Hi,
For kernel space there is only one thread in ordinary case. But is there
anything different for userspace backend?
No, our libipsec userspace IPsec backend currently uses a single thread
in each flow direction.
If performance is critical, you certainly should use a kernel based
IPsec
You mean that for multiple ESP SA there can be multiple working thread
involved?
Performance is critical as usual, but not a priority and userspace with
its portability is much more critical for me.
I suppose it is possible to add dispersal of incoming packets with one
ESP SA across multiple
Hi Ben, Cindy,
I am attempting to connect to a Strongswan VPN server using the native
Android IPSec client in Android 4.4
Is it possible to set up the vpn connection with Android's own vpn
client (and NOT the strongswan app)?
It is possible, yes. With the exception of the Samsung Galaxy S5
You mean that for multiple ESP SA there can be multiple working thread
involved?
Sorry for being unclear: There is a single thread in each direction in
common for all SAs; even with multiple SAs you only have one thread in
each direction.
I suppose it is possible to add dispersal of
You mean that for multiple ESP SA there can be multiple working thread
involved?
Sorry for being unclear: There is a single thread in each direction in
common for all SAs; even with multiple SAs you only have one thread in
each direction.
And by direction you mean input and output? Or each
Hello All,
Is there an option to set the eap-radius plugin authentication timeout /
retransmit period?
I am using StrongSwan with FreeRadius (and LDAP), problem is that
authentication requests time out after about 15 seconds. This makes e.g.
two-factor authentication inconvenient to use.
Sep 16
Hi,
Is there an option to set the eap-radius plugin authentication timeout /
retransmit period?
No, these values are currently hardcoded, you may change them at [1].
I am using StrongSwan with FreeRadius (and LDAP), problem is that
authentication requests time out after about 15 seconds.
Hi Martin,
Thanks for your answer, I'll build a new package then, and see what
happens with changed timeout values. Are there plans to make this a
configuration value?
The second factor is authenticating with a RADIUS proxy. The proxy
forwards the entered username and password to the RADIUS user
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello Cindy,
By default, the strongSwan app also asks for the certificate chains of public
CAs.
Also, your problem is not the NAT mapping, but potentially a broken vpn API on
the client side.
If you want to access hosts other than your VPN
If I am using the strongswan app on android to make the connection,
how is it a broken vpn API on the client side?
Also, contents of my vpn.example.com /etc/sysctl.conf file:
# VPN (strongswan)
net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
Hello,
I am trying to figure out how vti works with the latest stable kernel
(3.16.2) or rc kernel (3.17.x).
If anyone has a working vti tunnel with strongswan, Can you please
share your configuration?
Do you have mark= in ipsec.conf? Do you use iptables rules to set
the mark? What are your vti
Hi,
Does anyone know if it is possible for Strongswan to establish multiple
simultaneous IPSec connections to multiple servers from one client device?
Would this be just a matter of setting up multiple connection profiles and use
the up command to connect?
Peter
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello Peter,
Yes. However, you can not have tunnels with overlaping subnets.
If you want to have overlaping subnets, you need to use iptables
with the netmap module or use marks.
Mit freundlichen Grüßen/Regards,
Noel Kuntze
GPG Key ID:
According to /etc/strongswan.conf, which includes all the *conf files
in /etc/strongswan.d/charon/
I *should* be loading up the contents of
/etc/strongswan.d/charon/xauth-pam.conf which are
root@vpn:/etc/strongswan.d/charon# more xauth-pam.conf
xauth-pam {
# Whether to load the plugin. Can
Hi all,
I just added strongswan to my distro's package manager [1], and it all
seems to build fine but if I try to run any of the dynamically linked
executables I get a symbol lookup error, e.g.:
/nix/store/6idv2wv00yww34hny20ikmy0qn5bdb11-strongswan-5.2.0/bin/pki: symbol
lookup error:
15 matches
Mail list logo
