Am 29.04.2017 um 14:19 schrieb Antony Antony:
On Sat, Apr 29, 2017 at 01:16:01PM +0200, Muenz, Michael wrote:
Hi,
I tried to build a deb with the latest source, but I got many errors that
some includes can not be found (e.g. /usr/include/nss/pk11pub.h)
The files are included with #include and
Hi,
I just followed the howto on
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2
but on the last command ipsec "import debian.p12" I get a:
Enter password for PKCS12 file:
pk12util: PKCS12 IMPORT SUCCESSFUL
certutil: Could not find cert: NOC CA
: PR_FILE_NOT_FOUND_ERROR: F
Hi,
I tried to build a deb with the latest source, but I got many errors
that some includes can not be found (e.g. /usr/include/nss/pk11pub.h)
The files are included with #include and I have to add
#include
Isn't there a way to check the linux version with an IF in order to
change the path
Am 28.02.2017 um 08:17 schrieb Bob Miller:
Hello Gurus,
I have an existing libreswan-sonicwall vpn in place, now there is a
3rd location going in it is has a cisco asa firewall. I have been
working with the tech at the other end, we are stuck at the beginning
of phase2. or I am, the other e
Am 20.05.2016 um 11:20 schrieb Muenz, Michael:
Am 13.05.2016 um 21:52 schrieb Paul Wouters:
Hi,
A lot of people have been asking us about VTI support for route-based
VPN. We have an initial developer release ready to test that
feature. Additionally, this VTI feature allows you to have an
Am 13.05.2016 um 21:52 schrieb Paul Wouters:
Hi,
A lot of people have been asking us about VTI support for route-based
VPN. We have an initial developer release ready to test that
feature. Additionally, this VTI feature allows you to have an ipsec0
interface like KLIPS would give you, where you
Am 17.03.2015 um 10:27 schrieb Antonio Scattolini:
Netkey (protostack=netkey) has:
Pluto listening for IKE on udp 500 [OK]
Pluto listening for IKE/NAT-T on udp 4500 [OK]
Klips (protostack=klips) has:
Pluto listening for IKE on udp 500 [FA
Am 15.03.2015 um 15:50 schrieb Antonio Scattolini:
Hi, I have Debian Jessie, uname -a gives:
Linux fw 3.16.0-4-686-pae #1 SMP Debian 3.16.7-ckt7-1 (2015-03-01) i686
GNU/Linux
When you have a fresh Jessie just follow this guide:
http://www.routerperformance.net/howtos/install-libreswan-on-debian
Am 12.01.2015 um 10:46 schrieb Muenz, Michael:
Am 09.01.2015 um 17:28 schrieb Paul Wouters:
So using phase2alg=aes_gcm128-null will be interesting. It might get you
a little closer to 1Gbps provided you are CPU bound. If it remains at
902 Mbit/s your CPU is not your limiting factor.
Here
Am 09.01.2015 um 17:28 schrieb Paul Wouters:
So using phase2alg=aes_gcm128-null will be interesting. It might get you
a little closer to 1Gbps provided you are CPU bound. If it remains at
902 Mbit/s your CPU is not your limiting factor.
Here are my results with 9000 (1GBit IF) AES128GCM-NULL:
Am 09.01.2015 um 14:21 schrieb Michael Schwartzkopff:
Am Freitag, 9. Januar 2015, 14:08:03 schrieb Muenz, Michael:
Hey,
for a small project I have 2 Nexcom NSA3150 appliances here and did some
performance testing.
Thought you would be interested in too.
The setup is 2 boxes with a L3 Cataylst
Am 09.01.2015 um 14:55 schrieb Paul Wouters:
I'd be interested in the esp= algos listed on the above libreswan page.
Note that some of those algorithms are not available for KLIPS.
So in this test it was:
ike=aes256-sha1;modp2048
phase2alg=aes256-sha1;modp2048
I'll play around
Hey,
for a small project I have 2 Nexcom NSA3150 appliances here and did some
performance testing.
Thought you would be interested in too.
The setup is 2 boxes with a L3 Cataylst between doing the routing.
Behind the Firewalls 2 PC's. On every system Debian 8 is installed.
Libreswan 3.12 is
Am 11.09.2014 um 14:05 schrieb Lennart Sorensen:
If there are any benefits to klips I don't know what they are.
Hopefully our developer friends will fill us in on that.
How about tcpdump? Troubleshooting with netkey is a complete mess.
And since this is my daily business I won't switch to netk
Am 05.09.2014 um 09:57 schrieb Tuomo Soini:
Took me some time to find out what was the problem because this
change was submitted by debian user. Some investigation revealed
that we didn't commit exactly what was provided as a patch and the
change we did was not working with mawk while it worked
Am 03.09.2014 um 21:44 schrieb Paul Wouters:
could you add -u -v and -e to the initscript and see if you can pinpoint
the problem?
initsystems/sysvinit/init.debian.in has not been changed, so I suspect
something was updated in the debian/ directory.
Paul
bash -x /usr/local/libexec/ipsec/_sta
Hey guys,
just installed 3.10 on a fresh Debian 7.
When starting ipsec via init script I get:
awk: line 5: syntax error at or near
but ipsec comes up.
Best regards
Michael
--
www.muenz-it.de
- Cisco, Linux, Networks
___
Swan mailing list
Swan@lists
Am 11.12.2013 00:34, schrieb The Libreswan Project:
KLIPS was fixed to no longer crash in ipsec_xmit_ipip() on certain
recent Linux kernels and now supports kernels up to 3.11. It can be
used on kernels with support for namespaces.
Compiles and works like a charm without any patching with Deb
18 matches
Mail list logo