[strongSwan] No MD4 hasher available

2011-08-23 Thread Matthew Cini Sarreo
Hello all, I am attempting to use strongSwan 4.5.0 as an IKEv2 client which uses EAP-MSCHAPv2 for authentication. When building from sources I have used the following command: ./configure --enable-md4 --enable-eap-mschapv2 However, during the IKEv2 negotiation I get the following error:

Re: [strongSwan] No MD4 hasher available

2011-08-23 Thread Andreas Steffen
Hello Matt, your configuration steps are all correct, so it's difficult to say what went wrong. Could you change into the src/libstrongswan/plugins/md4 directory and execute make followed by sudo make install and check if 1) any compilation errors occur 2) if libstrongswan-md4.so gets

[strongSwan] TS Unacceptable error !!

2011-08-23 Thread Narendra K A
Hello everyone, I need some help regarding load testing against remote host. I have my strongswan.conf file as said in the below link http://wiki.strongswan.org/projects/strongswan/wiki/LoadTests Right now i am using EAP Authentication, i.e in the strongswan.conf file i have set

Re: [strongSwan] Interoperability testing between strongswan and HPUX-IPSec.

2011-08-23 Thread Andreas Steffen
Hello Murali, it seems that strongSwan was already running. Did you try ipsec restart if the connection is still not known then probably a syntax error occurred in the connection definition. Execute the command ipsec reload and check if any syntax errors are written to the log. Regards

Re: [strongSwan] Automatic Addition/Deletion of Ipsec-Policy-based Firewall Rules

2011-08-23 Thread Andreas Steffen
Hello, define two connections, one restricting the protocol to ssh and the second one to tftp: conn ssh also=hosts leftprotoport=tcp rightprotoport=tcp/ssh auto=add conn tftp also=hosts leftprotoport=udp rightprotoport=udp/tftp conn host left=

[strongSwan] Changes in secrets file handling in 4.4.1

2011-08-23 Thread John Southworth
Hi, We (Vyatta) updated strongswan in our last release to 4.4.1, previously we were using 4.3.2. I'm observing a change in the handling of /etc/ipsec.secrets. In 4.3.2 if a FQDN (not prepended with an '@') was used in the ipsec.secrets file it was resolved to the IP address when the file was

[strongSwan] R_U_THERE_ACK has invalid SPI length (16)

2011-08-23 Thread Nan Luo
Hi, I have seen this error in the pluto debug log secure when testing DPD against my SeGW, I wonder what this error really means. Per RFC3706, the SPI length should be set to 16 in the R_U_THERE/R_U_THERE_ACK messages. So does this error mean something else wrong in the R_U_THERE_ACK sent by

Re: [strongSwan] R_U_THERE_ACK has invalid SPI length (16)

2011-08-23 Thread Andreas Steffen
Hello Nan, the source code in question is if (n-isan_spisize != COOKIE_SIZE * 2 || pbs_left(pbs) COOKIE_SIZE * 2) { loglog(RC_LOG_SERIOUS , DPD: R_U_THERE_ACK has invalid SPI length (%d) , n-isan_spisize);