Re: [strongSwan] High availability configuration

2015-02-22 Thread Michael Schwartzkopff
Am Sonntag, 22. Februar 2015, 14:57:13 schrieb unite: On 2015-02-21 20:52, Noel Kuntze wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello Aleksey, Currently, strongSwan only supports high-availability in an active-active cluster. However, you can abuse it and make it

Re: [strongSwan] High availability configuration

2015-02-22 Thread Noel Kuntze
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello Michael, I know that. However, even with statically setting the MAC address to the ports the hosts are on, it did not forward the ethernet frames to those ports. Mit freundlichen Grüßen/Regards, Noel Kuntze GPG Key ID: 0x63EC6658

Re: [strongSwan] High availability configuration

2015-02-22 Thread unite
On 2015-02-21 20:52, Noel Kuntze wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello Aleksey, Currently, strongSwan only supports high-availability in an active-active cluster. However, you can abuse it and make it active-passive by simply not using a multicast mac address and

Re: [strongSwan] eap-radius and ssha passwords

2015-02-22 Thread Michael Schwartzkopff
Am Sonntag, 22. Februar 2015, 21:31:29 schrieb Alexey Beketov: Hello, I'm trying to make strongswan authorize and authenticate against freeipa through eap-radius. Client is my android phone and strongswan app (I'd like to use MOBIKE). I've sucessfully configured freeradius to query freeipa via

[strongSwan] eap-radius and ssha passwords

2015-02-22 Thread Alexey Beketov
Hello, I'm trying to make strongswan authorize and authenticate against freeipa through eap-radius. Client is my android phone and strongswan app (I'd like to use MOBIKE). I've sucessfully configured freeradius to query freeipa via ldap protocol. After some playing I've figured out that

Re: [strongSwan] eap-radius and ssha passwords

2015-02-22 Thread Thomas Will
clear text password should be possible with peap and leap I brought it to work with freeradius - ldap http://deployingradius.com/documents/protocols/compatibility.html Am 22.02.15 um 19:31 schrieb Alexey Beketov: Hello, I'm trying to make strongswan authorize and authenticate against

Re: [strongSwan] IKEv2 problems on iOS8

2015-02-22 Thread Milen Pankov
Hi, The problem was that I forgot to include the ServerCertificateIssuerCommonName in the iOS profile. Thank you for your help. Milen On 02/21/2015 08:17 PM, Noel Kuntze wrote: Hello Milen, Without any information from the iOS device, it is impossible to pin down what the problem is.

Re: [strongSwan] High availability configuration

2015-02-22 Thread unite
On 2015-02-22 15:29, Noel Kuntze wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello Michael, I know that. However, even with statically setting the MAC address to the ports the hosts are on, it did not forward the ethernet frames to those ports. Mit freundlichen Grüßen/Regards, Noel

Re: [strongSwan] eap-radius and ssha passwords

2015-02-22 Thread Alexey Beketov
What is the debug output of FreeRADIUS?  rlm_ldap (ldap): Reserved connection (4) (3) ldap : expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) - '(uid=test_user1)' (3) ldap : expand: cn=users,cn=accounts,dc=local,dc=yopt1k,dc=ru - 'cn=users,cn=accounts,dc=local,dc=yopt1k,dc=ru' (3) ldap :

Re: [strongSwan] eap-radius and ssha passwords

2015-02-22 Thread Alexey Beketov
clear text password should be possible with peap and leap I brought it to work with freeradius - ldap http://deployingradius.com/documents/protocols/compatibility.html Thank you! I found your suggestion about eap-gtc in ikev2 eap-radius ttls pap thread. Next I changed: default_eap_type =