Re: [strongSwan] Site to site vpn using certificates-no peer config in log files

Hello Ed, on the moon side you must configure rightid="***SUN DN ON CERTIFICATE***" Regards Andreas On 11/22/2011 07:59 AM, Edward Cooke wrote: > Hi all, > > I’m trying to get a site to site VPN set up between to strongswan Linux > systems. I can’t get past the “no matching peer config foun

Re: [strongSwan] Android/Stongswan Integration

Hi Zhen, > If I used 4.6.1, is there any special configuration I need to enable to > build the starter and stroke when I build the Android? Have a look at the top Android.mk. There you can uncomment the strongswan_BUILD_STARTER line to enable the build of starter and stroke. > I assume I wouldn

[strongSwan] Road-Warrior Setup with different PSKs

Hi! I wonder if it's possible to have the road-warrior setup with different PSKs for different users? E.g. if strongswan fails to decode a packet with the PSK it should find for another PSK with matching IP addresses? I tried: 22.19.53.13 %any : PSK "pass1" 22.19.53.13 %any : PSK "pass2" 22.19

Re: [strongSwan] Road-Warrior Setup with different PSKs

Hello Klaus, if the roadwarriors have dynamic IP addresses then IKEv1 Main Mode supports only one shared PSK. With IKEv2 each roadwarrior can have a PSK of her own". Regards Andreas On 11/22/2011 10:41 AM, Klaus Darilion wrote: > Hi! > > I wonder if it's possible to have the road-warrior setup

Re: [strongSwan] can not establish MSCHAPv2 tunnel using ipsec.conf/ipsec.secrets in strongswan 4.6.1 release on Android Gingerbread

Hello Nitin, if you define left=%any than by default leftid=%any which is not a valid initiator ID type. As a workaround just define an explicit ID: leftid= Regards Andreas On 11/22/2011 09:50 AM, Nitin Verma wrote: > Yes Andreas, that worked straightaway. Thanks. > > However, I

Re: [strongSwan] Android/Stongswan Integration

Hi Tobias,  I successfully loaded 4.6.1 to Android 2.2. I pushed ipsec.conf to the emulator. Now if I us ipsec start, then ipsec up.   1. Doesn't seem that Charon loads the the  ipsec.conf file. 2. If I use ipsec up to force the starter to bring up the conn, ipsec up gave some error like " unnam

Re: [strongSwan] Android/Stongswan Integration

> 1. Doesn't seem that Charon loads the the ipsec.conf file. What makes you say so? Do you get any errors? Where did you put the file? Can you verify that it's there when you log into the emulator with 'adb shell'? And is that path equal to what you configured in the top Android.mk file as st

Re: [strongSwan] Different values for the option strictcrlpolicy

Hi Martin, Thank you for your help. On our strongSwan systems we want to switch on/off the CRL checks. If the check is switched off then even if received certificate specifies a CDP extension toward an accessible remote CRL we don't want that strongSwan rejects the IKE connection even if the seri