*** This bug is a duplicate of bug 1535951 ***
https://bugs.launchpad.net/bugs/1535951
This bug was fixed in the package strongswan - 5.3.5-1ubuntu1
---
strongswan (5.3.5-1ubuntu1) xenial; urgency=medium
* debian/{rules,control,libstrongswan-extra-plugins.install}
Enable
*** This bug is a duplicate of bug 1535951 ***
https://bugs.launchpad.net/bugs/1535951
This bug was fixed in the package strongswan - 5.3.5-1ubuntu1
---
strongswan (5.3.5-1ubuntu1) xenial; urgency=medium
* debian/{rules,control,libstrongswan-extra-plugins.install}
Enable
*** This bug is a duplicate of bug 1535951 ***
https://bugs.launchpad.net/bugs/1535951
Marking this bug as a duplicate of LP: #1535951 since Strongswan 5.3.5
should land in Xenial thus addressing the issues mentioned here.
** This bug has been marked a duplicate of bug 1535951
Please
*** This bug is a duplicate of bug 1535951 ***
https://bugs.launchpad.net/bugs/1535951
Marking this bug as a duplicate of LP: #1535951 since Strongswan 5.3.5
should land in Xenial thus addressing the issues mentioned here.
** This bug has been marked a duplicate of bug 1535951
Please
Strongswan 5.3.2 is out now. What would it take to pull it in?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to strongswan in Ubuntu.
https://bugs.launchpad.net/bugs/1451091
Title:
new upstream version 5.2.2
To manage notifications
Strongswan 5.3.2 is out now. What would it take to pull it in?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1451091
Title:
new upstream version 5.2.2
To manage notifications about this bug go to:
Thanks for the example config.
The client will encode the identity as FQDN and the server is forced to
encode it as keyid (the content will be the same but the type is
different). So there won't be a match. Looking at the screenshot I'm not
sure how to configure a FQDN in the pfSense GUI, perhaps
Thanks for the example config.
The client will encode the identity as FQDN and the server is forced to
encode it as keyid (the content will be the same but the type is
different). So there won't be a match. Looking at the screenshot I'm not
sure how to configure a FQDN in the pfSense GUI, perhaps
** Summary changed:
- new upstream version 5.2.1
+ new upstream version 5.2.2
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1451091
Title:
new upstream version 5.2.2
To manage notifications about
** Summary changed:
- new upstream version 5.2.1
+ new upstream version 5.2.2
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to strongswan in Ubuntu.
https://bugs.launchpad.net/bugs/1451091
Title:
new upstream version 5.2.2
To
The current version of Strongswan (5.1.2) does not work with newer versions of
pfSense (Strongswan 5.3.2 based).
When using IPsec IKEv2/PSK the identity type is now prefixed leftid and rightid
for better matching.
The change requires at least Strongswan 5.2.2 but newest upstream is 5.3.2.
The current version of Strongswan (5.1.2) does not work with newer versions of
pfSense (Strongswan 5.3.2 based).
When using IPsec IKEv2/PSK the identity type is now prefixed leftid and rightid
for better matching.
The change requires at least Strongswan 5.2.2 but newest upstream is 5.3.2.
The current version of Strongswan (5.1.2) does not work with newer versions
of pfSense (Strongswan 5.3.2 based).
When using IPsec IKEv2/PSK the identity type is now prefixed leftid and
rightid for better matching.
Hm, could you elaborate on that? For instance, provide example configs?
At a
The current version of Strongswan (5.1.2) does not work with newer versions
of pfSense (Strongswan 5.3.2 based).
When using IPsec IKEv2/PSK the identity type is now prefixed leftid and
rightid for better matching.
Hm, could you elaborate on that? For instance, provide example configs?
At a
When using PSK in pfSense you are required to select identifier type.
Looking at it from a security perspective it seems better to explicit
define identifier type rather then auto detect type.
** Attachment added: pfsense_ipsec_keyid.png
** Attachment added: ipsec_client.conf
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1451091/+attachment/4420799/+files/ipsec_client.conf
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to strongswan in Ubuntu.
** Attachment added: ipsec_server.conf
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1451091/+attachment/4420800/+files/ipsec_server.conf
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Attachment added: ipsec_sever.secrets
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1451091/+attachment/4420802/+files/ipsec_sever.secrets
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to strongswan in Ubuntu.
** Attachment added: ipsec_client.secrets
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1451091/+attachment/4420801/+files/ipsec_client.secrets
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to strongswan in Ubuntu.
I have attached an example configuration where the pfSense server leftid
is configured with keyid:-prefix and therefor in unable to authenticate
an IPsec connection from a client where rightid does not contain
keyid:-prefix.
--
You received this bug notification because you are a member of
** Attachment added: ipsec_sever.secrets
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1451091/+attachment/4420802/+files/ipsec_sever.secrets
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Attachment added: ipsec_client.conf
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1451091/+attachment/4420799/+files/ipsec_client.conf
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I have attached an example configuration where the pfSense server leftid
is configured with keyid:-prefix and therefor in unable to authenticate
an IPsec connection from a client where rightid does not contain
keyid:-prefix.
--
You received this bug notification because you are a member of
** Attachment added: ipsec_server.conf
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1451091/+attachment/4420800/+files/ipsec_server.conf
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to strongswan in Ubuntu.
** Attachment added: ipsec_client.secrets
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1451091/+attachment/4420801/+files/ipsec_client.secrets
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
When using PSK in pfSense you are required to select identifier type.
Looking at it from a security perspective it seems better to explicit
define identifier type rather then auto detect type.
** Attachment added: pfsense_ipsec_keyid.png
26 matches
Mail list logo