Hi, I have strongSwan configured for road warrior use on CentOS 7, roughly following this tutorial https://raymii.org/s/tutorials/IPSEC_vpn_with_CentOS_7.html
I'm using two clients, the strongSwan Android app and the NetworkManager plugin on Fedora 25. It's working nicely for the most part, there's only one issue when using the NetworkManager plugin---I cannot load https://github.com, I'm getting the following message from cURL. $ curl -v https://github.com * Rebuilt URL to: https://github.com/ * Trying 192.30.253.113... * TCP_NODELAY set * Connected to github.com (192.30.253.113) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/ssl/certs/ca-bundle.crt CApath: none * NSS error -5961 (PR_CONNECT_RESET_ERROR) * TCP connection reset by peer * Curl_http_done: called premature == 1 * stopped the pause stream! * Closing connection 0 curl: (35) TCP connection reset by peer I don't see any error messages on the server and I don't think there's anything wrong with my certificates, GitHub works fine when I'm not using the VPN. GitHub works fine on my Android device. So I suspect it's something to do with my client configuration in the NetworkManager plugin. I'm using a self-signed host certificate and "Certificate/private key" for client authentication. I played around with the settings but I'm unable to fix the problem. Has anyone seen a similar problem? What should I do to troubleshoot further? Thanks, Kelong
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
