Re: [strongSwan] Users Digest, Vol 85, Issue 8

for Internet Technologies and Applications// > //University of Applied Sciences Rapperswil, Switzerland// > //See 'ipsec --copyright' for copyright information. > > / > If I replace the link with the actual file, everything works fine. All > actions presented were done as

Re: [strongSwan] Can't load certificates and keys via symlink

Hell Noel, if I replace the symbolic link with the actual file fullchain1.pem everything works as expected. I have also replaced the link, so it points at the /etc/letsencrypt//archive//trinity.ingames.cz/cert1.pem file. But that didn't help either. I'm still getting permission denied on the

Re: [strongSwan] No traffic with compress=yes

Am 09.02.2017 um 18:39 schrieb Alexander Hill: > > I get connections apparently up, I see them in the output of ipsec status and > ipsec leases, but no traffic across the link. Set compress=no on the server > and issue ipsec reload, and the clients connect and communicate fine. Read the part

[strongSwan] No traffic with compress=yes

Hi all, Runnings Strongswan 5.3.5 on Ubuntu 16.04 on clients and server. My connections with compress=yes don't appear to pass any traffic. What I'm seeing seems similar to the issue described in this post from 2013: https://lists.strongswan.org/pipermail/users/2013-May/004689.html I get

Re: [strongSwan] Can't load certificates and keys via symlink

Hello Jose, Am 09.02.2017 um 16:55 schrieb Jose Novacho: > / > //lrwxrwxrwx 1 root root 54 úno 9 16:08 fullchain.pem -> > /etc/letsencrypt/live/trinity.ingames.cz/fullchain.pem// > / Loading several certificates from a file is not supported. -- Mit freundlichen Grüßen/Kind Regards, Noel

[strongSwan] Can't load certificates and keys via symlink

Hi, I have setup strongSwan VPN on my Ubuntu 16.04 server. I'm using LetEncrypt certificates, and the ipsec daemon does no want to load the certificates from symbolic link. The setup is following: Contents of relevant directories: /root@Trinity:/etc/ipsec.d/certs# ls -la// celkem 8//

Re: [strongSwan] Android doesn't support ESP aes256gcm16-modp2048

Hi Piotr, > it seems that Android app doesn't support cipher esp=aes256gcm16-modp2048 Correct. That proposal is not supported by the app, see [1] for the list of currently configured proposals. So you basically have to use a stronger DH group when using aes256gcm16. Regards, Tobias [1]

[strongSwan] Android doesn't support ESP aes256gcm16-modp2048

Hello, it seems that Android app doesn't support cipher esp=aes256gcm16-modp2048 When I set it in ipsec.conf: esp=aes256gcm16-modp2048! When CHILD_SA is triggered (not IKE_SA), I've got NO_PROPOSAL_CHOSEN If I leave default value for esp it works without problems. I guess it is a bug - it