug 22,
have increased the priory of gmp plugin, but openssl is loaded at the
last. I am thinking whichever is loaded last will override ?
* when both plugins have priority = 1 (load = yes) openssl is loaded first
and then gmp.
Thanks
On Sun, Aug 20, 2017 at 8:22 PM, karthik kumar <kumarka
any help on this ?
On Thu, Feb 8, 2018 at 8:54 PM, karthik kumar <kumarkarth...@gmail.com>
wrote:
> Hi,
>We are setting up oath based VPN connection with pam_oath
>
> I have setup in my local with the Xauth config something like this
>
> reponder
> leftaut
Hi,
I have successful connection from my Sierra Mac using strongswan-5.6.1 to
our vpn server
$ sudo ipsec up vpn
Password:
initiating IKE_SA vpn[2] to
*...*
*installing 10.245.250.251 as DNS server*
*installing 10.245.250.227 as DNS server*
*installing new virtual IP 10.244.15.1*
You can have server (responder) authenticate itself using certificate and
client (initiator) authenticate using PSK
something like this,
client
leftauth=secret
rightauth=pubkey
server
leftauth=pubkey
rightauth=secret
Yes you put both the entries in ipsec.secrets
: RSA
: PSK
Hi,
We are setting up oath based VPN connection with pam_oath
I have setup in my local with the Xauth config something like this
reponder
leftauth=pubkey
rightauth=pubkey
rightauth2=xauth-pam
initiator
leftauth=pubkey
rightauth=pubkey
leftauth2=xauth
xauth=client
xauth_identity=
and it
Thanks for your response. I did fix that by changing to 0.0.0.0/0 ..
On Thu, Feb 15, 2018 at 2:50 PM, Tobias Brunner
wrote:
> Hi Karthik,
>
> > CHILD_SA vpn{2} established with SPIs c13091e4_i c869298c_o and TS
> 10.244.15.1/32 === 0.0.0.0/32
>
> This remote traffic
Hi,
I am setting up route based VPN, the service starts up and VPN tunnel is
created
I have add=route and it should have setup the trap and automatically up'd
the tunnel, (i am running a ping) not sure why it didn't do
*initiating Main Mode IKE_SA Tunnel1[1] to *
*generating ID_PROT
Hi,
Is it possible to do two factor authentication with Mac OS X's IKEv2
native client ? As far as I searched,
a) with strongswan client in osx its possible with eap-gtc and pam + oath
but native client leftauth is always eap-mschapv2 (also confirmed here
gt; wrote:
> Hi Karthik,
>
> see below
>
> On 3/4/18 1:23 PM, karthik kumar wrote:
>
> Hi,
>Is it possible to do two factor authentication with Mac OS X's IKEv2
> native client ? As far as I searched,
>
> a) with strongswan client in osx its possible with ea
10 matches
Mail list logo