for Internet Technologies and Applications//
> //University of Applied Sciences Rapperswil, Switzerland//
> //See 'ipsec --copyright' for copyright information.
>
> /
> If I replace the link with the actual file, everything works fine. All
> actions presented were done as
Hell Noel,
if I replace the symbolic link with the actual file fullchain1.pem
everything works as expected.
I have also replaced the link, so it points at the
/etc/letsencrypt//archive//trinity.ingames.cz/cert1.pem file. But that
didn't help either. I'm still getting permission denied on the
Am 09.02.2017 um 18:39 schrieb Alexander Hill:
>
> I get connections apparently up, I see them in the output of ipsec status and
> ipsec leases, but no traffic across the link. Set compress=no on the server
> and issue ipsec reload, and the clients connect and communicate fine.
Read the part
Hi all,
Runnings Strongswan 5.3.5 on Ubuntu 16.04 on clients and server.
My connections with compress=yes don't appear to pass any traffic. What I'm
seeing seems similar to the issue described in this post from 2013:
https://lists.strongswan.org/pipermail/users/2013-May/004689.html
I get
Hello Jose,
Am 09.02.2017 um 16:55 schrieb Jose Novacho:
> /
> //lrwxrwxrwx 1 root root 54 úno 9 16:08 fullchain.pem ->
> /etc/letsencrypt/live/trinity.ingames.cz/fullchain.pem//
> /
Loading several certificates from a file is not supported.
--
Mit freundlichen Grüßen/Kind Regards,
Noel
Hi,
I have setup strongSwan VPN on my Ubuntu 16.04 server. I'm using
LetEncrypt certificates, and the ipsec daemon does no want to load the
certificates from symbolic link.
The setup is following:
Contents of relevant directories:
/root@Trinity:/etc/ipsec.d/certs# ls -la//
celkem 8//
Hi Piotr,
> it seems that Android app doesn't support cipher esp=aes256gcm16-modp2048
Correct. That proposal is not supported by the app, see [1] for the
list of currently configured proposals. So you basically have to use a
stronger DH group when using aes256gcm16.
Regards,
Tobias
[1]
Hello,
it seems that Android app doesn't support cipher esp=aes256gcm16-modp2048
When I set it in ipsec.conf:
esp=aes256gcm16-modp2048!
When CHILD_SA is triggered (not IKE_SA), I've got NO_PROPOSAL_CHOSEN
If I leave default value for esp it works without problems.
I guess it is a bug - it