Hi,
When using a static ip in the rightsourceip parameter the
client(android) is resolving my mailserver with the internal ip as it
should(because I set that up with the attr plugin), but when using
rightsourceip=%dhcp the settings for dns with attr plugin seems to be
ignored and then
I fixed it by adding route on both sides.thanks for your help!
Sent from Mobile
On 2014年12月8日, at 16:34, Noel Kuntze n...@familie-kuntze.de wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello Eric,
Please post the output of stables-save of the gateway and client.
It is much
Hi eveyone,
I have a Strongswan 5.1.1 server that is working perfectly for Windows
7/8, Linux and Mac/OSX clients, but I cannot make it work for Windows
XP clients.
I have tried both using the native client of Windows XP (that does not
connect at all) and using two vpn clients, ShrewSoft and
Hi Thanks for helping
The DHCP is assigning the right ip adress for the DNS server. I also
tried it on a windows7 ipsec client from work today and it gets the
right DNS assigned, but will still resolve to the external even though
it asks the right DNS server.
I have found the problem. It is
On 12/09/2014 02:24 PM, Hasse Hagen Johansen wrote:
So I have these rules:
Chain zone_wan (1 references)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/00.0.0.0/0 udp dpt:68
ACCEPT icmp -- 0.0.0.0/00.0.0.0/0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello,
As Simon already pointed out, you can use the policy module in iptables to
match traffic that is matches an IPsec policy,
hence strems from an IPsec packet or is going to be transformed into an IPsec
packet.
If I remember correctly, you
Thanks Simon
I just found that on serverfault :) That must be the solution(and maybe
define a special vpn zone would be nicer I think)
Best Regards
Hasse
Den 09/12/14 kl. 20:30 skrev Simon Deziel:
On 12/09/2014 02:24 PM, Hasse Hagen Johansen wrote:
So I have these rules:
Chain zone_wan (1
I'm trying to set up a mac os x client to use a certificate based
authentication. I've created root and host (and client, w/private
key) certificates with ipsec pki, then created p12 packages and
successfully loaded them into the keychain on the mac I'm using. On
the server side (ubuntu 14.04)
Hello SS team,
Does strongswan 5.x provide esp replay protection with IKEv1?
I can pass packets with seq number 1, 2, 3 , ..., 31, 1, 2,3, ..., 31.
Basically packets with duplicate sequence number are not dropped.
I tried a couple of things to resolve this issue with no success.
1)