[Swan-commit] Changes to ref refs/heads/master

New commits: commit 385e23f53d45cc1f659b0eb69510295e6f6c4aa1 Author: Tuomo Soini Date: Fri Apr 27 00:46:03 2018 +0300 ipsec checknss: add option --settruts to reset CA trusts in nss db Add ipsec_checknss.8 man page Cleanup ipsec.8 man page Cleanup

Re: [Swan] Is it possible to not be strict with rightid?

On Thu, 26 Apr 2018, Xinwei Hong wrote: Currently, 'rightid' is default to 'left'. However, a lot of time the remote peer software cannot send out correct rightid (e.g. internal private IP was used). When we were using racoon, racoon seems to be more tolerant and works OK when rightid

[Swan-commit] Changes to ref refs/heads/master

New commits: commit 0e001907f876d7f0a358ba358b51b5fa2165be51 Author: Andrew Cagney Date: Wed Apr 25 16:23:09 2018 -0400 testing: merge ikev2-algo-13-null and ikev2-algo-esp-null-01 creating ikev2-algo-13-esp-null Tests overlapped.

[Swan-commit] Changes to ref refs/heads/master

New commits: commit a9f7b8f6873c5d5de30d19a2c49cce85b8aa46db Author: Andrew Cagney Date: Thu Apr 26 14:32:40 2018 -0400 ikev2: fix debug-log line comparing remote and local proposals Some sets were misnamed. ___

[Swan-commit] Changes to ref refs/heads/master

New commits: commit eeb904911244a51f1a27407dae6067d40f0d1eba Author: Andrew Cagney Date: Thu Apr 26 14:19:47 2018 -0400 ikev2: update comments/debug-logs to refer to 'NONE' integrity instead of 'NULL' 'NONE' is the name used by the RFC.

[Swan-commit] Changes to ref refs/heads/master

New commits: commit b5bea5c05ec77de5d19776017a15f7eb7121f1cb Author: Andrew Cagney Date: Thu Apr 26 14:11:58 2018 -0400 ikev2: drop ..._local_... from a proposal struct ___ Swan-commit mailing list Swan-commit@lists.libreswan.org

[Swan] Is it possible to not be strict with rightid?

Hi, Currently, 'rightid' is default to 'left'. However, a lot of time the remote peer software cannot send out correct rightid (e.g. internal private IP was used). When we were using racoon, racoon seems to be more tolerant and works OK when rightid mismatches. With pluto, we would have to

[Swan-commit] Changes to ref refs/heads/master

New commits: commit 8b94a464d3cf36be66c6f04a01d3943e828a3581 Author: Andrew Cagney Date: Wed Apr 25 16:07:44 2018 -0400 testing: kev2-algo-14-esp-null-aes-gmac -> ikev2-algo-14-esp-null_auth_aes_gmac-none Describe, in gory detail, the name of the algorithm being

Re: [Swan] left/rightsubnets option

Great! Thanks. /Erik On 2018-04-26 05:10, Paul Wouters wrote: On Tue, 24 Apr 2018, Erik Andersson wrote:  (have also tried rightsubnets={192.168.110.0/24 50.50.50.0/24})  Yields the following error in the pluto.log file:  Apr 23 12:42:48.546899: address family inconsistency in this/that  

Re: [Swan] StrongSwan connectivity problems IKEv2 (Android/Linux)

Tried to add IP to certificate, now the line about it disappeared from logs, although, nothing else happened. Logs from connecting Android or Linux devices are pretty similar: packet from 188.233.186.70:56030: roadwarriors IKE proposals for initial responder: