Thanks again for all your help. This worked perfectly.
Matt Hymowitz, CISSP Manager GMP Networks, LLC 520 577-3891 ________________________________________ From: Andreas Steffen [[email protected]] Sent: Friday, November 11, 2011 7:56 AM To: Matthew F. Hymowitz Cc: [email protected] Subject: Re: [strongSwan] IKEV2 windows 2008 r2 Hi Matt, in my opinion the subjectDistinguished Name contained in the server certificate should be the rightid: rightid="CN=verrado.aaronline.com" Regards Andreas On 09.11.2011 04:56, Matthew F. Hymowitz wrote: > Andreas > > Got it working. I needed to add rightsubnet=192.168.1.0/24 to the > connection. I still have a question about removing rightid=%any > > Thanks again for all your help. > > > Matt Hymowitz, CISSP > Manager > GMP Networks, LLC > 520 577-3891 > ________________________________________ > From: Matthew F. Hymowitz > Sent: Tuesday, November 08, 2011 6:00 PM > To: Andreas Steffen > Cc: [email protected] > Subject: RE: [strongSwan] IKEV2 windows 2008 r2 > > Hi Andreas > > With your expert help, I am now able to establish a connection between my two > sites. From my ubuntu box I am to ping 192.168.1.45, which I think is my > local VPN adapter. I can not, however, ping 192.168.1.43 which I think is > the windows PPP adaptor. I do not see any entries for 192.168.1.x when I do > a netstat -r (should I?). I also can not ping anything else on the > 192.168.1.x network. > > > I greatly appreciate all the help you providing me. Thank you again. > > > > sudo ipsec statusall shows the following: > > > Status of IKEv2 charon daemon (strongSwan 4.5.3): > uptime: 16 minutes, since Nov 08 17:33:32 2011 > malloc: sbrk 270336, mmap 0, used 154064, free 116272 > worker threads: 9 of 16 idle, 6/1/0/0 working, job queue: 0/0/0/0, > scheduled: 3 > loaded plugins: aes des sha1 sha2 md4 md5 random x509 constraints pubkey > pkcs1 pgp pem fips-prf gmp xcbc hmac attr kernel-netlink resolve > socket-default stroke updown eap-identity eap-mschapv2 > Listening IP addresses: > 10.0.0.106 > Connections: > net-net: 10.0.0.106...66.238.30.124 > net-net: local: [10.0.0.106] uses EAP_MSCHAPV2 authentication with > EAP identity 'matt' > net-net: remote: [%any] uses public key authentication > net-net: child: dynamic === dynamic TUNNEL > Security Associations (1 up, 0 connecting): > net-net[1]: ESTABLISHED 16 minutes ago, > 10.0.0.106[10.0.0.106]...66.238.30.124[CN=verrado.aaronline.com] > net-net[1]: IKE SPIs: d970b6f80746b929_i* 0b2a24b30601e1e3_r, EAP > reauthentication in 39 minutes > net-net[1]: IKE proposal: 3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 > > > > > Also I had to add an %any for rightid, it says it is looking for verrado's ip > address when I put that in there it still complains. Not sure what the > rightid should really be. > > > Here is my current config ( i did change ip addresses on the ubunutu machine > since the last config I sent you). > > # /etc/ipsec.conf - strongSwan IPsec configuration file > config setup > crlcheckinterval=0s > strictcrlpolicy=no > plutostart=no > nat_traversal=yes > charonstart=yes > conn %default > ikelifetime=60m > keylife=20m > rekeymargin=3m > keyingtries=1 > keyexchange=ikev2 > mobike=no > forceencaps=yes > conn net-net > left=10.0.0.106 > leftsourceip=%config > leftfirewall=yes > leftauth=eap-mschapv2 > eap_identity=matt > right=verrado.aaronline.com > rightid=%any > rightauth=pubkey > auto=add > ca carefree-aaronline-ca > cacert=/usr/local/etc/ipsec.d/cacerts/aaronline.carefree.cert > > > > > Here is the log file > > 00[DMN] Starting IKEv2 charon daemon (strongSwan 4.5.3) > 00[KNL] listening on interfaces: > 00[KNL] eth0 > 00[KNL] 10.0.0.106 > 00[KNL] fe80::215:5dff:fe01:6609 > 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts' > 00[CFG] loaded ca certificate "DC=com, DC=aaronline, > CN=aaronline-CAREFREE-CA" from > '/usr/local/etc/ipsec.d/cacerts/aaronline.carefree.cert' > 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts' > 00[CFG] loading ocsp signer certificates from > '/usr/local/etc/ipsec.d/ocspcerts' > 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts' > 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls' > 00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets' > 00[CFG] loaded EAP secret for matt > 00[DMN] loaded plugins: aes des sha1 sha2 md4 md5 random x509 constraints > pubkey pkcs1 pgp pem fips-prf gmp xcbc hmac attr kernel-netlink resolve > socket-default stroke updown eap-identity eap-mschapv2 > 00[JOB] spawning 16 worker threads > 00[DMN] signal of type SIGINT received. Shutting down > 00[DMN] Starting IKEv2 charon daemon (strongSwan 4.5.3) > 00[KNL] listening on interfaces: > 00[KNL] eth0 > 00[KNL] 10.0.0.106 > 00[KNL] fe80::215:5dff:fe01:6609 > 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts' > 00[CFG] loaded ca certificate "DC=com, DC=aaronline, > CN=aaronline-CAREFREE-CA" from > '/usr/local/etc/ipsec.d/cacerts/aaronline.carefree.cert' > 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts' > 00[CFG] loading ocsp signer certificates from > '/usr/local/etc/ipsec.d/ocspcerts' > 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts' > 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls' > 00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets' > 00[CFG] loaded EAP secret for matt > 00[DMN] loaded plugins: aes des sha1 sha2 md4 md5 random x509 constraints > pubkey pkcs1 pgp pem fips-prf gmp xcbc hmac attr kernel-netlink resolve > socket-default stroke updown eap-identity eap-mschapv2 > 00[JOB] spawning 16 worker threads > 00[DMN] signal of type SIGINT received. Shutting down > 00[DMN] Starting IKEv2 charon daemon (strongSwan 4.5.3) > 00[KNL] listening on interfaces: > 00[KNL] eth0 > 00[KNL] 10.0.0.106 > 00[KNL] fe80::215:5dff:fe01:6609 > 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts' > 00[CFG] loaded ca certificate "DC=com, DC=aaronline, > CN=aaronline-CAREFREE-CA" from > '/usr/local/etc/ipsec.d/cacerts/aaronline.carefree.cert' > 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts' > 00[CFG] loading ocsp signer certificates from > '/usr/local/etc/ipsec.d/ocspcerts' > 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts' > 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls' > 00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets' > 00[CFG] loaded EAP secret for matt > 00[DMN] loaded plugins: aes des sha1 sha2 md4 md5 random x509 constraints > pubkey pkcs1 pgp pem fips-prf gmp xcbc hmac attr kernel-netlink resolve > socket-default stroke updown eap-identity eap-mschapv2 > 00[JOB] spawning 16 worker threads > 09[CFG] received stroke: add connection 'net-net' > 09[CFG] added configuration 'net-net' > 11[CFG] received stroke: initiate 'net-net' > 13[IKE] initiating IKE_SA net-net[1] to 66.238.30.124 > 13[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) > ] > 13[NET] sending packet: from 10.0.0.106[500] to 66.238.30.124[500] > 02[IKE] retransmit 1 of request with message ID 0 > 02[NET] sending packet: from 10.0.0.106[500] to 66.238.30.124[500] > 14[IKE] retransmit 2 of request with message ID 0 > 14[NET] sending packet: from 10.0.0.106[500] to 66.238.30.124[500] > 15[NET] received packet: from 66.238.30.124[500] to 10.0.0.106[500] > 15[ENC] parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ] > 15[IKE] peer didn't accept DH group MODP_2048, it requested MODP_1024 > 15[IKE] initiating IKE_SA net-net[1] to 66.238.30.124 > 15[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) > ] > 15[NET] sending packet: from 10.0.0.106[500] to 66.238.30.124[500] > 16[NET] received packet: from 66.238.30.124[500] to 10.0.0.106[500] > 16[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] > 16[IKE] local host is behind NAT, sending keep alives > 16[IKE] remote host is behind NAT > 16[IKE] sending cert request for "DC=com, DC=aaronline, > CN=aaronline-CAREFREE-CA" > 16[IKE] establishing CHILD_SA net-net > 16[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ CP(ADDR > DNS) SA TSi TSr N(EAP_ONLY) ] > 16[NET] sending packet: from 10.0.0.106[4500] to 66.238.30.124[4500] > 01[NET] received packet: from 66.238.30.124[4500] to 10.0.0.106[4500] > 01[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ] > 01[IKE] received end entity cert "CN=verrado.aaronline.com" > 01[CFG] using certificate "CN=verrado.aaronline.com" > 01[CFG] using trusted ca certificate "DC=com, DC=aaronline, > CN=aaronline-CAREFREE-CA" > 01[CFG] reached self-signed root ca with a path length of 0 > 01[IKE] authentication of 'CN=verrado.aaronline.com' with RSA signature > successful > 01[IKE] server requested EAP_IDENTITY (id 0x00), sending 'matt' > 01[ENC] generating IKE_AUTH request 2 [ EAP/RES/ID ] > 01[NET] sending packet: from 10.0.0.106[4500] to 66.238.30.124[4500] > 09[NET] received packet: from 66.238.30.124[4500] to 10.0.0.106[4500] > 09[ENC] parsed IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ] > 09[IKE] server requested EAP_MSCHAPV2 authentication (id 0x01) > 09[ENC] generating IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ] > 09[NET] sending packet: from 10.0.0.106[4500] to 66.238.30.124[4500] > 10[NET] received packet: from 66.238.30.124[4500] to 10.0.0.106[4500] > 10[ENC] parsed IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ] > 10[IKE] EAP-MS-CHAPv2 succeeded: '(null)' > 10[ENC] generating IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ] > 10[NET] sending packet: from 10.0.0.106[4500] to 66.238.30.124[4500] > 12[NET] received packet: from 66.238.30.124[4500] to 10.0.0.106[4500] > 12[ENC] parsed IKE_AUTH response 4 [ EAP/SUCC ] > 12[IKE] EAP method EAP_MSCHAPV2 succeeded, MSK established > 12[IKE] authentication of '10.0.0.106' (myself) with EAP > 12[ENC] generating IKE_AUTH request 5 [ AUTH ] > 12[NET] sending packet: from 10.0.0.106[4500] to 66.238.30.124[4500] > 13[NET] received packet: from 66.238.30.124[4500] to 10.0.0.106[4500] > 13[ENC] parsed IKE_AUTH response 5 [ AUTH N(MOBIKE_SUP) CP(ADDR DNS DNS) SA > TSi TSr ] > 13[IKE] authentication of 'CN=verrado.aaronline.com' with EAP successful > 13[IKE] IKE_SA net-net[1] established between > 10.0.0.106[10.0.0.106]...66.238.30.124[CN=verrado.aaronline.com] > 13[IKE] scheduling reauthentication in 3335s > 13[IKE] maximum IKE_SA lifetime 3515s > 13[IKE] installing DNS server 192.168.1.3 to /usr/local/etc/resolv.conf > 13[IKE] installing DNS server 192.168.1.5 to /usr/local/etc/resolv.conf > 13[IKE] installing new virtual IP 192.168.1.45 > 13[IKE] CHILD_SA net-net{1} established with SPIs c7f02950_i e7875dae_o and > TS 192.168.1.45/32 === 66.238.30.124/32 > 11[IKE] sending keep alive > 11[NET] sending packet: from 10.0.0.106[4500] to 66.238.30.124[4500] > 13[IKE] sending keep alive > > > Matt Hymowitz, CISSP > Manager > GMP Networks, LLC > 520 577-3891 > ________________________________________ > From: Andreas Steffen [[email protected]] > Sent: Tuesday, November 08, 2011 10:22 AM > To: Matthew F. Hymowitz > Cc: [email protected] > Subject: Re: [strongSwan] IKEV2 windows 2008 r2 > > Hello Matt, > > the Windows Server 2008 r2 expects strongSwan > to request a virtual IP address to be used > as a source address within the IPsec tunnel. > Therefore add this statement: > > leftsourceip=%config > > With a virtual IP address > > leftsubnet=10.0.0.0/24 > > doesn't make much sense, so you'd better > omit the leftsubnet statement. > > Regards > > Andreas > > On 08.11.2011 16:21, Matthew F. Hymowitz wrote: >> Thanks Again for your help Andreas >> >> >> >> >> Here is the current config and non-debug log file: >> >> >> >> -Matt >> >> >> # ipsec.conf - strongSwan IPsec configuration file >> >> config setup >> crlcheckinterval=0s >> strictcrlpolicy=no >> cachecrls=yes >> nat_traversal=yes >> charonstart=yes >> plutostart=no >> >> # Add connections here. >> >> # Sample VPN connections >> >> #conn sample-self-signed >> # left=%defaultroute >> # leftsubnet=10.10.0.0/16 >> # leftcert=selfCert.der >> # leftsendcert=never >> # right=192.168.0.2 >> # rightsubnet=10.2.0.0/16 >> # rightcert=peerCert.der >> # auto=start >> >> conn net-net >> left=10.0.0.90 >> leftsubnet=10.0.0.0/24 >> leftauth=eap-mschapv2 >> eap_identity=matt >> right=verrado.aaronline.com >> rightsubnet=192.168.1.0/24 >> rightauth=pubkey >> keyexchange=ikev2 >> auto=add >> >> ca carefree-aaronline-ca >> cacert=/usr/local/etc/ipsec.d/cacert/aaronline.carefree.cert >> >> >> Nov 8 %f 00[DMN] Starting IKEv2 charon daemon (strongSwan 4.5.3) >> Nov 8 %f 00[KNL] listening on interfaces: >> Nov 8 %f 00[KNL] eth0 >> Nov 8 %f 00[KNL] 10.0.0.90 >> Nov 8 %f 00[KNL] fe80::215:5dff:fe01:660d >> Nov 8 %f 00[CFG] loading ca certificates from >> '/usr/local/etc/ipsec.d/cacerts' >> Nov 8 %f 00[CFG] loaded ca certificate "DC=com, DC=aaronline, >> CN=aaronline-CAREFREE-CA" from >> '/usr/local/etc/ipsec.d/cacerts/aaronline.carefree.cert' >> Nov 8 %f 00[CFG] loading aa certificates from >> '/usr/local/etc/ipsec.d/aacerts' >> Nov 8 %f 00[CFG] loading ocsp signer certificates from >> '/usr/local/etc/ipsec.d/ocspcerts' >> Nov 8 %f 00[CFG] loading attribute certificates from >> '/usr/local/etc/ipsec.d/acerts' >> Nov 8 %f 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls' >> Nov 8 %f 00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets' >> Nov 8 %f 00[CFG] loaded EAP secret for matt >> Nov 8 %f 00[DMN] loaded plugins: aes des sha1 sha2 md4 md5 random x509 >> constraints pubkey pkcs1 pgp pem fips-prf gmp xcbc hmac attr kernel-netlink >> resolve socket-default stroke updown eap-identity eap-mschapv2 >> Nov 8 %f 00[JOB] spawning 16 worker threads >> Nov 8 %f 10[CFG] crl caching to /usr/local/etc/ipsec.d/crls enabled >> Nov 8 %f 12[CFG] received stroke: add connection 'net-net' >> Nov 8 %f 12[CFG] added configuration 'net-net' >> Nov 8 %f 14[CFG] received stroke: initiate 'net-net' >> Nov 8 %f 03[IKE] initiating IKE_SA net-net[1] to 66.238.30.124 >> Nov 8 %f 03[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) >> N(NATD_D_IP) ] >> Nov 8 %f 03[NET] sending packet: from 10.0.0.90[500] to 66.238.30.124[500] >> Nov 8 %f 16[NET] received packet: from 66.238.30.124[500] to 10.0.0.90[500] >> Nov 8 %f 16[ENC] parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ] >> Nov 8 %f 16[IKE] peer didn't accept DH group MODP_2048, it requested >> MODP_1024 >> Nov 8 %f 16[IKE] initiating IKE_SA net-net[1] to 66.238.30.124 >> Nov 8 %f 16[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) >> N(NATD_D_IP) ] >> Nov 8 %f 16[NET] sending packet: from 10.0.0.90[500] to 66.238.30.124[500] >> Nov 8 %f 02[NET] received packet: from 66.238.30.124[500] to 10.0.0.90[500] >> Nov 8 %f 02[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) >> N(NATD_D_IP) ] >> Nov 8 %f 02[IKE] local host is behind NAT, sending keep alives >> Nov 8 %f 02[IKE] remote host is behind NAT >> Nov 8 %f 02[IKE] sending cert request for "DC=com, DC=aaronline, >> CN=aaronline-CAREFREE-CA" >> Nov 8 %f 02[IKE] establishing CHILD_SA net-net >> Nov 8 %f 02[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) >> CERTREQ IDr SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(EAP_ONLY) ] >> Nov 8 %f 02[NET] sending packet: from 10.0.0.90[4500] to 66.238.30.124[4500] >> Nov 8 %f 01[NET] received packet: from 66.238.30.124[4500] to >> 10.0.0.90[4500] >> Nov 8 %f 01[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ] >> Nov 8 %f 01[IKE] received end entity cert "CN=verrado.aaronline.com" >> Nov 8 %f 01[CFG] using certificate "CN=verrado.aaronline.com" >> Nov 8 %f 01[CFG] using trusted ca certificate "DC=com, DC=aaronline, >> CN=aaronline-CAREFREE-CA" >> Nov 8 %f 01[CFG] reached self-signed root ca with a path length of 0 >> Nov 8 %f 01[IKE] authentication of 'CN=verrado.aaronline.com' with RSA >> signature successful >> Nov 8 %f 01[IKE] server requested EAP_IDENTITY (id 0x00), sending 'matt' >> Nov 8 %f 01[ENC] generating IKE_AUTH request 2 [ EAP/RES/ID ] >> Nov 8 %f 01[NET] sending packet: from 10.0.0.90[4500] to 66.238.30.124[4500] >> Nov 8 %f 10[NET] received packet: from 66.238.30.124[4500] to >> 10.0.0.90[4500] >> Nov 8 %f 10[ENC] parsed IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ] >> Nov 8 %f 10[IKE] server requested EAP_MSCHAPV2 authentication (id 0x01) >> Nov 8 %f 10[ENC] generating IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ] >> Nov 8 %f 10[NET] sending packet: from 10.0.0.90[4500] to 66.238.30.124[4500] >> Nov 8 %f 11[NET] received packet: from 66.238.30.124[4500] to >> 10.0.0.90[4500] >> Nov 8 %f 11[ENC] parsed IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ] >> Nov 8 %f 11[IKE] EAP-MS-CHAPv2 succeeded: '(null)' >> Nov 8 %f 11[ENC] generating IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ] >> Nov 8 %f 11[NET] sending packet: from 10.0.0.90[4500] to 66.238.30.124[4500] >> Nov 8 %f 12[NET] received packet: from 66.238.30.124[4500] to >> 10.0.0.90[4500] >> Nov 8 %f 12[ENC] parsed IKE_AUTH response 4 [ EAP/SUCC ] >> Nov 8 %f 12[IKE] EAP method EAP_MSCHAPV2 succeeded, MSK established >> Nov 8 %f 12[IKE] authentication of '10.0.0.90' (myself) with EAP >> Nov 8 %f 12[ENC] generating IKE_AUTH request 5 [ AUTH ] >> Nov 8 %f 12[NET] sending packet: from 10.0.0.90[4500] to 66.238.30.124[4500] >> Nov 8 %f 10[IKE] retransmit 1 of request with message ID 5 >> Nov 8 %f 10[NET] sending packet: from 10.0.0.90[4500] to 66.238.30.124[4500] >> Nov 8 %f 11[NET] received packet: from 66.238.30.124[4500] to >> 10.0.0.90[4500] >> Nov 8 %f 11[ENC] parsed IKE_AUTH response 5 [ N(FAIL_CP_REQ) ] >> Nov 8 %f 11[IKE] AUTH payload missing >> Nov 8 %f 00[DMN] signal of type SIGINT received. Shutting down >> >> >> >> >> >> >> >> >> >> Matt Hymowitz, CISSP >> Manager >> GMP Networks, LLC >> 520 577-3891 >> ________________________________________ >> From: Andreas Steffen [[email protected]] >> Sent: Monday, November 07, 2011 10:05 PM >> To: Matthew F. Hymowitz >> Cc: [email protected] >> Subject: Re: [strongSwan] IKEV2 windows 2008 r2 >> >> Hi Matt, >> >> yes, the current ipsec.conf file and the log (but please without >> increasing the debug level!!!) would help. >> >> Regards >> >> Andreas >> >> On 11/08/2011 12:21 AM, Matthew F. Hymowitz wrote: >>> Hi Andreas >>> >>> Thanks for your quick response. I made the changes you suggest and >>> reconfigured with the following switches >>> --disable-pluto --disable-revocation --enable-eap-identity >>> --enable-eap-mschapv2 and --enable-md4 >>> >>> I am now getting much further along in the negotiation. I am now failing >>> with the error >>> >>> parsed IKE_AUTH response 5 [ N(FAIL_CP_REQ) ] >>> Auth payload missing >>> >>> >>> The is after I get the message EAP method EAP_MSCHAPV2 succeeded, MSK >>> established. >>> >>> >>> Let me know if you need complete logs, and thanks again for such a quick >>> response. >>> >>> >>> Matt Hymowitz, CISSP >>> Manager >>> GMP Networks, LLC >>> 520 577-3891 ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
