Re: [strongSwan] User openssl's PUBKEY_VERIFY instead of gmp's for CVE-2017-11185

Hi Tobias, Thanks for the answer. So it looks like for us, by default, openssl plugin does all the job (overriding gmp) which means almost invulnerable ( *almost* because rare case of openssl can't verify signature and so gmp takes over) of CVE-2017-11185. woohooo !!! Regards On Tue, Aug 22,

Re: [strongSwan] User openssl's PUBKEY_VERIFY instead of gmp's for CVE-2017-11185

have increased the priory of gmp plugin, but openssl is loaded at the last. I am thinking whichever is loaded last will override ? * when both plugins have priority = 1 (load = yes) openssl is loaded first and then gmp. Thanks On Sun, Aug 20, 2017 at 8:22 PM, karthik kumar <kumarka

Re: [strongSwan] questions on eap-gtc and xauth

any help on this ? On Thu, Feb 8, 2018 at 8:54 PM, karthik kumar <kumarkarth...@gmail.com> wrote: > Hi, >We are setting up oath based VPN connection with pam_oath > > I have setup in my local with the Xauth config something like this > > reponder > leftaut

[strongSwan] osx Sierra ikev2 connection successful but no traffic

Hi, I have successful connection from my Sierra Mac using strongswan-5.6.1 to our vpn server $ sudo ipsec up vpn Password: initiating IKE_SA vpn[2] to *...* *installing 10.245.250.251 as DNS server* *installing 10.245.250.227 as DNS server* *installing new virtual IP 10.244.15.1*

Re: [strongSwan] Pre-shared secret and digital certificate simultaneously

You can have server (responder) authenticate itself using certificate and client (initiator) authenticate using PSK something like this, client leftauth=secret rightauth=pubkey server leftauth=pubkey rightauth=secret Yes you put both the entries in ipsec.secrets : RSA : PSK

[strongSwan] questions on eap-gtc and xauth

Hi, We are setting up oath based VPN connection with pam_oath I have setup in my local with the Xauth config something like this reponder leftauth=pubkey rightauth=pubkey rightauth2=xauth-pam initiator leftauth=pubkey rightauth=pubkey leftauth2=xauth xauth=client xauth_identity= and it

Re: [strongSwan] osx Sierra ikev2 connection successful but no traffic

Thanks for your response. I did fix that by changing to 0.0.0.0/0 .. On Thu, Feb 15, 2018 at 2:50 PM, Tobias Brunner wrote: > Hi Karthik, > > > CHILD_SA vpn{2} established with SPIs c13091e4_i c869298c_o and TS > 10.244.15.1/32 === 0.0.0.0/32 > > This remote traffic

[strongSwan] REKEYING, IKEv1, forever

Hi, I am setting up route based VPN, the service starts up and VPN tunnel is created I have add=route and it should have setup the trap and automatically up'd the tunnel, (i am running a ping) not sure why it didn't do *initiating Main Mode IKE_SA Tunnel1[1] to * *generating ID_PROT

[strongSwan] 2 factor in mac os x with native ikev2

Hi, Is it possible to do two factor authentication with Mac OS X's IKEv2 native client ? As far as I searched, a) with strongswan client in osx its possible with eap-gtc and pam + oath but native client leftauth is always eap-mschapv2 (also confirmed here

Re: [strongSwan] 2 factor in mac os x with native ikev2

gt; wrote: > Hi Karthik, > > see below > > On 3/4/18 1:23 PM, karthik kumar wrote: > > Hi, >Is it possible to do two factor authentication with Mac OS X's IKEv2 > native client ? As far as I searched, > > a) with strongswan client in osx its possible with ea