*** This bug is a duplicate of bug 1535951 ***
https://bugs.launchpad.net/bugs/1535951
This bug was fixed in the package strongswan - 5.3.5-1ubuntu1
---
strongswan (5.3.5-1ubuntu1) xenial; urgency=medium
* debian/{rules,control,libstrongswan-extra-plugins.install}
Enable bl
*** This bug is a duplicate of bug 1535951 ***
https://bugs.launchpad.net/bugs/1535951
Marking this bug as a duplicate of LP: #1535951 since Strongswan 5.3.5
should land in Xenial thus addressing the issues mentioned here.
** This bug has been marked a duplicate of bug 1535951
Please merge
Strongswan 5.3.2 is out now. What would it take to pull it in?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to strongswan in Ubuntu.
https://bugs.launchpad.net/bugs/1451091
Title:
new upstream version 5.2.2
To manage notifications a
Thanks for the example config.
The client will encode the identity as FQDN and the server is forced to
encode it as keyid (the content will be the same but the type is
different). So there won't be a match. Looking at the screenshot I'm not
sure how to configure a FQDN in the pfSense GUI, perhaps
** Attachment added: "ipsec_server.conf"
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1451091/+attachment/4420800/+files/ipsec_server.conf
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to strongswan in Ubuntu.
https://bu
I have attached an example configuration where the pfSense server leftid
is configured with keyid:-prefix and therefor in unable to authenticate
an IPsec connection from a client where rightid does not contain
keyid:-prefix.
--
You received this bug notification because you are a member of Ubuntu
** Attachment added: "ipsec_sever.secrets"
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1451091/+attachment/4420802/+files/ipsec_sever.secrets
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to strongswan in Ubuntu.
https:
** Attachment added: "ipsec_client.secrets"
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1451091/+attachment/4420801/+files/ipsec_client.secrets
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to strongswan in Ubuntu.
http
When using PSK in pfSense you are required to select identifier type.
Looking at it from a security perspective it seems better to explicit
define identifier type rather then auto detect type.
** Attachment added: "pfsense_ipsec_keyid.png"
https://bugs.launchpad.net/ubuntu/+source/strongswan/+
** Attachment added: "ipsec_client.conf"
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1451091/+attachment/4420799/+files/ipsec_client.conf
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to strongswan in Ubuntu.
https://bu
> The current version of Strongswan (5.1.2) does not work with newer versions
> of pfSense (Strongswan 5.3.2 based).
> When using IPsec IKEv2/PSK the identity type is now prefixed leftid and
> rightid for better matching.
Hm, could you elaborate on that? For instance, provide example configs?
At
The current version of Strongswan (5.1.2) does not work with newer versions of
pfSense (Strongswan 5.3.2 based).
When using IPsec IKEv2/PSK the identity type is now prefixed leftid and rightid
for better matching.
The change requires at least Strongswan 5.2.2 but newest upstream is 5.3.2.
Source
** Summary changed:
- new upstream version 5.2.1
+ new upstream version 5.2.2
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to strongswan in Ubuntu.
https://bugs.launchpad.net/bugs/1451091
Title:
new upstream version 5.2.2
To manage
13 matches
Mail list logo