Hi,
Is then also possible to use more authentication protocols besides
eap-mschapv2 and eap-md5?
Federico
-Opprinnelig melding-
Fra: Andreas Steffen [mailto:andreas.stef...@strongswan.org]
Sendt: 7. november 2011 10:45
Til: Mancini, Federico
Kopi: users@lists.strongswan.org
Emne: Re: [st
Hi,
I want to setup the FTPS over the IPSec tunnel by using lftp for FTPS
client, vsftpd for FTPS server, Strongswan for IPsec. The FTPS needs turn
on the ssl encryption and cert based authentication (bi-directional). When
I turn on the firewall and setup the ipsec tunnel, ping is OK. But FTPS not
I guess you have your reasons but I can hardly imagine why you would
*require* FTP/TLS over IPsec.
Anyway... If your problem appears when you turn on firewall , the first
things that comes to my mind is FTP passive mode not being compatible
with iptables contracking helpers Indeed, as th
Thanks Again for your help Andreas
Here is the current config and non-debug log file:
-Matt
# ipsec.conf - strongSwan IPsec configuration file
config setup
crlcheckinterval=0s
strictcrlpolicy=no
cachecrls=yes
nat_traversal=yes
charonstart=yes
Hello Matt,
the Windows Server 2008 r2 expects strongSwan
to request a virtual IP address to be used
as a source address within the IPsec tunnel.
Therefore add this statement:
leftsourceip=%config
With a virtual IP address
leftsubnet=10.0.0.0/24
doesn't make much sense, so you'd better
o
Hi Andreas
With your expert help, I am now able to establish a connection between my two
sites. From my ubuntu box I am to ping 192.168.1.45, which I think is my
local VPN adapter. I can not, however, ping 192.168.1.43 which I think is the
windows PPP adaptor. I do not see any entries for
Dears,
No ideas? I've tried a lot of combinations of config, including
specifying very specific IPs for "left", "leftsubnet", "right",
"rightsubnet", "rightid" etc. The docs are not too helpful for NAT or
especially double-NAT (which seems to be the case here) scenarios.
BR,
Alex
On 02/11/11 1
Andreas
Got it working. I needed to add rightsubnet=192.168.1.0/24 to the connection.
I still have a question about removing rightid=%any
Thanks again for all your help.
Matt Hymowitz, CISSP
Manager
GMP Networks, LLC
520 577-3891
From: Matthew F. Hym
