[strongSwan] Dublicated SA

2020-02-27 Thread korsar...@gmail.com
Hello, I am using IPSec in transport mode to connect my networks. My settings: ipsec.conf conn %default auto=add left=1.1.1.1 ike=aes256gcm16-sha2_256-ecp521,aes256-sha1-sha2_256-modp1024-ecp521 esp=aes256gcm16-ecp521,aes256ctr-sha2_256-ecp521 rekey=no

[strongSwan] Dublicated SA

2020-03-03 Thread korsar...@gmail.com
Hello, I am using IPSec in transport mode to connect my networks. My settings: ipsec.conf conn %default auto=add left=1.1.1.1 ike=aes256gcm16-sha2_256-ecp521,aes256-sha1-sha2_256-modp1024-ecp521 esp=aes256gcm16-ecp521,aes256ctr-sha2_256-ecp521 rekey=no

[strongSwan] EAP-PEAP

2020-01-24 Thread korsar...@gmail.com
Hi, I try to connect strongswan client on Ubuntu 18.04 to the strongswan server using EAP-PEAP on Windows Network Policy Server, but it doesn't work. Windows clients connect fine. Server logs: charon: 11[CFG] RADIUS Access-Request timed out after 4 attempts charon: 11[IKE] EAP method

Re: [strongSwan] IKEv2 and MacOS roadwarrior

2020-01-15 Thread korsar...@gmail.com
I re-created server certificate using --subject-alt-name="IP:123.123.123.123" and now MacOS clients connect well. Thank you, Tobias! Tobias Brunner писал(а) в своём письме Tue, 14 Jan 2020 17:50:34 +0200: Hi, How I can change leftid for strongswan? It always CN=123.123.123.123 no

[strongSwan] IKEv2 and MacOS roadwarrior

2020-01-14 Thread korsar...@gmail.com
Hi, my strongswan config leftid="CN=123.123.123.123" leftauth=pubkey leftcert=123.123.123.123.crt leftsendcert=always right=%any rightid=%any rightauth=eap-radius eap_identity=%any rightdns=8.8.8.8,8.8.4.4 rightsourceip=10.71.0.0/16 rightsendcert=never type=tunnel When

Re: [strongSwan] IKEv2 and MacOS roadwarrior

2020-01-14 Thread korsar...@gmail.com
How I can change leftid for strongswan? It always CN=123.123.123.123 no matter what I configure in ipsec.conf, even leftid=%any doesn't work. swanctl -L: IKEv2-tunnel: IKEv2, no reauthentication, no rekeying, dpd delay 30s local: 123.123.123.123 remote: %any local public key

Re: [strongSwan] IKEv2 and MacOS roadwarrior

2020-01-14 Thread korsar...@gmail.com
Sorry, wrong IP, log says charon: 06[CFG] looking for peer configs matching 123.123.123.123[CN=123.123.123.123]...192.168.0.232[192.168.0.232] charon: 06[CFG] no matching peer config found korsar...@gmail.com писал(а) в своём письме Tue, 14 Jan 2020 16:55:34 +0200: Hi, my strongswan

[strongSwan] EAP-PEAP Ubuntu 20.04

2020-05-15 Thread korsar...@gmail.com
Hello, I cant connect from Ubuntu 20.04 using network-manager-strongswan, there is no more support for eap-peap(I cant see configuration file at /etc/strongswan.d/charon/). I have libcharon-extra-plugins installed. On Ubuntu 18.04 everything works fine.

[strongSwan] Multiple connections with the same policy

2020-05-28 Thread korsar...@gmail.com
Hello, I have 2 endpoints with 2 IP addresses on the each side. I established 2 connections between them with the same policy to make failover with main and backup link. Incoming traffic goes through one link but outgoing through the another one. This should not be a problem but it is It