Hi Richard,
> We see in the IKE_SA_INIT that if the minor verison is set to any value other
> thn 0 strongswan does not respond to the packet. Turning on debug traces we
> see
> that the charon deamon is waiting to recieve the IKE_SA_INIT packet, but it
> does
> not recieve it.
Seems that we h
Hey all,
I have done some archive searching on this one and previous
issues have either been with ipsec.secrets providing the
right password or key not matching cert issues. However, I
have checked these things and am still getting this
message.
Jun 22 02:10:32 li01 charon: 14[IKE] no private key
Hi Shane,
> Why is the key being listed twice here?
Seems that you're running the IKEv1 and IKEv2 daemons in parallel. The
output of both daemons is just concatenated.
> 000pubkey:RSA 2048 bits, has private key
Pluto could associate your private key to the certificate, but
> pubk
Hi Shane,
the first output comes from the IKEv1 pluto daemon who
finds the matching private key whereas the second output
is from the IKEv2 charon daemon who fails in finding the
private key. If you disable the pluto daemon by setting
config setup
plutostart=no
in ipsec.conf then you won't
Hi All,
I am getting an error while trying to configure strongswan with the network
manager of fedora .the error being:
-
.
checking for DBUS... yes
checking for GTK... yes
checking for GDK_PIXBUF... yes
checking for GLADE... yes
checking for LIBGNOMEUI... yes
checking f
Hello,
I'm using strongswan 4.4.0 with ikev2 daemon charon.
The dns server entries from strongswan.conf are not pushed to the clients,
neither Windows 7 nor Ubuntu with strongswan-nm plugin.
strongswan.conf :
charon {
load = aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke
so
Hi Claude,
reading DNS and WINS information from strongswan.conf requires
the "attr" plugin.
Regards
Andreas
On 22.06.2010 16:16, Claude Tompers wrote:
Hello,
I'm using strongswan 4.4.0 with ikev2 daemon charon.
The dns server entries from strongswan.conf are not pushed to the clients,
neit
Hi Andreas,
That did the trick.
Thanks a lot for your quick help.
kind regards,
Claude
On Tuesday 22 June 2010 16:23:36 Andreas Steffen wrote:
> Hi Claude,
>
> reading DNS and WINS information from strongswan.conf requires
> the "attr" plugin.
>
> Regards
>
> Andreas
>
> On 22.06.2010 16:16
Hi All,
I am trying to establish Host to Host DPD connection.
I added the following in the ipsec.conf file (in both Moon and Sun)
dpdaction=restart
dpddelay=5
dpdtimeout=10
After that I start IPsec and establish connection by ipsec up .
The output is like DPD
Our Changelog says:
strongswan-4.3.4
- The IKEv2 charon daemon supports include files in ipsec.secrets.
So probably charon stops parsing ipsec.secrets due to
the unsupported include statement.
Regards
Andreas
On 22.06.2010 18:50, Shane W wrote:
Hi,
I was using Debian stron
Hello
Quick question, please: does Strongswan know how to deal with multiple
connections when I do a PAT type of NAT-T for IKEv1? - Transport mode
I have enabled nat_traversal, and I have 2 connections, one coming from
192.168.0.2:4503, and the other coming from 192.168.0.2:4504. Only one of
the
pluto has the same issue
On Tue, Jun 22, 2010 at 10:16 PM, Claude Tompers
wrote:
> Hello,
>
> I'm using strongswan 4.4.0 with ikev2 daemon charon.
> The dns server entries from strongswan.conf are not pushed to the clients,
> neither Windows 7 nor Ubuntu with strongswan-nm plugin.
>
> strongsw
Hello Cristina,
strongSwan does not support multiple IPsec peers requesting
transport mode and hiding behind the same NAT-router.
Best regards
Andreas
On 22.06.2010 18:56, Cristina Vintila wrote:
Hello
Quick question, please: does Strongswan know how to deal with multiple
connections when I
Starting with strongSwan 4.4.0 pluto makes also use of the attr plugin.
Usually the attr plugin is compiled and loaded by default. If you add
an explicit pluto.load statement in strongswan.conf then you are on your
own and you must know exactly what plugins you want to include.
Regards
Andreas
We test DPD by temporarily blocking the network connection between
the peers by inserting an iptables DROP rule in the firewall
and then wait until DPD has dropped the connection for sure
and then enabling it again:
moon# ipsec statusall | grep 'rw.*INSTALLED' [YES]
rw{1}: INSTALLED, T
hi,
is it possible to give a different than the default (and seemingly
hardcoded) path /etc/ipsec.conf? I have a scenario that requires
preparing multiple config files, and I have to let charon work with a
specific file
I am using version 4.3.5 still
__
16 matches
Mail list logo
