Hi all,
I am having trouble interpreting the plugins of libhydra, specifically
understanding the interfaces which communicate with kernel.
Scenario:* using SS client for IKEv2.*
Web link below indicates that by default 'kernel-netlink' of libhydra will
be loaded by default for communicating
Hello All,
I was trying to use strongswan to setup up multiple IKEv2 tunnels
simultaneously.
Can Strongswan 5.x software handle simultaneous IKEv2 connections to
different end point or Gateways.
i.,e UE1 connecting to Gateway1, UE1 connecting to GW2.
Can both requests be processed by 5.x
Dear All,
I have one query. Does strongswan android plugin at location
'strongswan/src/libcharon/plugins/android' support simultaneous
handling of connection requests..
i.e Application A writes to the control socket on which android plugin
listens to.
Application B writes to the
Dear all,
I have a query,
Does charon daemon used as a client capable of including just IPv6
address/IPv6 DNS in the conf payload , in the IKE_AUTH message sent to the
ePDG. ?
eg. in the CP payload I want to include
IPv6: fec3::/120 in the CP..
What is the configuration parameter to
Dear All,
I am trying to do IKEv2 EAP Username/password authentication between
Dec 22 11:44:59 samsung-600
Client: Strongswan Android google play apk
Server: Strongswan server runningon my linux machine
Connection is failing with
*charon: 11[IKE] no shared key found for '10.0.0.35' -
Dear Noel,
I was able to make some progress after setting the leftauth to pubkey.
I generated the certificates using the procedure outlined in the link.
Now I am running into the issue where gateway sends the last IKE_AUTH
message with IP address. Then UE sends back AUTH failed. On looking
=13483749014r=1w=2
Now my strongswan Android App is connnected to my gateway.
Thanks much for your quick support.
Regards,
Ravikanth
On Mon, Dec 22, 2014 at 2:12 PM, Ravi Kanth Vanapalli
vvnrk.vanapa...@gmail.com wrote:
Dear Noel,
I was able to make some progress after setting
Dear All,
Please let us know if Strongswan Android play store app uses which of the
following plugins
for socket writing.
socket_default_plugin or socket_dynamic_plugin.
I was trying to understand the data path and ran into this issue where
there were two plugins to write information out.
Dear all,
I am having query regarding libhydra in android apk source code.
As I understand, strongswan uses libipsec library for SA ,management ,
encryption and decryption.
What is the need to include libhydra in the Android.mk file
as below
LOCAL_SHARED_LIBRARIES := libstrongswan libhydra
Dear All,
I already have compiled Android sources.
https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClientBuild
I am trying to write a new plugin to strongswan libcharon.
Added the code to libcharon/plugins/newplugincode
When I do an ndk-build, for some reason, it is not
Dear all,
I am trying to include the plugin eap_aka_3gpp2 into the strongswan ndk
build and I am facing the following error.
*Error*
Dear all,
I have a question regarding the role of using HA plugin when installing
the IKE_SA keys.
As I observe from the code once IKE_SA_INIT negotiation complets.
process_r and 'build_r' which inturn calls 'derive_keys'
derive_keys calls 'charon-bus-ike_keys' on the charon bus.
The
Dear All,
Is there any option in strongswan android apk sources which we can make,
to use linux ip xfrm instead of using libipsec for encryption and
decryption.
Reason I ask this question is I want to run strongswan android apk as a
system app in my build system and the app would have
Dear Martin Willi,
Thank you for clarifying this.
Reason I asked this is I see some code in derive_keys() function in file
ike_init.c
if (!this-keymat-derive_ike_keys(this-keymat, this-proposal, this-dh,
nonce_i, nonce_r, id, prf_alg, skd))
{
return FALSE;
}
charon-bus-ike_keys(charon-bus,
Dear All,
Does Strongswan Android market app support sending NON_FIRST_FRAGMENTS_ALSO
in the first IKE_AUTH message to the gateway.
Also I have a query regarding this attribute NON_FIRST_FRAGMENTS_ALSO
RFC 5996 reads below
The NON_FIRST_FRAGMENTS_ALSO notification is used for fragmentation
Dear Martin,
In case of Strongswan Android Market App, the IP address assignment, MTU
setting to the ipsec0 interface is handled Android framework VPN JNI
module.This will be after the IKE_SA and Child_SA is setup.
Could you please give more details, how the configuration setup happens
in the
Dear Dev Group,
What is the need for activate the TASK_IKE_CONFIG before
TASK_CHILD_CREATE.
As I see from the code TASK_IKE_CONFIG assigns the IP addresses to the
virtual interface.
Could we activate this task after TASK_CHILD_CREATE is complete. What
would be the side effects if we
Hi,
I wanted to know if Strongswan supports routing rule modification
through means of IKE Informational requests after the IKE tunnel has been
setup.
eg scenario is
i) UE completed IKE_SA_INIT exchange with gateway.
ii) UE completed IKE_AUTH exchange with gateway.
iii) IKE tunnel is setup
Hi,
I have one query regarding the use of openssl plugin.
I want to write an android plugin which makes use of strongswan openssl
plugin more specifically I was looking to use
'openssl_rsa_private_key_load' in openssl.
>From the link below
I am using the latest strongswan version 5.5.0
On Wed, Oct 5, 2016 at 4:07 PM, Ravi Kanth Vanapalli <
vvnrk.vanapa...@gmail.com> wrote:
> Hi all,
> I am trying to use TLS to setup a connection to a gateway
> programmatically.
>
>
Hi all,
I have a situation wherein I need to alter the IDi slightly before the
EAP-TLS authentication proceeds. I.e IDi in the first IKE_AUTH message
should be different to IDi to be used for user private key lookup in the
EAP-TLS user authentication.
I see that the API 'eap_tls_create_peer' is
I am having multiple interfaces on my device.All with active internet
connection. We have the possibility of using source routing to route the
packets over any interface. Default route is also present
In this context I have two questions.
1) When routing packets towards the ipsec gateway, how
In this current scenario, we are using libipsec module and not kernel
libipsec.
Also MOBIKE is enabled.
Thanks,
Ravikanth
On Thu, Nov 10, 2016 at 8:00 AM, Ravi Kanth Vanapalli <
vvnrk.vanapa...@gmail.com> wrote:
> I am having multiple interfaces on my device.All with active
Hi,
I am using EAP-TLS authentication.
Tried to load the private key using the function below
METHOD(charonservice_t, get_user_key, private_key_t*,
private_charonservice_t *this, public_key_t *pubkey)
{
private_key_t *key;
char path[512]="/system/etc/user1_private.der";
key =
Also what is the role of the pubkey in the API below
android_private_key_create(jobject key, public_key_t *pubkey) ??
how does the call to the API
lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, BUILD_FROM_FILE,
path, BUILD_END);
offset the role of the pubkey as described in the
Hi,
Server has issued a self signed certificated for the UE. UE is supposed
to share this cert via EAP-TLS authentication when server requests a
certificate
Server has shared the private key to the UE via secure means. This
signature is used for for signature verification in EAP-TLS
d packet: from 192.168.0.2[4500] to 10.1.0.10[4500] (160
> bytes)
> 13[ENC] parsed INFORMATIONAL response 3 [ N(NATD_S_IP) N(NATD_D_IP)
> N(COOKIE2) ]
>
> Regards
>
> Andreas
>
> On 16.11.2016 15:54, Ravi Kanth Vanapalli wrote:
> > Hi,
> >
> >I wanted to kn
27 matches
Mail list logo