Re: [strongSwan] left ID, right ID and no matching peer config

That worked, thank you very much. On Tue, Apr 25, 2017 at 7:53 AM, Tobias Brunner wrote: > Hi Piyush, > > > while the rightID on server would be %any. > > If you set `rightcert` this will cause `rightid` to default to the > subject DN of the certificate, which in turn

Re: [strongSwan] Yet another: charon[1749]: 14[KNL] received netlink error: Protocol not supported (93)

Ok, I found out and everything is working flawlessly. The WD's GPL toolchain for the MyCloud device fooled me. While the .config had CONFIG_INET_ESP=m, after LOTS of tinkering, I've found that in the source code it has: [rfreire@rf ipv4]$ grep esp Makefile #obj-$(CONFIG_INET_ESP) += esp4.o

Re: [strongSwan] Don't know where to start

Hello René, On 25.04.2017 20:04, Rene Maurer wrote: > Meanwhile I have looked at the time stamps and IMHO they are a little bit > strange: > >>> Apr 25 16:32:28 daemon.info syslog: 05[NET] sending packet: from >>> 10.64.33.100[4500] to xxx.137.25.195[4500] (1120 bytes) >>> 16:32:32.802620 IP

Re: [strongSwan] Don't know where to start

Hello Noel Noel Kuntze wrote : > (I'm answering this from my original email account now.) And I see your email now in my email account. >> But when I look at the log on my site together with >> "tcpdump -i ppp0", I have the impression that ikev2_auth >> is sent (once).

Re: [strongSwan] Don't know where to start

Hello René, (I'm answering this from my original email account now.) On 25.04.2017 19:05, Rene Maurer wrote: > Routing is as follows: > > # ip route show table 220 > 10.4.30.0/24 via xxx.137.25.195 dev ppp0 proto static src 10.4.48.1 > > # route -n > Kernel IP routing table > Destination

Re: [strongSwan] roadwarrior client on macOS?

Apple Configurator 2 (https://itunes.apple.com/us/app/apple-configurator-2/id1037126344) works well for building IKEv2 VPN profiles for macOS and iOS. You can even edit the profile later (they’re just XML plist format) to configure options that aren’t exposed in the GUI, such as on-demand

Re: [strongSwan] left ID, right ID and no matching peer config

Hi Piyush, > while the rightID on server would be %any. If you set `rightcert` this will cause `rightid` to default to the subject DN of the certificate, which in turn won't match "client". So either set `rightid=client` or don't set `leftid` on the client so the client's own identity defaults

Re: [strongSwan] Tunnels with dynamic IP and another route issue

Hi Dusan, > default > nexthop via 90.225.x.x dev vlan845 weight 1 > nexthop via 10.248.x.x dev ppp0 weight 256 > nexthop via 85.24.x.x dev vlan847 weight 1 > nexthop via 46.195.x.x dev ppp1 weight 1 > > My gateway is configured to use 10.248.0.x as "default

[strongSwan] Commercial support?

I’m having some trouble with my VPN connections, and I’d like to get some commercial support. Anyone feel up to helping me out? ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] Don't know where to start

Hello René, On 25.04.2017 12:42, Rene Maurer wrote: > conn home > keyexchange=ikev2 > ike=aes128-sha256-modp1024! > esp=aes128-sha256! > left=%config "left=%config" doesn't make sense. %config is neither a known keyword nor a valid resolvable hostname. If your routing table is

[strongSwan] Don't know where to start

Hello I am new to strongSwan and I try to establish a connection between an embedded Linux box (using Linux strongSwan U5.3.0/K3.14.43) and a MOXA switch located on remote site. On the embedded Linux box I have two interfaces: ppp0 connects to the internet (using GPRS). eth0 (10.4.48.1) connects

Re: [strongSwan] client virtual ip address assignment issue with dhcp

Hello Alex, On 25.04.2017 10:48, Alex Sharaz wrote: > ens1f0Link encap:Ethernet HWaddr 00:14:4f:0d:d0:c8 > inet addr:144.32.128.198 Bcast:144.32.129.255 Mask:255.255.254.0 > inet6 addr: 2001:630:61:180::1:c6/64 Scope:Global > inet6 addr:

[strongSwan] client virtual ip address assignment issue with dhcp

Hi, Seem to have a problem assigning an IP address to a client from our campus dhcp server Running strongswan 5.5.2 loaded plugins: charon unbound pkcs11 aes des rc2 sha2 sha1 md5 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey

Re: [strongSwan] roadwarrior client on macOS?

Hi Paul, > I'm afraid I'm struggling with the wiki documentation and would like > to use the roadwarrior app - however it asks for a username whereas I > want to use the certificate already installed on the machine (which is > used for Active Directory integration), what can I do here? Use the