Re: [strongSwan] peer cert verification: X509: temporary cert import operation failed

Hi, On Thursday, 15 February 2018 17:37:24 CET Thomas Jarosch wrote: > Feb 15 17:20:11.324390: "companyserver" #1: Peer ID is ID_DER_ASN1_DN: > 'CN=firewall.company.com, O=Company, OU=HQ' Feb 15 17:20:11.324416: | > checking for CERT payloads > Feb 15 17:20:11.324426: |

[strongSwan] peer cert verification: X509: temporary cert import operation failed

Hello together, I'm currently trying to set up a IKEv1 connection with strongswan 5.6.0 on Fedora 27. It uses a local nssdb in /etc/ipsec.d to handle certificates / private keys. The connection definition loads fine. When I tell the client to connect, it fails to verify the certificate from the

Re: [strongSwan] strongSwan RSA signature vulnerability

Hi, On Thursday, 31. May 2012 17:23:43 Martin Willi wrote: To exploit the vulnerability, a connection definition using RSA authentication is required. An attacker presenting a forged signature and/or certificate can authenticate as any legitimate user. strongSwan version back to 4.2.0 and up

Re: [strongSwan] I need a working config for Android (4.0.3) - StrongSwan (4.5.6)

On Wednesday, 16. May 2012 00:00:55 Clarence wrote: I've been trying to get My android tablet to connect to the StrongSwan Server all day today... I don't know the brand or model of your tablet, but our HTC Sensation phone in the lab has a software bug and only works via UMTS. IPSEC over WLAN

Re: [strongSwan] Issue in setting up VPN connection (IKEv1) using android (ICS vpn client) with Strongswan 4.5.0 server

Hi Kushagra, there was an issue with XAUTH + Android 4, see this discussion and patch for the solution: https://lists.strongswan.org/pipermail/dev/2012-April/000551.html Thomas ___ Users mailing list Users@lists.strongswan.org

Re: [strongSwan] Accounting Tickets

Hi Martin, On Friday, 24. February 2012 10:58:54 Martin Willi wrote: Hm, might make sense in some setups, try the attached patch. While looking at the patch out of curiosity, I noticed two things regarding the snprintf() usage: - If the source string is larger than the destination buffer,

Re: [strongSwan] NAT Traversal - Issues in understanding

On Thursday, 21. July 2011 15:09:27 Andreas Steffen wrote: Please be aware that a serious NAT-T bug was fixed in strongSwan 4.5.1 and later versions which in the case of a responder sitting behind a NAT router, caused the host to answer requests sent on port 4500 on port 500 instead. Quick

Re: [strongSwan] NAT Traversal - Issues in understanding

On Friday, 22. July 2011 09:42:41 Andreas Steffen wrote: Hello Thomas, this NAT-T bug affects IKEv2 only. Thanks for the info. Thomas ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] Strongswan in vmware

On Friday, 16. July 2010 20:43:39 Andreas Steffen wrote: the debugging level shouldn't have any influence at all with the establishment of the tunnel. May be a timing issue? The debug stuff usually slows down things a lot. Cheers, Thomas ___ Users

Re: [strongSwan] How to config UNITY_BANNER?

Hello Kalaj, On Friday, 18. December 2009 10:43:06 Kalaj wrote: Running IPSEC cisco VPN, is it possible to config UNITY_BANNER string in config file? The banner is a fixed define. You have to alter the source for now, that's what we do here ;) Cheers, Thomas

[strongSwan] [patch] Start charon/pluto only if they were built

Hello together, attached is a patch to start charon/pluto only if they were built. Best regards, Thomas Jarosch diff -u -r -p strongswan-4.2.13/src/starter/Makefile.am strongswan.starter/src/starter/Makefile.am --- strongswan-4.2.13/src/starter/Makefile.am Tue Dec 23 07:24:01 2008

Re: [strongSwan] [patch] add support for --disable-threads

On Tuesday, 2. December 2008 10:05:10 you wrote: Thanks, applied to [4735]. I slightly modified the patch that this option affects pluto only. I think it might be somewhat confusing for a user if --disable-threads completely removes IKEv2 support. Fine with me. I thought threads are needed

[strongSwan] [patch] add missing include

Hello together, attached patch fixes a small compile error of struct tm not being defined. Cheers, Thomas diff -u -r -p strongswan-4.2.9/src/libstrongswan/utils.c strongswan.include/src/libstrongswan/utils.c --- strongswan-4.2.9/src/libstrongswan/utils.c 2008-09-17 23:10:35.0 +0200 +++

[strongSwan] [patch] add support for --disable-threads

Hello together, attached is a patch to make compilation without threads easier. Cheers, Thomas diff -u -r -p strongswan-4.2.9/configure.in strongswan-4.2.9.no_threads/configure.in --- strongswan-4.2.9/configure.in 2008-11-16 23:34:47.0 +0100 +++ strongswan-4.2.9.no_threads/configure.in

[strongSwan] [patch] refcount handling using atomic memory operations

Hello together, attached is a patch to implement refcount handling using atomic memory operations if supported by the compiler (gcc = 4.1) and platform. It was really tricky to get the configure.in part right as __sync_fetch_and_add() is defined on i386 but will result in a link error later on.