the ip xfrm man page
overwhelming.
[1]
https://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg
Regards,
Brian O'Connor
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
Noel,
I note your last message clearly emphasised that packets from a local process
are processed twice
via the output path of the graphic.
So, for forwarded traffic (as distinct from locally source packets), I
understand the packet to
flow through the mangle and nat postrouting chains twice,
Thank you, Noel.
I am trying to understand how the inner and outer IP headers for tunneled IPsec
packets
are processed by iptables, to help troubleshoot an anomalous situation I found.
I think I have the decryption process clear but was not clear on the iptables
processing for
encrypted
Hello,
The commonly quoted packet flow diagram at [1] does not show where NAT-T is
implemented for
IPsec MOBIKE. Questions are:
1. Where in the diagram is NAT-T de-capsulation performed?
2. Where in the diagram is NAT-T encapsulation performed?
3. Does the NAT-T UDP header have to
Thank you, Andreas.
Is there any way I can display the presently set numerical logging levels (-1
to 4) for the
18 daemon subsystems that can originate log messages, please?
Thanks,
Brian
___
Users mailing list
Users@lists.strongswan.org
Hi,
In the logging output of IKE exchanges, the terms
[ HASH CPRQ(X_USER X_PWD) ]
[ HASH CPRP(X_USER X_PWD) ]
are often encountered.
What does CPRQ and CPRP stand for, please? Is there a dictionary of strongSwan
abbreviations somewhere?
TIA,
Brian
I have the XAuth EAP Plugin enabled in my IPsec VPN responder, along
with a number of eap plugins. I did not build this version of strongSwan
(5.2.1) but downloaded it from a Raspberry Pi repository.
My /etc/ipsec.secrets file contains entries similar to:
Fred : EAP "1234567"
fred :
Hello,
I have recently been doing some tests with an Android tablet version of
strongSwan. It appears that the Android app uses the kernel-libipsec
charon plugin to avoid limitations imposed by the app running in a very
restricted user environment in the tablet. My tablet is not rooted.
What I