A client has an existing strongSwan VPN installation that bridges two
sites. They are attempting to set up a second site to site VPN connection
to an external partner that uses a Juniper VPN/firewall box and has what
sounds like a route based ipsec VPN set up. We've set up our side using a
policy
Excellent Tobias, now it connects!
Thank you.
The only remaining question is how to get to the internet beyond the VPN
server. I am using it to appear with a different IP address. After connection
nothing is reachable. I use this configuration:
—
config setup
charondebug="cfg 2, dmn
That will work if there's no NAT in between the hosts. Otherwise the proposed
TSi and TSr will not match,
because the perceived remote peer's IP will be different from what it proposes
as TS.
On 16.03.2017 19:37, Muhammad Yousuf Khan wrote:
> Thanks you for your input Noel. it is really
Thanks you for your input Noel. it is really appreciated.
So you mean i delete leftsubnet parameter thats is sufficient and tunnel
will work.
Thanks,
Yousuf
On Thu, Mar 16, 2017 at 10:36 PM, Noel Kuntze
wrote:
> On 16.03.2017 07:29, Muhammad Yousuf Khan wrote:
> >
> >
On 16.03.2017 07:29, Muhammad Yousuf Khan wrote:
>
> There is a requriment from our client that we need a ipsec tunnel for
> communication.
> as per our experience with Openvpn we can do that very easily however IPsec
> works very differently therefore i need your assistence.
Policy based
Hi Klaus,
> Is that necessary? I use
> username/password authentication of the clients and the clients don’t
> care about the server certificate.
Yes, the CA certificate (caCert.der) has to be installed on the clients.
They won't trust the server certificate otherwise.
Regards,
Tobias
OK thank you, tried leftsendcert=always but same problem. I have not installed
the cert on the clients. Is that necessary? I use username/password
authentication of the clients and the clients don’t care about the server
certificate.
> On Mar 16, 2017, at 3:40 PM, Tobias Brunner
Hi Klaus,
> What is missing to make it work?
As documented on [1], try adding `leftsendcert=always`. If that doesn't
work, the CA certificate is probably not installed (or trusted) on the
clients.
Regards,
Tobias
[1] https://wiki.strongswan.org/projects/strongswan/wiki/AppleClients
I am trying to set up StrongSwan VPN on Ubuntu for iPhone (iOS 10) road
warriors. I want my iOS clients to authenticate with username and password.
After a couple of days of trial-and-error I believe I am close, but the client
is not completing the connection. This is the end of the log:
Hi Tobias,
Thanks for the response, will try them.
For more info, actually ours is a multi tunnel setup. We have three tunnels.
For the first time when all three tunnel comes up, its working fine.
But when one of the tunnel bounces(down and up), the problem triggers. We
observed that the route
Hi Sachin,
> We are facing problem in reaching traffic selectors when we use IPv6
> TS(Single host IP) with /128 prefix BUT whereas when we use subnets, its
> working fine.
Since the determining factor for the source IP is the local traffic
selector, i.e. fc01:eab:xx::xx/128 (which I suppose is
Hi
I'm currently using packaged version of strongswan 5.3.5 on Ubuntu
16.04.02. Would anyone know if there are any 5.5.1 equivalent packages
available for Ubuntu ... saves me building them
Rgds
Alex
___
Users mailing list
Users@lists.strongswan.org
Hi Marc,
> Is there a way to limit the proposals in VICI ?
You just have to define your proposals. To actually add the default
proposal with VICI, as was done automatically with stroke if ! was not
added, you have to explicitly add "default" to the proposal list.
Regards,
Tobias
Hi,
There is a requriment from our client that we need a ipsec tunnel for
communication.
as per our experience with Openvpn we can do that very easily however IPsec
works very differently therefore i need your assistence.
here is the scenario
We are trying to limit the set of algorithms to negotiate for IKE and ESP.
In IPSEC.CONF this is done by adding “!”.
If we apply the same “!” at the end of list, are get a message “loading
connection TEST failed : invalid value for: proposals, config discarded “
Here is an example:
15 matches
Mail list logo