Hello,
I am using Strongswan-5.3.2 and Linux version 3.2.0
I have successfully tested host-host using pre-shared keys authentication
method.
I want to generate RSA keys and others certificate generation method based
authentication to test my host-host.
I need the configuration procedure ? Any p
Hi All,
I'm looking into testing a solution to replace a setup involving Cisco
ASA's providing VPN connectivity. The main requirement that has to be kept
is having VPN failover (Active/Standy). On the head end ASA I define a peer
list like "crypto map outside_map 1 set peer 100.1.1.1 200.2.2.2" whe
Hi Michael,
> So it seems the other VPN endpoint does not support NATed
> connections?
Yes, looks like it. Your peer does not return any NAT detection
payloads. So it either does not support NAT-T or it has it disabled
in its configuration.
Regards,
Tobias
Am Dienstag, 4. August 2015, 10:36:21 schrieb Tobias Brunner:
> Hi Michael,
>
> > VPN connection is established:
> There are no CHILD_SAs listed there. Only IKE_SAs. Could you send the
> logs of when the SAs are established (including the initial messages
> where the NAT is detected). What stro
Am Dienstag, 4. August 2015, 08:56:32 schrieb Monti, Marco:
> Hi All,
>
> Do you know if there is a MIB we could use for StrongSwan as template?
>
> I was thinking of something like ipsec MIB to start from maybe Cisco?
>
> Marco
We CANNOT use any existing MIBs since they are mostly copyrighted
Hi,
I tried to find a gocumentation of the entries in the strongswan log file.
Especially I am looking to the dokumentation of the IKE attributes like
NATD_S_IP, NATD_D_IP, INVAL_KE, IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr
N(EAP_ONLY).
An good hints?
Mit freundlichen Grüßen,
Michael Schwart
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello Ashok
conn %default != conn default
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 04.08.2015 um 12:05 schrieb ashok kj:
> Thanks Tobias,
>
> I was
Thanks Tobias,
I was under the impression authby=secret will be same as left|rightauth=psk.
Thanks for your perfect shot.
RegardsAshok
On Tuesday, 4 August 2015 2:22 PM, Tobias Brunner
wrote:
Hi Ashok,
> I am trying to establish simple PSK IPSec session between 2 ubuntu systems.
>
Hello,
Thanks for the answer!
Regarding marking/nonmarking - I need to define two classes and two
corresponding filters. It's not obvious for me how to define TC
filter which triggers if the package is from/to certain IP address and
belongs to certain type of connection (e.g., I need to distingh
Hi All,
Do you know if there is a MIB we could use for StrongSwan as template?
I was thinking of something like ipsec MIB to start from maybe Cisco?
Marco
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/u
Hi Ashok,
> I am trying to establish simple PSK IPSec session between 2 ubuntu systems.
>
> ...
> Aug 3 19:15:55 user-Lenovo-Product charon: 14[IKE] no private key found for
> 'moon.strongswan.org'
> ...
>
> May I know what am I missing?
A lesson in reading the log and status output perhaps ;-
Hi Michael,
> VPN connection is established:
There are no CHILD_SAs listed there. Only IKE_SAs. Could you send the
logs of when the SAs are established (including the initial messages
where the NAT is detected). What strongSwan version(s) are you using?
> If I configure forceencaps then the x
Hi,
I am trying to establish a VPN tunnel to the amazon VNC network. My VPN server
is behind a nat device.
My config is:
config setup
conn default
authby=secret
mobike=no
ike=aes128-sha1-modp1024!
conn kd1
authby=secret
right=54.239.63.A
rightsub
13 matches
Mail list logo
