Thanks Tobias... That clears a lot...
Besides mobike, you mentioned that when exchange is done on 4500 and no
NATT detected.
Strong swan sends ESP as non-UDP encapsulated.
Going by some reference earlier, I recall, even if no NATT detected and
still initiator using port 4500 for Ikev2.
It can be
HI All,
I have a query for scenario mentioned in RFC 4555 Sectoin 3.3.
Any input or reference will be appreciated...
Query is regarding Responder's behavior w.r.t to UDP encapsulation of
Ikev2/ESP when all exchange till IKE_Auth completion is done on port 500...
Details:
*"The addresses are
HI,
My question is more towards IKEv2 standard rather strongswan explicitly.
UDP encasulation is used for NATT traversal in IPsec for both ESP/IKE.
RFC 5996, says even if NATT is not detection sending IKE/ESP on 4500 is
optional but receiving should be handled.
RFC 5666 reference:
*When either
NAT IPv6. But why?
/Ryan
From: Mukesh Yadav write2mukes...@gmail.com
Date: Wednesday, April 15, 2015 at 9:56 AM
To: users@lists.strongswan.org users@lists.strongswan.org
Subject: [strongSwan] Query reg UDP encapsulation for IPv6
HI,
My question is more towards IKEv2 standard rather
HI,
What is behavior when Strong-swan is used for IKE exchange and tunnel end
points are IPv6.
Does it allow/process UDP-encapsulated Ipv6 packets when NATT is not
detected?
Thanks
Mukesh
On 15 April 2015 at 21:46, Mukesh Yadav write2mukes...@gmail.com wrote:
Hi Ryan,
Definitely NAT
HI,
Mail below is for IKEv2 standard, posting on Strong-swan mailer with hope
that may be I can get some pointer...
I have a query regarding encoding of IDi(ASN1DN) in IKE_AUTH payload as per
RFC 5996.
Tried to find online, what encoding mechanism shall be used for IDi(ASN1DN)
format.
Couldn't
Hi,
Need some info on MSK key derivation when strongswan uses EAP-MSCHAPv2
when used in Ikev2.
Any pointer or info will be helpful..
Thanks
Mukesh
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
Hi,
This is question more specifc to Openssl, but being generic scenario posting
this on stongswan if some one can provide info..
Query for Ca-Cert list.
If at gateway we have configured two CA-certs A1 and A2 both having same
subject and content except time-stamp of generation.
If peer sends
Hi,
We have a doubt regarding behavior of Responder during initial tunnel setup
where IKE_AUTH request’s proposal substructure(in SA Payload) does not
contain SPI for child-sa creation.
From RFC 5996 :
*3.3.1* http://tools.ietf.org/search/rfc5996#section-3.3.1*. Proposal
Substructure*
Hi,
Want to know about standard compliance for IPv6 over IKEv2.
RFC 5996 mentions about RFC 5739(IPv6 Configuration in Internet Key
Exchange Protocol Version 2 (IKEv2))
RFC 5739 is experimental as of now...Can this be treated as standard one
for implementation and compliance...
Thanks
Mukesh
Hi,
I want to seek behaviour confirmation on particular scenario of DPD...
If tunnel is created with peer and we send keep-alive message to peer with
msgid as 0.
and peer responds with wrong message ID(lets say 10)...
This happens for X times(configured number of re-tries for DPD)
On receiving
Hi,
I want to install and run strong-swan on Mips Hardware with no GCC.
I approach it as doing cross compile it on some Intel Linux machine
and then installing it on Mips.
Is there way to get the zip(tgz format) image of all the required
binaries/files that we can untar on other hardware,,,
Please
debug or stats mechanism from which I can confirm about the ESP packet
processing result on Linux kernel?
Thanks
Mukesh
On 26/04/2012, Mukesh Yadav write2mukes...@gmail.com wrote:
Thanks Andreas,
That means when I create a encrypted packet using some application, at
other for successful
Hi,
Not able to understand 16 byetes in ESP packet present after sequence
no and before Original IP header while doing tunnel mode Ipsec with
ESP.
Details are as below.
I am trying to achieve Ipsec functionality using fast-path application
which will do encryption/decryption using some
Mukesh,
please be aware that AES in Cipher Block Chaining (CBC) mode inserts
into each ESP packet a 16 byte (128 bit) Initialization Vector (IV)
right after the sequence number and in front of the encrypted payload.
Regards
Andreas
On 26.04.2012 19:29, Mukesh Yadav wrote:
Hi,
Not able
Hi,
I have some basic know-how on IPSEC using Strong swan for IKE on Linux.
I have question about how to use IPSEC on Cavium blade where IKE will done
on Cavium blade with Linux running core and encryption/decryption of packet
will be done on Cavium accelarater's core's designed for IPSEC
Thanks Martin for quick reply..
I have question about how to use IPSEC on Cavium blade where IKE will
done on Cavium blade with Linux running core and encryption/decryption
of packet will be done on Cavium accelarater's core's designed for
IPSEC performance running with simple executive.
17 matches
Mail list logo