[strongSwan] How can I shutdown the NAT-T feture of IKEv2

Hi Martin, Hi all, I have one question: How can I shutdown the NAT-T feature of IKEv2? As I known, this feature is opened by default in IKEv2. If I want to shutdown this feature, How can I do? By configure some item or must modify code? Best Regards, David

[strongSwan] 答复: How can I shutdown the N AT-T feture of IKEv2

Hi Martin, If I did not select the --enable-NAT-Transport when I compile the strongswan, If NAT-T feature can be shutdown by this above method? Best Regards, David, -邮件原件- 发件人: Martin Willi [mailto:mar...@strongswan.org] 发送时间: 2009年10月26日 17:13 收件人: weiping deng 抄送: 'users' 主题: Re

[strongSwan] 答复: 答复: How can I shutdown the NAT-T feture of IKEv2

Hi Martin, Thank you for your detail information. Best Regards, David -邮件原件- 发件人: Martin Willi [mailto:mar...@strongswan.org] 发送时间: 2009年10月26日 18:10 收件人: weiping deng 抄送: 'users' 主题: Re: 答复: How can I shutdown the NAT-T feture of IKEv2 Hi, If I did not select the --enable-NAT

[strongSwan] High availability issue of IPsec

Hi Martin and Andreas, Hi all, I found the IPsec tunnel will be broken unexpectly after a long time no data pass through it. And I have enabled DPD mechanism in ipsec.conf as followed: Keyingtries=%forever ... dpdaction=clear dpdtimeout=5m dpddelay=10 I only configured DPD on

[strongSwan] 答复: Some Question about the configuration payload

and peer side? Best Regards, David -邮件原件- 发件人: Andreas Steffen [mailto:andreas.stef...@strongswan.org] 发送时间: 2009年9月24日 15:03 收件人: weiping deng 抄送: 'Martin Willi'; users@lists.strongswan.org 主题: Re: Some Question about the configuration payload weiping deng wrote: Hi Both， Excuse me. I

[strongSwan] 答复: Some Question About NAT- T and DPD

: Andreas Steffen 抄送: weiping deng; users@lists.strongswan.org 主题: Re: Some Question About NAT-T and DPD Hi, I'm not sure whether our MOBIKE implementation supports this but Martin will know. Yes, we support the detection of changes in the NAT situation, either using the MOBIKE enabled DPD

[strongSwan] 答复: 答复: question about th e handling of identity payload during t he procedure of EAP-SIM and EAP-AKA

Hi Martin, About the identity payload (http://marc.info/?l=strongswan-usersm=125352578718423w=2), I still have the following questions: 1) Whether the latest version added the identity payload handling code for EAP-AKA is released? 2) In latest version of strongswan, Identity is default-set?

[strongSwan] 答复: 答复: 答复: How to peel off strongswan code for running in an space-stressed ARM

weiping deng 发送时间: 2009年9月18日 20:11 收件人: 'Martin Willi' 抄送: users@lists.strongswan.org 主题: [strongSwan] 答复: 答复: How to peel off strongswan code for running in an space-stressed ARM Hi Martin, reduced from 131M to 67M. But the error still exists. If error code 93 is EPROTONOSUPPORT, I think maybe

[strongSwan] question about the handling of identity payload during the procedure of EAP-SIM and EAP-AKA

Hi Martin, Excuse me. There are two questions about the EAP-SIM and EAP-AKA implementation as followed, please help me, thanks. Q1: In the current implementation of EAP-SIM and EAP-AKA authentication, the payload of IDENTITY REQ was not handled or handled with only attribute ID. Is there a

[strongSwan] 答复: question about the handl ing of identity payload during the proc edure of EAP-SIM and EAP-AKA

development, thank you. Best Regards, David -邮件原件- 发件人: Martin Willi [mailto:mar...@strongswan.org] 发送时间: 2009年9月21日 17:36 收件人: weiping deng 抄送: users@lists.strongswan.org 主题: Re: question about the handling of identity payload during the procedure of EAP-SIM and EAP-AKA Hi

[strongSwan] 答复: About the problem of re ceived netlink error: Resource temporar ily unavailable

or is it a new problem, please help me check, thanks. Best Regards, David -邮件原件- 发件人: Martin Willi [mailto:mar...@strongswan.org] 发送时间: 2009年8月25日 17:09 收件人: weiping deng 主题: Re: About the problem of received netlink error: protocol not supported (93) Hi, Is this patch applied

[strongSwan] question about the EAP-SIM authentication

Hi Martin, Excuse me. I have one question about the EAP-SIM authentication. When I read the code of EAP-SIM authentication, I found RAND was read from triplet.dat rather than received from Server. And I refer to some materials for EAP-SIM authentication, and found RAND is an input parameter

[strongSwan] one question about the Subjectid and SubjectAltName of two peers

Hi Both, I have one question about the SubjectID and SubjectAltName to ask you: Now I want to configure the SubjectID or SubjectAltName automatically while not configure these items manually.. Today, I try the following method: reading the result generated by the

[strongSwan] 答复: about two peers communi cation over IPSec

Hi Roger, You can try the virtual machine; maybe it will resolve your problem. Best Regards, David -邮件原件- 发件人: users-boun...@lists.strongswan.org [mailto:users-boun...@lists.strongswan.org] 代表 Zhang, Long (Roger) 发送时间: 2009年9月8日 22:03 收件人: 'Martin Willi' 抄送: users@lists.strongswan.org

[strongSwan] An issue about the ipsec starter

Hi Martin, Hi Andreas, Hi All, When I set the left=%defaultroute in ipsec.conf and start the ipsec, the following item was always indicated: Starting strongswan 4.3.3 IPsec [starter] ... no default route - cannot cope with %defaultroute!!! # default route not known:

[strongSwan] unable to initiate to %any

Hi Martin, Hi all, When I try to find out the mechanism of virtual IP and initiate the strongswan with the following configuration, but I always got the error indication: unable to initiate to %any. Please give me a clue to trace down this problem , thanks. Configuration of two peers:

[strongSwan] 答复: unable to initiate to % any

: Andreas Steffen [mailto:andreas.stef...@strongswan.org] 发送时间: 2009年8月27日 18:58 收件人: weiping deng 抄送: 'Martin Willi'; users@lists.strongswan.org 主题: Re: [strongSwan] unable to initiate to %any Hi David, with right=%any you cannot actively initiate a connection as an initiator since the peer's IP

[strongSwan] 答复: 答复: unable to initia te to %any

, is there a plan for supporting this? Best Regards, David -邮件原件- 发件人: users-boun...@lists.strongswan.org [mailto:users-boun...@lists.strongswan.org] 代表 weiping deng 发送时间: 2009年8月28日 10:24 收件人: 'Andreas Steffen' 抄送: users@lists.strongswan.org 主题: [strongSwan] 答复: unable to initiate to %any Hi

[strongSwan] [strongswan] -- probem on EAP-AKA authentication case

Hi all, When I verifying the test case: ikev2/rw-eap-aka-rsa, I encountered the following error: ~~~ Parsed IKE_AUTH response 1 [IDr CERT AUTH EAP] ….. Server requested EAP_AKA authentication Received

[strongSwan] 答复: [strongswan] -- probem on EAP-AKA authentication case

After checked all the procedure of EAP-AKA, it seems that the AK calculated from F5(...) is not equal in two peers. So who can give me some clue for this problem? Please help, thanx! -邮件原件- 发件人: users-boun...@lists.strongswan.org [mailto:users-boun...@lists.strongswan.org] 代表 weiping deng

[strongSwan] : help --- can not insmod esp4.ko

Hi all, When I want to run strongswan on the basis of NETKEY, I encountered the following problem. Please help to check. Thanks! Issue description: = Linux Kernel: 2.6.18 Selected module: 1) user configuration interface 2) PF_key sockets 3) Advanced router 4) Policy

[strongSwan] [help]: please help to find the root cause of Authentication_failed problem, thanx!

Hi All, I am trying to use certificates to authenticate strongswan peers. I followed the steps mentioned in configuration documentation of strongswan to generate CA and end entity certificates using openssl. After all certificates have been created, I ipsec start in two hosts and ipsec up