Hi Martin, Hi all,
I have one question:
How can I shutdown the NAT-T feature of IKEv2?
As I known, this feature is opened by default in IKEv2. If I want to
shutdown this feature, How can I do? By configure some item or must modify
code?
Best Regards,
David
Hi Martin,
If I did not select the --enable-NAT-Transport when I compile the
strongswan, If NAT-T feature can be shutdown by this above method?
Best Regards,
David,
-邮件原件-
发件人: Martin Willi [mailto:mar...@strongswan.org]
发送时间: 2009年10月26日 17:13
收件人: weiping deng
抄送: 'users'
主题: Re
Hi Martin,
Thank you for your detail information.
Best Regards,
David
-邮件原件-
发件人: Martin Willi [mailto:mar...@strongswan.org]
发送时间: 2009年10月26日 18:10
收件人: weiping deng
抄送: 'users'
主题: Re: 答复: How can I shutdown the NAT-T feture of IKEv2
Hi,
If I did not select the --enable-NAT
Hi Martin and Andreas, Hi all,
I found the IPsec tunnel will be broken unexpectly after a long time no
data pass through it. And I have enabled DPD mechanism in ipsec.conf as
followed:
Keyingtries=%forever
...
dpdaction=clear
dpdtimeout=5m
dpddelay=10
I only configured DPD on
and peer
side?
Best Regards,
David
-邮件原件-
发件人: Andreas Steffen [mailto:andreas.stef...@strongswan.org]
发送时间: 2009年9月24日 15:03
收件人: weiping deng
抄送: 'Martin Willi'; users@lists.strongswan.org
主题: Re: Some Question about the configuration payload
weiping deng wrote:
Hi Both,
Excuse me. I
: Andreas Steffen
抄送: weiping deng; users@lists.strongswan.org
主题: Re: Some Question About NAT-T and DPD
Hi,
I'm not sure whether our MOBIKE implementation supports this
but Martin will know.
Yes, we support the detection of changes in the NAT situation, either
using the MOBIKE enabled DPD
Hi Martin,
About the identity payload
(http://marc.info/?l=strongswan-usersm=125352578718423w=2), I still have
the following questions:
1) Whether the latest version added the identity payload handling code for
EAP-AKA is released?
2) In latest version of strongswan, Identity is default-set?
weiping deng
发送时间: 2009年9月18日 20:11
收件人: 'Martin Willi'
抄送: users@lists.strongswan.org
主题: [strongSwan] 答复: 答复: How to peel off strongswan code for running
in an space-stressed ARM
Hi Martin,
reduced from 131M to 67M. But the error still exists. If error code 93 is
EPROTONOSUPPORT, I think maybe
Hi Martin,
Excuse me. There are two questions about the EAP-SIM and EAP-AKA
implementation as followed, please help me, thanks.
Q1:
In the current implementation of EAP-SIM and EAP-AKA authentication, the
payload of IDENTITY REQ was not handled or handled with only attribute ID.
Is there a
development, thank you.
Best Regards,
David
-邮件原件-
发件人: Martin Willi [mailto:mar...@strongswan.org]
发送时间: 2009年9月21日 17:36
收件人: weiping deng
抄送: users@lists.strongswan.org
主题: Re: question about the handling of identity payload during the
procedure of EAP-SIM and EAP-AKA
Hi
or is it a new problem, please help me check,
thanks.
Best Regards,
David
-邮件原件-
发件人: Martin Willi [mailto:mar...@strongswan.org]
发送时间: 2009年8月25日 17:09
收件人: weiping deng
主题: Re: About the problem of received netlink error: protocol not
supported (93)
Hi,
Is this patch applied
Hi Martin,
Excuse me. I have one question about the EAP-SIM authentication. When I read
the code of EAP-SIM authentication, I found RAND was read from triplet.dat
rather than received from Server. And I refer to some materials for EAP-SIM
authentication, and found RAND is an input parameter
Hi Both,
I have one question about the SubjectID and SubjectAltName to ask
you:
Now I want to configure the SubjectID or SubjectAltName automatically
while not configure these items manually..
Today, I try the following method: reading the result generated by
the
Hi Roger,
You can try the virtual machine; maybe it will resolve your problem.
Best Regards,
David
-邮件原件-
发件人: users-boun...@lists.strongswan.org
[mailto:users-boun...@lists.strongswan.org] 代表 Zhang, Long (Roger)
发送时间: 2009年9月8日 22:03
收件人: 'Martin Willi'
抄送: users@lists.strongswan.org
Hi Martin, Hi Andreas, Hi All,
When I set the left=%defaultroute in ipsec.conf and start the ipsec, the
following item was always indicated:
Starting strongswan 4.3.3 IPsec [starter] ...
no default route - cannot cope with %defaultroute!!!
# default route not known:
Hi Martin, Hi all,
When I try to find out the mechanism of virtual IP and initiate the
strongswan with the following configuration, but I always got the error
indication: unable to initiate to %any.
Please give me a clue to trace down this problem , thanks.
Configuration of two peers:
: Andreas Steffen [mailto:andreas.stef...@strongswan.org]
发送时间: 2009年8月27日 18:58
收件人: weiping deng
抄送: 'Martin Willi'; users@lists.strongswan.org
主题: Re: [strongSwan] unable to initiate to %any
Hi David,
with right=%any you cannot actively initiate a connection as
an initiator since the peer's IP
, is there
a plan for supporting this?
Best Regards,
David
-邮件原件-
发件人: users-boun...@lists.strongswan.org
[mailto:users-boun...@lists.strongswan.org] 代表 weiping deng
发送时间: 2009年8月28日 10:24
收件人: 'Andreas Steffen'
抄送: users@lists.strongswan.org
主题: [strongSwan] 答复: unable to initiate to %any
Hi
Hi all,
When I verifying the test case: ikev2/rw-eap-aka-rsa, I encountered the
following error:
~~~
Parsed IKE_AUTH response 1 [IDr CERT AUTH EAP]
…..
Server requested EAP_AKA authentication
Received
After checked all the procedure of EAP-AKA, it seems that the AK calculated
from F5(...) is not equal in two peers. So who can give me some clue for
this problem? Please help, thanx!
-邮件原件-
发件人: users-boun...@lists.strongswan.org
[mailto:users-boun...@lists.strongswan.org] 代表 weiping deng
Hi all,
When I want to run strongswan on the basis of NETKEY, I encountered the
following problem. Please help to check. Thanks!
Issue description: =
Linux Kernel: 2.6.18
Selected module:
1) user configuration interface
2) PF_key sockets
3) Advanced router
4) Policy
Hi All,
I am trying to use certificates to authenticate strongswan peers. I followed
the steps mentioned in configuration documentation of strongswan to generate
CA and end entity certificates using openssl. After all certificates have
been created, I ipsec start in two hosts and ipsec up
22 matches
Mail list logo