Re: [strongSwan] From OpenSWAN PubKey to StrongSWAN - Other side is Checkpoiint FW1

Luca Arzeni Mon, 07 Aug 2017 07:23:39 -0700

Hi Noel,
thanks for your help.
I've set a Debian 9 pc, so I am now using Strongswan 5.5.1-4 as you
suggested. I cannot get 5.5.3 since is not available under debian. As a
bonus, now my linux kernel is 4.9.0-3.


This are my ipsec.conf (I followed your hints and semplified whatever I
could) and charon_debug.log:

=== ipsec.conf  ======================

config setup
# strictcrlpolicy=yes
# uniqueids = no

conn home
    ikelifetime=60m
    keylife=20m
    rekeymargin=3m
    keyingtries=1
    keyexchange=ikev1
#
leftcert=my_crt.pem
leftsourceip=192.168.145.128 # CP-known client IP
leftfirewall=yes
#
right=CP_FW_IP
rightid=CP_FW_IP
rightsubnet= 192.168.2.0/24, 192.168.3.0/24
rightcert=cp_fw_crt.pem
#
auto=start

=== charon_debug.log ======================

Mon, 2017-08-07 15:57 00[DMN] Starting IKE charon daemon (strongSwan 5.5.1,
Linux 4.9.0-3-amd64, x86_64)
Mon, 2017-08-07 15:57 00[LIB] plugin 'test-vectors': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'ldap': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'pkcs11': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'aesni': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'aes': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'rc2': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'sha2': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'sha1': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'md5': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'rdrand': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] detected RDRAND support, enabled
Mon, 2017-08-07 15:57 00[LIB] plugin 'random': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'nonce': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'x509': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'revocation': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'constraints': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'pubkey': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'pkcs1': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'pkcs7': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'pkcs8': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'pkcs12': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'pgp': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'dnskey': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'sshkey': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'pem': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'openssl': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'gcrypt': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'af-alg': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'fips-prf': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'gmp': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'agent': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'xcbc': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'cmac': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'hmac': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'ctr': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'ccm': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'gcm': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'curl': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'attr': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'kernel-netlink': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'resolve': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'socket-default': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'connmark': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'farp': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'stroke': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'updown': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'eap-identity': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'eap-aka': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'eap-md5': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'eap-gtc': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'eap-mschapv2': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'eap-radius': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'eap-tls': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'eap-ttls': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'eap-tnc': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'xauth-generic': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'xauth-eap': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'xauth-pam': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'tnc-tnccs': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'dhcp': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'ha': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'lookip': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'error-notify': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'certexpire': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'led': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'addrblock': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] plugin 'unity': loaded successfully
Mon, 2017-08-07 15:57 00[LIB] feature PUBKEY:DSA in plugin 'pem' has unmet
dependency: PUBKEY:DSA
Mon, 2017-08-07 15:57 00[LIB] feature PRIVKEY:DSA in plugin 'pem' has unmet
dependency: PRIVKEY:DSA
Mon, 2017-08-07 15:57 00[LIB] feature PRIVKEY:BLISS in plugin 'pem' has
unmet dependency: PRIVKEY:BLISS
Mon, 2017-08-07 15:57 00[LIB] feature CERT_DECODE:OCSP_REQUEST in plugin
'pem' has unmet dependency: CERT_DECODE:OCSP_REQUEST
Mon, 2017-08-07 15:57 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_224
in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_224
Mon, 2017-08-07 15:57 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_256
in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_256
Mon, 2017-08-07 15:57 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_384
in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_384
Mon, 2017-08-07 15:57 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_512
in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_512
Mon, 2017-08-07 15:57 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_224
in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_224
Mon, 2017-08-07 15:57 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_256
in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_256
Mon, 2017-08-07 15:57 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_384
in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_384
Mon, 2017-08-07 15:57 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_512
in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_512
Mon, 2017-08-07 15:57 00[CFG] loading ca certificates from
'/etc/ipsec.d/cacerts'
Mon, 2017-08-07 15:57 00[CFG]   loaded ca certificate "O=my_ca" from
'/etc/ipsec.d/cacerts/ca_crt.pem'
Mon, 2017-08-07 15:57 00[CFG] loading aa certificates from
'/etc/ipsec.d/aacerts'
Mon, 2017-08-07 15:57 00[CFG] loading ocsp signer certificates from
'/etc/ipsec.d/ocspcerts'
Mon, 2017-08-07 15:57 00[CFG] loading attribute certificates from
'/etc/ipsec.d/acerts'
Mon, 2017-08-07 15:57 00[CFG] loading crls from '/etc/ipsec.d/crls'
Mon, 2017-08-07 15:57 00[CFG] loading secrets from '/etc/ipsec.secrets'
Mon, 2017-08-07 15:57 00[CFG]   loaded RSA private key from
'/etc/ipsec.d/private/my_key.der'
Mon, 2017-08-07 15:57 00[CFG] loaded 0 RADIUS server configurations
Mon, 2017-08-07 15:57 00[CFG] HA config misses local/remote address
Mon, 2017-08-07 15:57 00[LIB] feature CUSTOM:ha in plugin 'ha' failed to
load
Mon, 2017-08-07 15:57 00[LIB] unloading plugin 'ha' without loaded features
Mon, 2017-08-07 15:57 00[LIB] loaded plugins: charon test-vectors ldap
pkcs11 aesni aes rc2 sha2 sha1 md5 rdrand random nonce x509 revocation
constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl
gcrypt af-alg fips-prf gmp agent xcbc cmac hmac ctr ccm gcm curl attr
kernel-netlink resolve socket-default connmark farp stroke updown
eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls
eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam tnc-tnccs dhcp lookip
error-notify certexpire led addrblock unity
Mon, 2017-08-07 15:57 00[LIB] unable to load 13 plugin features (12 due to
unmet dependencies)
Mon, 2017-08-07 15:57 00[LIB] dropped capabilities, running as uid 0, gid 0
Mon, 2017-08-07 15:57 00[JOB] spawning 16 worker threads
Mon, 2017-08-07 15:57 01[LIB] created thread 01 [2935]
Mon, 2017-08-07 15:57 02[LIB] created thread 02 [2936]
Mon, 2017-08-07 15:57 03[LIB] created thread 03 [2937]
Mon, 2017-08-07 15:57 04[LIB] created thread 04 [2938]
Mon, 2017-08-07 15:57 05[LIB] created thread 05 [2939]
Mon, 2017-08-07 15:57 06[LIB] created thread 06 [2940]
Mon, 2017-08-07 15:57 07[LIB] created thread 07 [2941]
Mon, 2017-08-07 15:57 08[LIB] created thread 08 [2942]
Mon, 2017-08-07 15:57 09[LIB] created thread 09 [2943]
Mon, 2017-08-07 15:57 10[LIB] created thread 10 [2944]
Mon, 2017-08-07 15:57 11[LIB] created thread 11 [2945]
Mon, 2017-08-07 15:57 12[LIB] created thread 12 [2946]
Mon, 2017-08-07 15:57 13[LIB] created thread 13 [2947]
Mon, 2017-08-07 15:57 14[LIB] created thread 14 [2948]
Mon, 2017-08-07 15:57 15[LIB] created thread 15 [2949]
Mon, 2017-08-07 15:57 16[LIB] created thread 16 [2950]
Mon, 2017-08-07 15:57 07[CFG] received stroke: add connection 'home'
Mon, 2017-08-07 15:57 07[CFG] conn home
Mon, 2017-08-07 15:57 07[CFG]   left=%any
Mon, 2017-08-07 15:57 07[CFG]   leftsourceip=192.168.145.128
Mon, 2017-08-07 15:57 07[CFG]   leftcert=my_crt.pem
Mon, 2017-08-07 15:57 07[CFG]   leftupdown=ipsec _updown iptables
Mon, 2017-08-07 15:57 07[CFG]   right=CP_FW_IP
Mon, 2017-08-07 15:57 07[CFG]   rightsubnet=192.168.2.0/24, 192.168.3.0/24
Mon, 2017-08-07 15:57 07[CFG]   rightid=CP_FW_IP
Mon, 2017-08-07 15:57 07[CFG]   rightcert=cp_fw_crt.pem
Mon, 2017-08-07 15:57 07[CFG]   ike=aes128-sha256-modp3072
Mon, 2017-08-07 15:57 07[CFG]   esp=aes128-sha256
Mon, 2017-08-07 15:57 07[CFG]   dpddelay=30
Mon, 2017-08-07 15:57 07[CFG]   dpdtimeout=150
Mon, 2017-08-07 15:57 07[CFG]   mediation=no
Mon, 2017-08-07 15:57 07[CFG]   keyexchange=ikev1
Mon, 2017-08-07 15:57 07[CFG]   loaded certificate "O=my_ca, OU=users,
CN=my_name" from 'my_crt.pem'
Mon, 2017-08-07 15:57 07[CFG]   id '%any' not confirmed by certificate,
defaulting to 'O=my_ca, OU=users, CN=my_name'
Mon, 2017-08-07 15:57 07[CFG]   loaded certificate "O=my_ca, OU=users,
CN=cp_fw_cert" from 'cp_fw_crt.pem'
Mon, 2017-08-07 15:57 07[CFG] added configuration 'home'
Mon, 2017-08-07 15:57 08[CFG] received stroke: initiate 'home'
Mon, 2017-08-07 15:57 08[IKE] <home|1> queueing ISAKMP_VENDOR task
Mon, 2017-08-07 15:57 08[IKE] <home|1> queueing ISAKMP_CERT_PRE task
Mon, 2017-08-07 15:57 08[IKE] <home|1> queueing MAIN_MODE task
Mon, 2017-08-07 15:57 08[IKE] <home|1> queueing ISAKMP_CERT_POST task
Mon, 2017-08-07 15:57 08[IKE] <home|1> queueing ISAKMP_NATD task
Mon, 2017-08-07 15:57 08[IKE] <home|1> queueing QUICK_MODE task
Mon, 2017-08-07 15:57 08[IKE] <home|1> activating new tasks
Mon, 2017-08-07 15:57 08[IKE] <home|1>   activating ISAKMP_VENDOR task
Mon, 2017-08-07 15:57 08[IKE] <home|1>   activating ISAKMP_CERT_PRE task
Mon, 2017-08-07 15:57 08[IKE] <home|1>   activating MAIN_MODE task
Mon, 2017-08-07 15:57 08[IKE] <home|1>   activating ISAKMP_CERT_POST task
Mon, 2017-08-07 15:57 08[IKE] <home|1>   activating ISAKMP_NATD task
Mon, 2017-08-07 15:57 08[IKE] <home|1> sending XAuth vendor ID
Mon, 2017-08-07 15:57 08[IKE] <home|1> sending DPD vendor ID
Mon, 2017-08-07 15:57 08[IKE] <home|1> sending FRAGMENTATION vendor ID
Mon, 2017-08-07 15:57 08[IKE] <home|1> sending NAT-T (RFC 3947) vendor ID
Mon, 2017-08-07 15:57 08[IKE] <home|1> sending
draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Mon, 2017-08-07 15:57 08[IKE] <home|1> initiating Main Mode IKE_SA home[1]
to CP_FW_IP
Mon, 2017-08-07 15:57 08[IKE] <home|1> IKE_SA home[1] state change: CREATED
=> CONNECTING
Mon, 2017-08-07 15:57 08[CFG] <home|1> configured proposals:
IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072,
IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/CAMELLIA_CTR_128/CAMELLIA_CTR_192/CAMELLIA_CTR_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/HMAC_MD5_96/HMAC_SHA1_96/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_2048_256/MODP_1024,
IKE:AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CAMELLIA_CCM_16_128/CAMELLIA_CCM_16_192/CAMELLIA_CCM_16_256/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/CAMELLIA_CCM_8_128/CAMELLIA_CCM_8_192/CAMELLIA_CCM_8_256/CAMELLIA_CCM_12_128/CAMELLIA_CCM_12_192/CAMELLIA_CCM_12_256/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_2048_256/MODP_1024
Mon, 2017-08-07 15:57 08[ENC] <home|1> generating ID_PROT request 0 [ SA V
V V V V ]
Mon, 2017-08-07 15:57 08[NET] <home|1> sending packet: from
192.168.1.122[500] to CP_FW_IP[500] (240 bytes)
Mon, 2017-08-07 15:57 10[NET] <home|1> received packet: from CP_FW_IP[500]
to 192.168.1.122[500] (40 bytes)
Mon, 2017-08-07 15:57 10[ENC] <home|1> parsed INFORMATIONAL_V1 request
111406742 [ N(NO_PROP) ]
Mon, 2017-08-07 15:57 10[IKE] <home|1> received NO_PROPOSAL_CHOSEN error
notify
Mon, 2017-08-07 15:57 10[IKE] <home|1> IKE_SA home[1] state change:
CONNECTING => DESTROYING

=======================================

So now the problems seems to be that no proposal is choosen... any hint?

Thanks,
larzeni


On Sat, Aug 5, 2017 at 11:20 AM, Noel Kuntze <
noel.kuntze+strongswan-users-ml@thermi.consulting> wrote:

> Hi,
>
> On 05.08.2017 02:27, Luca Arzeni wrote:
> > [...]
> > I'm on a debian jessie 8.0, openswan 2.6.37 and I need to migrate to
> StrongSWAN 5.2.1
> You better get 5.5.3 right away. 5.2.1 is already pretty old.
>
> > [...]
> > ==============================================================
> >
> > Now I'm trying to use StrongSWAN to setup a connection, but I'm not able
> to connect.
> > This is my StrongSWAN ipsec.conf:
> >
> > ==============================================================
> >
> > # ipsec.conf - strongSwan IPsec configuration file
> >
> > config setup
> > # strictcrlpolicy=yes
> > # uniqueids = no
> > charondebug =  dmn 2, mgr 2, ike 2, chd 2, job 0, cfg 2, knl 2, net 2,
> asn 0, enc 0, lib 0, esp 2, tls 2, tnc 2, imc 2, imv 2, pts 2
> Remove that. Use the logger configuration from the HelpRequests[1] page
> instead and pastebin us that, after you made the following changes.
> >
> > conn home
> >         ikelifetime=60m
> >         keylife=20m
> >         rekeymargin=3m
> >         keyingtries=1
> >         keyexchange=ikev1
> > #
> > left=%any
> Remove left. It is unnecessary.
> > leftcert=my_cert.pem
> > leftrsasigkey=%cert
> > leftid="my certificate subject"
> leftrsasigkey and leftid are unnecessary, if not counterproductive.
>
> > #leftauth=pubkey
> >         leftfirewall=yes
> > #
> > leftsourceip=A.B.C.D # CP-known client IP (not necessarily my ip), I
> need to set it because I'm using also a "rightsubnets" list
> > leftsubnet=A.B.C.D/32 # CP-known client IP(not necessarily my ip), I
> need to set it because I'm using also a "rightsubnets" list
> Remove leftsubnet.
> > #
> > rightcert=fwncest_2012-11-07_cert.pem
> > rightrsasigkey=%cert
> Remove rightrsasigkey.
> >         right=X.Y.Z.W (FW1_IP_ADDESS)
> >         rightid=X.Y.Z.W (I cannot use FW cert or other values, I MUST
> use the firewall public IP)
> >         rightsubnet= 192.168.1.0/24 <http://192.168.1.0/24>,
> 192.168.2.0/24 <http://192.168.2.0/24>, ecc...
> >         rightcert=firewall_cert.pem
> >         rightrsasigkey=%cert
> Duplicate settings. Pick one of the certs, remove rightrsasigkey anyway.
> > #
> > auto=start
> Careful: Charon does not try to reestablish IKE_SAs or CHILD_SAs if the
> remote peer deletes them. This behaves differently than openswan.
>
> >         # after establishing the vpn, run these script to allow routes
> from my client to server behind the firevall
> >         #
> >         # /sbin/iptables -t nat -I POSTROUTING -d 192.168.1.0/24 <
> http://192.168.1.0/24> -j SNAT --to my_ip
> >         # /sbin/iptables -t nat -I POSTROUTING -d 192.168.2.0/24 <
> http://192.168.2.0/24> -j SNAT --to my_ip
> >
> > include /var/lib/strongswan/ipsec.conf.inc
> Remove the include.
>
> > ============================================================
> ===============
> >
> > But this setup is not working.
>
> Provide all the information from the HelpRequests[1] page, please.
>
> Kind regards
>
> Noel
>
> [1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests
>
>


-- 
Luca Arzeni

Re: [strongSwan] From OpenSWAN PubKey to StrongSWAN - Other side is Checkpoiint FW1

Reply via email to