Hi,
On Thursday, 15 February 2018 17:37:24 CET Thomas Jarosch wrote:
> Feb 15 17:20:11.324390: "companyserver" #1: Peer ID is ID_DER_ASN1_DN:
> 'CN=firewall.company.com, O=Company, OU=HQ' Feb 15 17:20:11.324416: |
> checking for CERT payloads
> Feb 15 17:20:11.324426: |
Hello together,
I'm currently trying to set up a IKEv1 connection with strongswan 5.6.0 on
Fedora 27.
It uses a local nssdb in /etc/ipsec.d to handle certificates / private keys.
The connection definition loads fine. When I tell the client
to connect, it fails to verify the certificate from the
Hi,
On Thursday, 31. May 2012 17:23:43 Martin Willi wrote:
To exploit the vulnerability, a connection definition using RSA
authentication is required. An attacker presenting a forged signature
and/or certificate can authenticate as any legitimate user. strongSwan
version back to 4.2.0 and up
On Wednesday, 16. May 2012 00:00:55 Clarence wrote:
I've been trying to get My android tablet to connect to the StrongSwan
Server all day today...
I don't know the brand or model of your tablet, but our HTC Sensation phone
in the lab has a software bug and only works via UMTS. IPSEC over WLAN
Hi Kushagra,
there was an issue with XAUTH + Android 4,
see this discussion and patch for the solution:
https://lists.strongswan.org/pipermail/dev/2012-April/000551.html
Thomas
___
Users mailing list
Users@lists.strongswan.org
Hi Martin,
On Friday, 24. February 2012 10:58:54 Martin Willi wrote:
Hm, might make sense in some setups, try the attached patch.
While looking at the patch out of curiosity, I noticed two things
regarding the snprintf() usage:
- If the source string is larger than the destination buffer,
On Thursday, 21. July 2011 15:09:27 Andreas Steffen wrote:
Please be aware that a serious NAT-T bug was fixed in strongSwan
4.5.1 and later versions which in the case of a responder sitting
behind a NAT router, caused the host to answer requests sent on
port 4500 on port 500 instead.
Quick
On Friday, 22. July 2011 09:42:41 Andreas Steffen wrote:
Hello Thomas,
this NAT-T bug affects IKEv2 only.
Thanks for the info.
Thomas
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
On Friday, 16. July 2010 20:43:39 Andreas Steffen wrote:
the debugging level shouldn't have any influence at all with
the establishment of the tunnel.
May be a timing issue? The debug stuff usually slows down things a lot.
Cheers,
Thomas
___
Users
Hello Kalaj,
On Friday, 18. December 2009 10:43:06 Kalaj wrote:
Running IPSEC cisco VPN, is it possible to config UNITY_BANNER string
in config file?
The banner is a fixed define. You have to alter the source for now,
that's what we do here ;)
Cheers,
Thomas
Hello together,
attached is a patch to start charon/pluto only if they were built.
Best regards,
Thomas Jarosch
diff -u -r -p strongswan-4.2.13/src/starter/Makefile.am strongswan.starter/src/starter/Makefile.am
--- strongswan-4.2.13/src/starter/Makefile.am Tue Dec 23 07:24:01 2008
On Tuesday, 2. December 2008 10:05:10 you wrote:
Thanks, applied to [4735].
I slightly modified the patch that this option affects pluto only. I
think it might be somewhat confusing for a user if --disable-threads
completely removes IKEv2 support.
Fine with me. I thought threads are needed
Hello together,
attached patch fixes a small compile error of struct tm not being defined.
Cheers,
Thomas
diff -u -r -p strongswan-4.2.9/src/libstrongswan/utils.c strongswan.include/src/libstrongswan/utils.c
--- strongswan-4.2.9/src/libstrongswan/utils.c 2008-09-17 23:10:35.0 +0200
+++
Hello together,
attached is a patch to make compilation without threads easier.
Cheers,
Thomas
diff -u -r -p strongswan-4.2.9/configure.in strongswan-4.2.9.no_threads/configure.in
--- strongswan-4.2.9/configure.in 2008-11-16 23:34:47.0 +0100
+++ strongswan-4.2.9.no_threads/configure.in
Hello together,
attached is a patch to implement refcount handling
using atomic memory operations if supported by
the compiler (gcc = 4.1) and platform.
It was really tricky to get the configure.in part right
as __sync_fetch_and_add() is defined on i386
but will result in a link error later on.
15 matches
Mail list logo