Hi,
In the logging output of IKE exchanges, the terms
[ HASH CPRQ(X_USER X_PWD) ]
[ HASH CPRP(X_USER X_PWD) ]
are often encountered.
What does CPRQ and CPRP stand for, please? Is there a dictionary of strongSwan
abbreviations somewhere?
TIA,
Brian
__
Hi Brian,
CPRQ stands for Configuration Payload Request and
CPRP for Configuration Payload Response.
The following link defines the long and short form for the various
IKE payloads:
https://github.com/strongswan/strongswan/blob/master/src/libcharon/encoding/payloads/payload.c
and here the same
I set up a IKEv2 server which works fine with clients from Europe.
A connection from China fails, log of an unsuccessful attempt is at the end
of this email.
And please excuse me if the log is too long, it is the first time I set up
such an environment (one week ago).
Can I do some changes at the
Hi,
From my personal experience it looks like the other party did not send back a
certificate as requested by this host, or the packet got lost on the network.
IKE packets can be as large as 3,000 bytes, and China's Internet is known to
have Path MTU "black holes" [1].
Please try ECDSA certifi
On 13.10.2016 13:01, Oliver Söder wrote:
> Oct 10 14:54:16 Ubuntu-1604-xenial-64-minimal charon: 01[NET] sending packet:
> from 172.31.1.100[500] to 114.219.152.248[56667] (337 bytes)
> Oct 10 14:54:16 Ubuntu-1604-xenial-64-minimal charon: 10[NET] sending packet:
> from 172.31.1.100[500] to 114.2
Hi,
I´m using a strongswan-5.4.0-2.el7.x86_64 on a CentOS 7. I´m trying to build a
VPN connection with the following proposals:
ike: RSA, DH20, AES256/SHA-2
esp: DH-14, AES256/SHA-2
I`ve tried it with this:
ike=aes256-sha256-ecp384
esp=aes256-sha256-modp2048
but its not working. WHich would be
On 13.10.2016 17:28, fatcha...@gmx.de wrote:
> Hi,
>
> I´m using a strongswan-5.4.0-2.el7.x86_64 on a CentOS 7. I´m trying to build
> a VPN connection with the following proposals:
> ike: RSA, DH20, AES256/SHA-2
> esp: DH-14, AES256/SHA-2
>
> I`ve tried it with this:
> ike=aes256-sha256-ecp384
> Gesendet: Donnerstag, 13. Oktober 2016 um 17:32 Uhr
> Von: "Noel Kuntze"
> An: fatcha...@gmx.de, "Users strongswan"
> Betreff: Re: [strongSwan] Problem: strongswan 5.4 with sha2
>
> On 13.10.2016 17:28, fatcha...@gmx.de wrote:
> > Hi,
> >
> > I´m using a strongswan-5.4.0-2.el7.x86_64 on a Ce
On 13.10.2016 17:40, fatcha...@gmx.de wrote:
> conn siteA
> left=my IP
> leftsubnet=my Subnet
> leftid=my IP
> right=site A IP
> rightsubnet=site A subnet
> rightid=site A ip
> authby=secret
> auto=start
> ikelifetime=28800s
>