Στις Τρί, 8 Ιαν 2019 στις 1:28 μ.μ., ο/η Yves-Alexis Perez <[email protected]> έγραψε: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On Tue, 2019-01-08 at 12:14 +0200, Panagiotis Malakoudis wrote: > > I use ikev2 with certificates from let's encrypt, so they need to be > > verified from a root ca. > > I understand the need, but be aware that that could easily mean that every > Let's encrypt certificate (or in your case every certificate issues by any > root CA shipped in ca-certificates) could authenticate as a client on your > gateway (or the opposite). >
I use certificate for server host validation (with dns name), so I don't think there is a risk in this scenario. Clients authenticate with EAP. > > Already downgraded to 5.7.1-1 and all work > > fine again. Please let me know how to increase logging level for > > charon-nm , I really don't know how. > > I don't use the network-manager plugin but I think the logging directives in > /etc/strongswan.d/charon-logging.conf should apply. > Didn't find anything usefull with increased logging. But after I completely uninstalled strongswan packages and reinstalled the 5.7.2-1 packages from Debian testing, now everything works OK. I can't reproduce the issue. Whatever it was, it is gone. > Regards, > - -- > Yves-Alexis > -----BEGIN PGP SIGNATURE----- > > iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlw0h2IACgkQ3rYcyPpX > RFtpBgf9F4NRaXE+qpQKnqJljwh137PoV7zoRKe9YT4H+UMSC+CwKIlJf8LSTSMT > h1nrXYL0Lbs4z4ByLe2u2k3+YJp+x/+DfFwLvhEu080ar5T8VqicNRdUYBOMyGtr > SOK1xE2UUJ7C27iBZyHwEygMQKFWoQqy/1/EpINx1MzoSLDkCKk9UJzc38loJAQ4 > fXWuAtcMVaeErn6K1Nmmlz0kP0oDYF1pyI6GyInM4U9moFRXMjy5YyEEBJtQaNFN > FpI78F2mAgPYNPe/ZR5NEB/AG6a5UoZvdGrnd9j5g8YPKTamJxPatwxlH0Lo2s/j > CKkgKX5Bo/F776f0D0vSWLKsIJupWQ== > =9UUW > -----END PGP SIGNATURE-----
