Re: [strongSwan] MOBIKE switching bug in gateway with two external interfaces

Hi Simon, Seems MOBIKE message processing needs to store the message's source IP addr along with the other ADDITIONAL_IPV4_ADDRESS. Use ike_sa to remember this address separately is not safe. It requires code to add it in the additional_addresses list before it is overwritten by

Re: [strongSwan] Limiting the cipher suites in remote peer proposal

Hi Alex, I was not aware of the strict flag at all. man ipsec.conf has no info on that. That's true for versions before 4.6.0. In the man page of later versions and on our wiki page about ipsec.conf conn sections [1] this flag is documented. Regards, Tobias [1]

[strongSwan] URGENT help with installation

i install brctl ubuntu package but still the uml environment doesn't build, do i need also a database ? i have the following output sorry if these questions sounds  stupid i am new linux also strongswan user Copying

Re: [strongSwan] URGENT help with installation

Hello, you must build and start/stop the UML system as root: sudo ./make-testing sudo ./start-testing sudo ./stop-testing Regards Andreas On 03/09/2012 03:46 PM, xrats melkonian wrote: i install brctl ubuntu package but still the uml environment doesn't build, do i need also a

[strongSwan] %any in ipsec.secrets

Hello, Let me describe a simple scenario (that works): A -- B 10.1.1.1 10.1.1.2 ipsec.conf is properly configured for both A and B. ipsec.secrets for A 10.1.1.1 10.1.1.2 : PSK test123 ipsec.secrets for B 10.1.1.2 10.1.1.1 : PSK test123

Re: [strongSwan] unity_split_include prevents VPN from connecting.

I've got this working as follows: - Removed the UNITU_SPLIT_INCLUDE attribute from the SQL DB. - In StrongSwan.conf: pluto { plugins { attr { dns = 172.16.1.1 28675 = mgorbach.home 28676 =

Re: [strongSwan] unity_split_include prevents VPN from connecting.

And one more thing … - In ipsec.conf: conn ansible-threshold-pki|~ left=%defaultroute|~

Re: [strongSwan] %any in ipsec.secrets

Hello Germano, the order of the identities in ipsec.secrets entries does not matter. If %any does not work then just define 10.1.1.2 : PSK test123 Regards Andreas On 09.03.2012 18:24, Germano Veit Michel wrote: Hello, Let me describe a simple scenario (that works): A

Re: [strongSwan] %any in ipsec.secrets

Hello Andreas, I tried that but still no go: |af+type: OAKLEY_AUTHENTICATION_METHOD |length/value: 1 |[1 is pre-shared key] x-ethernet0 #1: Can't authenticate: no preshared key found for '10.1.1.1' and '10.1.1.2'. Attribute OAKLEY_AUTHENTICATION_METHOD x-ethernet0 #1: no

Re: [strongSwan] MOBIKE switching bug in gateway with two external interfaces

Hi Tobias, Wow! I just posted the problem yesterday and the fix is ready this morning. Much appreciate your effort. Simon From: Tobias Brunner tob...@strongswan.org To: Simon Chan simon.ch...@yahoo.ca Cc: users@lists.strongswan.org users@lists.strongswan.org