[strongSwan] Low-Prio Feature Request libstrongswan plugin twofish

2009-03-12 Thread Dirk Hartmann
Hi, just as in the Subject, I have a low priority feature request. At the moment I try to migrate as many tunnels as possible to IKEv2. It would be nice to use twofish with charon as an alternative to aes for IKEv2. Thanks Dirk ___ Users mailing list

Re: [strongSwan] ipsec IKEv2 host-host

2009-03-12 Thread Dirk Hartmann
Hi --On Friday, March 13, 2009 00:26:21 +0530 abhishek kumar abhishekr...@gmail.com wrote: no matching config found for '192.168.3.4'...'192.168.3.3' just a guess: try switching the left and right in ipsec.conf on sun to: conn host-host left=192.168.3.4 right=192.168.3.3

Re: [strongSwan] Low-Prio Feature Request libstrongswan plugin twofish

2009-03-13 Thread Dirk Hartmann
--On Friday, March 13, 2009 08:53:40 AM +0100 Martin Willi mar...@strongswan.org wrote: The problem is that Twofish is currently not defined in IKEv2 [1] (btw. Blowfish is, and it is supported using the OpenSSL plugin). We would have to implement Twofish as a vendor specific extension. If

Re: [strongSwan] IPsec SA error

2009-03-13 Thread Dirk Hartmann
--On Friday, March 13, 2009 02:25:32 PM +0100 Daniel Mentz danielml+mailinglists.strongs...@sent.com wrote: antonio quisillo wrote: received netlink error: Protocol not supported (93) unable to add SAD entry with SPI c0844b4a unable to install IPsec SA (SAD) in kernel Here's a quote from

Re: [strongSwan] CA

2009-03-16 Thread Dirk Hartmann
--On Sunday, March 15, 2009 09:29:16 AM +0100 Daniel Mentz danielml+mailinglists.strongs...@sent.com wrote: http://sandbox.rulemaker.net/ngps/m2/howto.ca.html I did not check it in detail and there might be better sites. But I think if you mix the information you get from this site with

[strongSwan] W7 eap-mschapv2 with defined ip

2012-08-22 Thread Dirk Hartmann
Hi, I played with a config to connect Win7 clients with EAP-MSCHAPv2 auth: http://wiki.strongswan.org/projects/strongswan/wiki/Win7EapMultipleConfig works so far, but has the drawback that you can't assign a static IPs to a special user. I tried to simply use two connections with: conn

Re: [strongSwan] W7 eap-mschapv2 with defined ip

2012-08-22 Thread Dirk Hartmann
instead of a file name, the addresses are read from STDIN. Reading addresses stops at the end of file or an empty line. Pools created with this command can not be resized. timeout: Lease time in hours, 0 for static leases Best regards Andreas On 22.08.2012 10:09, Dirk Hartmann wrote: Hi

Re: [strongSwan] iOS ipad Config

2012-11-19 Thread Dirk Hartmann
Hi, --On Monday, November 19, 2012 09:59:42 PM -0500 Chris Arnold carn...@electrichendrix.com wrote: strongswan 4.4 i believe and trying to get an ipad with ios 6 to connect to the server. I have this for my ipsec.conf: conn iOS keyexchange=ikev1 authby=xauthrsasig

Re: [strongSwan] Multiple tunnels between two endpoints

2013-01-07 Thread Dirk Hartmann
Hi Ali, --On Monday, January 07, 2013 02:39:55 PM +0330 Ali Masoudi masoudi1...@gmail.com wrote: I have a simple question, and I would be grateful if anyone could answer it. If we want to establish multiple tunnels between two endpoints, is it recommended to use reuse_ikesa = no option in

Re: [strongSwan] Multiple tunnels between two endpoints

2013-01-08 Thread Dirk Hartmann
--On Tuesday, January 08, 2013 11:30:00 AM +0330 Ali Masoudi masoudi1...@gmail.com wrote: Thank you Dirk for your answer, But what about ikev1 connections? I think using multiple subnets in one connection is acceptable in ikev2. If I'm wrong, correct me please. no that is correct. IKEv2

Re: [strongSwan] wiki article iOS

2013-03-15 Thread Dirk Hartmann
set left=212.69.162.156 and right=%any Dirk -- Dirk Hartmann, Heise Zeitschriften Verlag GmbH Co. KG IT-Systemmanagement, Karl-Wiechert-Allee 10, D-30625 Hannover E-Mail: d...@heise.de - Tel.: +49 511 5352 494 - FAX: - 479 PGP-Fingerprint 4153 7C95 3259 C39F 49AA 9BAA 6833 A8DC 6D90 050E

Re: [strongSwan] temporarily disable a road warrior user

2014-02-19 Thread Dirk Hartmann
Hi Karl, --On Tuesday, February 18, 2014 06:24:46 PM +0100 Karl Hiramoto k...@hiramoto.org wrote: I have multiple road warriors with their own certificates. How can I temporarily disable the user, without revoking the certificate, can I do that? I assume you don't have an unique entry

[strongSwan] Small Problems with 5.2

2014-07-10 Thread Dirk Hartmann
Hi, I hit two problems after upgrading to 5.2. System on both sides is a Debian wheezy 64. Strongswan compiled with: [client] ./configure --prefix=/usr --sysconfdir=/etc --enable-blowfish --enable-curl --enable-openssl --disable-ikev1 --enable-ntru [gateway] ./configure --prefix=/usr

Re: [strongSwan] Small Problems with 5.2

2014-07-11 Thread Dirk Hartmann
10.07.2014 15:54, schrieb Dirk Hartmann: Hi, I hit two problems after upgrading to 5.2. System on both sides is a Debian wheezy 64. Strongswan compiled with: [client] ./configure --prefix=/usr --sysconfdir=/etc --enable-blowfish --enable-curl --enable-openssl --disable-ikev1 --enable-ntru [gateway

Re: [strongSwan] Small Problems with 5.2

2014-07-11 Thread Dirk Hartmann
Hi Martin, --On Friday, July 11, 2014 09:52:40 AM +0200 Martin Willi mar...@strongswan.org wrote: 1. I get this error on both systems after upgrade: ipsec_starter[3318]: notifying watcher failed: Broken pipe Hm, interesting, not sure were this broken pipe could come from, nor do I see this

Re: [strongSwan] Small Problems with 5.2

2014-07-11 Thread Dirk Hartmann
Hi Martin, --On Friday, July 11, 2014 02:55:26 PM +0200 Martin Willi mar...@strongswan.org wrote: Thanks for the update. I could reproduce the issue, it happens when starter forks() to the background. I haven't seen that, as starter logs to a different file here. ah yes I use auth.log for

Re: [strongSwan] Small Problems with 5.2

2014-07-15 Thread Dirk Hartmann
Hi Martin, --On Friday, July 11, 2014 03:04:27 PM +0200 Martin Willi mar...@strongswan.org wrote: ipsec_starter[3318]: notifying watcher failed: Broken pipe I got: no trusted RSA public key found for NAME Btw, I don't think these two issues are directly related. While asynchronous IPC

Re: [strongSwan] Small Problems with 5.2

2014-07-15 Thread Dirk Hartmann
Hi Martin, --On Tuesday, July 15, 2014 11:24:04 AM +0200 Martin Willi mar...@strongswan.org wrote: was there a change in 5.2 about charon asking for the certificate of the peer? I can establish a connection when I add leftsendcert=yes to the configuration of my roadwarrior. None that I'm

Re: [strongSwan] Small Problems with 5.2

2014-07-15 Thread Dirk Hartmann
Hi Martin, --On Tuesday, July 15, 2014 01:52:45 PM +0200 Martin Willi mar...@strongswan.org wrote: With this connection active it doesn't matter if I set rightsendcert to ifasked or yes in the default section or the specific connection section of my linux roadwarrior. I can't connect

Re: [strongSwan] Small Problems with 5.2

2014-07-16 Thread Dirk Hartmann
Hi Tobias, --On Wednesday, July 16, 2014 10:48:30 AM +0200 Tobias Brunner tob...@strongswan.org wrote: Not sure why the behavior changed between 5.1.3 and 5.2.0 in this regard; likely that it is related to the replaced ipsec.conf parser. It's probably the new parser. Checking the logs on

Re: [strongSwan] charon says "DH group MODP_1024 inacceptable, requesting MODP_1536"

2015-10-28 Thread Dirk Hartmann
--On Wednesday, October 28, 2015 05:18:28 PM +0800 Rayson Zhu wrote: yes, but only if you don't use high encryption. so sad. On Wed, Oct 28, 2015 at 4:56 PM, Roger Skjetlein wrote: I found out that this combination works with of the devices

Re: [strongSwan] road worrior IP - can it also be used by services/daemons to listen onto?

2017-11-10 Thread Dirk Hartmann
Hi, --On Friday, November 10, 2017 02:21:09 PM + lejeczek wrote: I've a working roadwarrior which links up to a server(not mine, meaning - no control over it) and I wonder - can that IP my roadworrior gets other things use? From that other(server) end, the network

Re: [strongSwan] road worrior IP - can it also be used by services/daemons to listen onto?

2017-11-10 Thread Dirk Hartmann
--On 10. November 2017 at 15:20:40 + lejeczek <pelj...@yahoo.co.uk> wrote: On 10/11/17 14:34, Dirk Hartmann wrote: Hi, > > --On Friday, November 10, 2017 02:21:09 PM + lejeczek > <pelj...@yahoo.co.uk> wrote: > >> I've a working roadwarrior which

Re: [strongSwan] Windows gives error 13868: Policy match error but Linux connect works

2018-05-04 Thread Dirk Hartmann
stants SHA256128 -CipherTransformConstants AES256 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup Group14 -PassThru -Force jupp sorry, copy/paste on a wrap <http://www.naimuri.com/> On 4 May 2018, at 07:47, Dirk Hartmann <d...@heise.de> wrote: Set-VPN

Re: [strongSwan] Windows gives error 13868: Policy match error but Linux connect works

2018-05-04 Thread Dirk Hartmann
--On Friday, May 04, 2018 04:53:29 PM +1200 flyingrhino wrote: Hi, Just to keep a complete record of this for other people who may search the list archive for this solution: The solution was to create a windows registry key: Path:

Re: [strongSwan] strongswan.tar.gz issue

2018-02-01 Thread Dirk Hartmann
Hi, --On Friday, February 02, 2018 06:35:54 AM + "Kalyani Garigipati (kagarigi)" wrote: I have downloaded strongswan.tar.gz file from strongswan website, but when I have extracted it, I found that the Makefile is missing in the folder. Did anyone encounter this issue

[strongSwan] Migrating to a new ca

2018-02-21 Thread Dirk Hartmann
Hi, after many years with our old certification authority for strongswan I'm planning to migrate to a new one with more modern crypto. To make it as painless as possible for the end users I plan on adding a second ca and a matching second server certificate to our installation. Over time I

Re: [strongSwan] Migrating to swanctl.conf

2018-02-22 Thread Dirk Hartmann
Hi Thomas, --On Thursday, February 22, 2018 10:47:00 AM +0100 Thomas Egerer <hakke_...@gmx.de> wrote: On 02/22/2018 10:33 AM, Dirk Hartmann wrote: Hi, so the other migration I'm planning is to move to swanctl.conf/VICI-Plugin. As it is possible to run both plugins stroke an

[strongSwan] Migrating to swanctl.conf

2018-02-22 Thread Dirk Hartmann
Hi, so the other migration I'm planning is to move to swanctl.conf/VICI-Plugin. As it is possible to run both plugins stroke and VICI at the same time at the same server, is this a good idea? It would definitely ease the migration if I could simply migrate our approximately 250

Re: [strongSwan] Migrating to a new ca

2018-02-22 Thread Dirk Hartmann
Hi Tobias, --On Thursday, February 22, 2018 10:54:37 AM +0100 Tobias Brunner wrote: Is it possible to add a second connection definition that is identical but has conn win2018eapmschap leftcert=serverCert2018.pem leftid="C=DE, O=OUR COMPANY,