ntity
ipsec.secrets:
: RSA server.key
user : PSK "test"
user %any% : EAP "test"
Regards
Sven Anders
--
Sven Anders () UTF-8 Ribbon Campaign
/\ Support plain text e-mail
ANDURAS intranet security AG
Mess
bkey
#rightauth2=xauth-pam
#xauth=server
#auto=add
# this requires the eap-radius plugin.
# (for iPhones with IKEv1 and passwords on radius/DC)
#conn ikev1-pubkey-xauth-radius
#also=rw-config
# keyexchange=ikev1
##rightauth=pubkey
#rightauth2=eap-radi
Kuntze:
> Hi,
>
> Try with O2, not O3.
>
> Kind regards
>
> Noel
>
> On 05.06.2018 22:11, Sven Anders wrote:
>> Hello!
>>
>> I'm experiencing a segmentation fault, if I set charondebug = cfg to a value
>> greater than 2.
>> I
own space too.
How can I check in StrongSwan, if a certain EKU exists?
Regards
Sven Anders
--
Sven Anders () UTF-8 Ribbon Campaign
/\ Support plain text e-mail
ANDURAS intranet security AG
Messestrasse 3 - 94036 P
age is a just a list of OIDs and there are no
restrictions I know of, we use this to differentiate between classes of
certificates we issue.
If this isn't supported, how can we use StrongSwan to distinguish between
groups of certificates without using Sub-CAs?
We cannot be the first with this requ
ed self-signed root ca with a path length of 1
8235[IKE] authentication of 'MYNAME@my-group.local' with RSA signature
successful
8235[CFG] constraint requires cert policy 1.3.6.1.5.5.7.3.2
8235[CFG] selected peer config 'ikev2-pubkey' inacceptable: non-matching
authentication done
8
Hello!
I'm using the "attr-sql" plugin to make static user IP assignments.
The database matches the CN in the certificate.
Is it possible to match here case insensitive?
Regards
Sven Anders
--
Sven Anders () UTF-8
nsitive?
Or any other ideas?
Regards
Sven Anders
PS: Sorry for the first wrong posting...
--
Sven Anders () UTF-8 Ribbon Campaign
/\ Support plain text e-mail
ANDURAS intranet security AG
Messestrasse 3 - 94036 Passau
ontained in all certificates
> of the X.509 trust chain. See the following example scenario:
>
> https://www.strongswan.org/testing/testresults5dr/swanctl/rw-ed25519-certpol/
>
> Regards
>
> Andreas
>
> On 20.06.2018 13:41, Sven Anders wrote:
>> Am 20.06.2018 um 10:
actly match that of the column.
>
> Another option is probably to convert the identities to text and store
> and compare them as such, but that would also require several code changes.
>
> Regards,
> Tobias
Thank for the answer!
In other words:
I have to chan
03030... ).
So no chance here, even if I set the data field to "TEXT NOT NULL COLLATE
NOCASE".
But thanks for the tips!
Regards
Sven Anders
--
Sven Anders () UTF-8 Ribbon Campaign
/\ Support plain text e-m
TC 2018, reason: remove from crl
Aug 22 16:01:43 2101120420063 charon: 30400[CFG] using cached crl
Aug 22 16:01:43 2101120420063 charon: 30400[IKE] no trusted RSA public key
found for 'testu...@company.de'
But as you can see here, the user is denied.
What happened here? Is the (d
Am 22.08.2018 um 17:48 schrieb Sven Anders:
> Hello!
>
> We are experiencing two problems when using CRLs.
> Our Linux systems runs strongSwan 5.6.2.
>
>
> 1) Because we want a hourly update of CRLs and the standard CRLs timeout
>is 7 days, we created a cronjob, tha
Hello!
can nobody help me with this issue?
Or isn't the question worth it?
Regards
Sven
Am 27.08.18 um 23:32 schrieb Sven Anders:
> Am 22.08.2018 um 17:48 schrieb Sven Anders:
>> Hello!
>>
>> We are experiencing two problems when using CRLs.
>> Our Lin
.de - Tel: +49 (0)851-4 90 50-0 - Fax: +49 (0)851-4 90 50-55
Rechtsform: Aktiengesellschaft - Sitz: Passau - Amtsgericht: Passau HRB 6032
Mitglieder des Vorstands: Dipl.-Inf. Sven Anders, Dipl.-Inf. Marcus Junker
Vorsitzender des Aufsichtsrats: RA Mark Peters
<>
ar problem, but that changed nothing...
Regards
Sven Anders
---8X-
Here is the configuration:
ipsec.conf:
---
config setup
uniqueids=never
charondebug = ike 2, net 2, pts 2, lib 2, tls 2, cfg 3,
ot;auto=route", which I found in a
>> description
>> of a similar problem, but that changed nothing...
>
> auto=route makes no sense on a gateway for roadwarriors.
Ok, just read about it in another similar problem and this was one idea
to solve it
message do you expect or what should I search for?
>
> For instance, messages around refcount changes of the policies. You can
> also post it somewhere for us to have a look at.
Thank you,
I will send you a link to download it. If anybody want the log output too, to
a
-add dynamic --start 192.168.3.20 --end 192.168.3.254 --timeout 4h
ipsec pool --add static --addresses static.ippool --timeout 0
--
Sven Anders () UTF-8 Ribbon Campaign
/\ Support plain text e-mail
ANDURAS intranet securit
e a simultaneous login
from the iPhone and the iPad.
If this "uniqueness" is only determined by the login username and not
further data (like a mac address or name of the connecting device), I see
that this will not work.
Or do you have any other ideas to make this work?
Regards
tunnel
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0
src ::/0 dst ::/0
socket in priority 0
src ::/0 dst
Do you know a working configuration that I can use as a reference?
> Disabling replay protection does not improve performance.
Ok, I did read about this in some posting, so I tried this too.
Regards
Sven Anders
--
Sven Anders () UTF-8 Ribbon Campaign
22 matches
Mail list logo