Hi Simon,
Seems MOBIKE message processing needs to store the message's source IP
addr along with the other ADDITIONAL_IPV4_ADDRESS. Use ike_sa to
remember this address separately is not safe. It requires
code to add it in the additional_addresses list before it is overwritten
by
Hi Alex,
I was not aware of the strict flag at all. man ipsec.conf has no
info on that.
That's true for versions before 4.6.0. In the man page of later
versions and on our wiki page about ipsec.conf conn sections [1] this
flag is documented.
Regards,
Tobias
[1]
i install brctl ubuntu package but still the uml environment doesn't build,
do i need also a database ? i have the following output
sorry if these questions sounds stupid i am new linux also strongswan user
Copying
Hello,
you must build and start/stop the UML system as root:
sudo ./make-testing
sudo ./start-testing
sudo ./stop-testing
Regards
Andreas
On 03/09/2012 03:46 PM, xrats melkonian wrote:
i install brctl ubuntu package but still the uml environment doesn't build,
do i need also a
Hello,
Let me describe a simple scenario (that works):
A -- B
10.1.1.1 10.1.1.2
ipsec.conf is properly configured for both A and B.
ipsec.secrets for A
10.1.1.1 10.1.1.2 : PSK test123
ipsec.secrets for B
10.1.1.2 10.1.1.1 : PSK test123
I've got this working as follows:
- Removed the UNITU_SPLIT_INCLUDE attribute from the SQL DB.
- In StrongSwan.conf:
pluto {
plugins {
attr {
dns = 172.16.1.1
28675 = mgorbach.home
28676 =
And one more thing …
- In ipsec.conf:
conn ansible-threshold-pki|~
left=%defaultroute|~
Hello Germano,
the order of the identities in ipsec.secrets entries does not
matter. If %any does not work then just define
10.1.1.2 : PSK test123
Regards
Andreas
On 09.03.2012 18:24, Germano Veit Michel wrote:
Hello,
Let me describe a simple scenario (that works):
A
Hello Andreas,
I tried that but still no go:
|af+type: OAKLEY_AUTHENTICATION_METHOD
|length/value: 1
|[1 is pre-shared key]
x-ethernet0 #1: Can't authenticate: no preshared key found for '10.1.1.1'
and '10.1.1.2'. Attribute OAKLEY_AUTHENTICATION_METHOD
x-ethernet0 #1: no
Hi Tobias,
Wow! I just posted the problem yesterday and the fix is ready this morning.
Much appreciate your effort.
Simon
From: Tobias Brunner tob...@strongswan.org
To: Simon Chan simon.ch...@yahoo.ca
Cc: users@lists.strongswan.org users@lists.strongswan.org
10 matches
Mail list logo