1) Is there alternative for 'leftfirewall=yes' in the VICI interface to
automatically setup iptables rules?
There is no option for the default updown script, but you may manually
specify ipsec _updown in the CHILD_SA updown configuration option.
Actually, the command equivalent to
Hi Sam,
1) Is there alternative for 'leftfirewall=yes' in the VICI interface to
automatically setup iptables rules?
There is no option for the default updown script, but you may manually
specify ipsec _updown in the CHILD_SA updown configuration option.
2) What is the syntax for loading a
Ok, thanks for the information.
Two final (quick) questions:
1) Is there alternative for 'leftfirewall=yes' in the VICI interface to
automatically setup iptables rules?
2) What is the syntax for loading a secret in via VICI. My current format (
`load_shared({'type': 'xauth', 'data': 'test :
Hi,
Your fix to use the ordered dictionary worked perfectly. Thank you very
much. It is now accepting vpn connections.
Great. I'll check how we can mention that issue in the documentation.
Regarding the `vips` configuration, I thought that it was the replacement
for the `rightsourceip`
Sam,
test: remote: uses XAuth authentication: any
test: remote: [C=US, O=xx, CN=test] uses public key authentication
The order of remote authentication rounds is wrong; XAuth follows public
key, not vice-versa.
As your config tree looks correct, most likely the order of
authentication
Are you using the Python library? I think ruby gets this right, as it is
guaranteed that Hashes enumerate their values in the order that the
corresponding keys were inserted.. Probably not true for Python.
Maybe using collections.OrderedDict to define your tree helps.
Regards
Martin
Hello Martin,
Your fix to use the ordered dictionary worked perfectly. Thank you very
much. It is now accepting vpn connections.
Regarding the `vips` configuration, I thought that it was the replacement
for the `rightsourceip` option in ipsec.conf (obviously I misinterpreted
the documentation).
Hello,
I am trying to translate an old ipsec.conf configuration to using the VICI
interface. My old ipsec.conf configuration that is working completely
normally is this:
config setup
conn %default
keyexchange=ikev1
authby=xauthrsasig
xauth=server
left=%defaultroute
I have not tested the configuration in swanctl.conf yet, but my goal is to
move away from configuration files so I can dynamically add/remove
connections remotely. I will add it in to see if perhaps my dictionary has
a syntax issue.
The output of `ipsec statusall`:
test: %any...%any IKEv1/2
Hi,
I have attempted to create the same configuration using a call to the VICI
with this dictionary:
Have you tried to configure that in swanctl.conf to avoid any problems
with your dictionary? Here such an XAuth configuration works fine when
defined in swanctl.conf.
This keeps returning
10 matches
Mail list logo
