Hello Andreas,
I am using strongswan 4.3.4 so I think the fix that you are talking about
must be there.
But it seems that there is something else that needs to be done on 2.6.24
kernel to make ESP Null Encryption work.
Are you aware of any patch on linux kernel ?
Thanks
Ashish
On Thu, Dec 31, 20
Hi Ashish,
Both the strongSwan IKEv1 and IKEv2 daemons support ESP Null encryption:
http://www.strongswan.org/uml/testresults43/ikev1/esp-alg-null/
http://www.strongswan.org/uml/testresults43/ikev2/esp-alg-null/
Due to a keymat.c refactoring the configuration of ESP Null encryption
was broke
Hello Daniel,
there are several difficulties:
- First, ipsec starter doesn't know anything about charon's loaded
plugins. Therefore we cannot do any checks during the parsing of
ipsec.conf.
- Second, an EAP client doesn't know which EAP method will be applied
before receiving this informat
Hello Daniel,
Daniel Mentz wrote:
> Andreas Steffen wrote in his e-mail on dec 24:
>
> ".the IKEv2 charon daemon receives the FQDN as a
> string via the stroke interface and does name resolution on the fly
> shortly before actually negotiating the IPsec tunnel."
>
> This appears not to work
I am using strongswan 4.3.5. Whenever I run "ipsec pki --gen" it just
hangs. Are there any known issues with this? Any work around?
I had a play with the souce code, adding in debug logging. It seems to
get stuck in the following function in
library/credentials/credential_factory.c:
static void* c
Hello Andreas,
I am trying to establish a Null Encryption between two peers. I am using a
2.6.24 kernel and the Null Algorithm option was not enable in kernel
configuration. I did enable that by CONFIG_CRYPTO_NULL=y and rebuild the
kernel.
But still strongswan reported the error "IPSEC SA empty pr
Andreas Schuldei wrote:
> On Mon, Dec 28, 2009 at 11:16 PM, Andreas Schuldei
> wrote:
>> Daniel, thank you VERY much!
>>
>> when would be a good time to run those commands? are there hooks in
>> strongswan to call a script containing those commands? or are there
>> scripts on the system already wh
I tried to setup a strongSwan as a gateway for Windows 7 (MSCHAPv2). But
it did not work. After some time of troubleshooting, it turned out that
I failed to include the following parameters when running ./configure
--enable-eap-mschapv2
--enable-md4
The log file of strongSwan wasn't very helpfu
according to this
http://lwn.net/Articles/269327/
amd64 is fastest for aes128. so that would explain why we see a
performance decrease with blowfish.
On Wed, Dec 30, 2009 at 1:19 AM, Andreas Schuldei
wrote:
> http://marc.info/?l=linux-kernel&m=126155699817914&w=2
>
> but i dont understand what
Andreas Steffen wrote in his e-mail on dec 24:
".the IKEv2 charon daemon receives the FQDN as a
string via the stroke interface and does name resolution on the fly
shortly before actually negotiating the IPsec tunnel."
This appears not to work for me. The output of starter is as follows:
Sta
Hi Daniel,
thank you for your help. After switching to the newest strongswan release it
works great.
Kind regards,
Michael
-Original Message-
From: Daniel Mentz [mailto:danielml+mailinglists.strongs...@sent.com]
Sent: Tuesday, December 29, 2009 1:15 PM
To: Wihsböck Michael
Cc: users@li
11 matches
Mail list logo