Re: [strongSwan] How to use letsencrypt certificate in swanctl?

2019-02-01 Thread Derek Cameron 
I got StrongSwan working with Let’s Encrypt. It’s a good idea, since it
makes the client work with no extra software or certificates to install.
Here’s my documentation of the method I used:
https://dc77312.wordpress.com/2019/02/01/strongswan-with-lets-encrypt-ssl-certificate-for-server/

Derek.

On Fri, Feb 1, 2019 at 5:40 AM, Glen Huang  wrote:

> I’m trying to use the certificate generated by letsencrypt for my ikev2
> vpn, and I use swanctl.conf
>
> I copied either cert.pem or fullchain.pem to swanctl/x509 as cert.pem, and
> specify certs.pem to local.certs. When starting charon, it fails with
>
> loading ‘/path/to/cert.pem’ failed: parsing X509 certificate failed
>
> It seems swanctl doesn’t directly support the certificate generated
> by letsencrypt? Is it possible to convert manually?
>
> Another quick question, if I name the pem file as mydomain.com.pem, charon
> fails with invalid syntax for certs, and it also fails with the same reason
> if I put it in a subfolder in x509 and specify mydomain.com/cert.pem to
> certs. Does that main cert file shouldn’t contain more than two dots in the
> file name? And subfolder isn’t supported?
>
> Thanks a lot.
>

[strongSwan] How to use letsencrypt certificate in swanctl?

2019-02-01 Thread Glen Huang 
I’m trying to use the certificate generated by letsencrypt for my ikev2 vpn, 
and I use swanctl.conf

I copied either cert.pem or fullchain.pem to swanctl/x509 as cert.pem, and 
specify certs.pem to local.certs. When starting charon, it fails with

loading ‘/path/to/cert.pem’ failed: parsing X509 certificate failed

It seems swanctl doesn’t directly support the certificate generated by 
letsencrypt? Is it possible to convert manually?

Another quick question, if I name the pem file as mydomain.com.pem, charon 
fails with invalid syntax for certs, and it also fails with the same reason if 
I put it in a subfolder in x509 and specify mydomain.com/cert.pem 
 to certs. Does that main cert file shouldn’t 
contain more than two dots in the file name? And subfolder isn’t supported?

Thanks a lot.

[strongSwan] VPN with dynamic routing

2019-02-01 Thread Michael Schwartzkopff 
Hi,

In some projects the problem of dynamic routing in combination with VPN
came up.


I went to my lab and found a solution with route based VPN and BGP. The
software I used was strongSwan and bird for BGP.


If you are interested you can find the documentation

VPN part: https://blog.sys4.de/routing-based-vpn-with-strongswan-de.html

BGP part: https://blog.sys4.de/routing-based-vpn-with-strongswan-ii-de.html


Please mail me for any feedback. Thanks.


Mit freundlichen Grüßen,

-- 

[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein




signature.asc
Description: OpenPGP digital signature

Re: [strongSwan] Strongswan 5.7.2 test suite with 6 tests failed

2019-02-01 Thread Tobias Brunner 
Hi Peter,

> Is there a wiki or instruction for this?

See [1].

> make-testing had:
> [FAIL] Connecting image to NBD device /dev/nbd0
> 
> build-strongswan had:
> Root image /home/user/builddirmaster/build/images/root.qcow2 not found

No idea, never seen either message.  Perhaps something with the config
or the permissions is messed up.

Regards,
Tobias

[1] https://wiki.strongswan.org/projects/strongswan/wiki/TestingEnvironment