-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello Gilad,
As I wrote in my last email, you need to use an x509 certificate on the server
side for mschapv2 to work in strongswan.
If you use IPsec/l2tp, you can of course use strongswan to build a PSK based
IKEv1 transport mode VPN and use l2t
Hi,
Thanks for your feedback. Actually, security is not our main concern here but
rather a simple VPN setup.
We were able to setup connections using PSK on iOS device (both for L2TP and
IKEv2), but unable to do so for Windows users.
Our goal is to have Strongswan configured for most common
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello Gilad,
That's because Windows does not support PSK authentication[1].
[1]https://wiki.strongswan.org/projects/strongswan/wiki/Windows7
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E
I'm trying to setup Strongswan for both iOS devices and Windows machines. I
would like to use PSK and/or passwords and not have the user install any
certificate on his side.
I've setup 2 types of connections: one using IKEv2 and one using IKEv1+XAuth.
Both work well with iOS devices and PSK se
I have a Confusion regarding rekeying Procedure of IKE_SA in IKEv2. MY
confusion is when rekeying of IKE_SA is done whether its repective Keys of
CHILD_SAs ie. ESP or AH SAs would be change or not. As per rfc 7296, in
rekeying procedure of IKE_SA new SKEYSEED would be generate and then new
set of
Hi,
I m using libipsec to do user space encryption/decryption. Strongswan
version is 5.1.1
'ipsec up home' establishes the tunnel properly with the secgw. Secgw
assigns a virtual ip.
Later, when I start pinging a valid ip which is behind secgw like below,
ping -I virtual ip.
I see that the pack