Hi guys,
i have an IKEv2 roadwarrior setup (U5.3.5/K4.8.0-58-generic) that works
fine with IPv4 through IPv4 tunnel.
But now i want to allow connection also through IPv6. But when i connect
through IPv6, the tunnel came up and i got the correct ip address..., but i
didn't get any traffic through
That's because your locally configured ESP proposals do not contain
AES_GCM_16_128.
On 05.07.2017 22:58, Karl Denninger wrote:
>
> On 7/5/2017 02:47, Tobias Brunner wrote:
>> Hi Karl,
>>
>>> Except that I can't install the server's certificate into Android's
>>> storage (whether from the base
On 7/5/2017 02:47, Tobias Brunner wrote:
> Hi Karl,
>
>> Except that I can't install the server's certificate into Android's
>> storage (whether from the base "Security" tab or in the StrongSwan
>> client); it refuses and says there's no certificate it can import.
> If you tried the import option
Hi,
> My problem is that I don't see how to keep the necessary "eap_identity =
> %identity" line in the vici configuration.
Set eap_id to %any in the corresponding remote* section.
Regards,
Tobias
Hi all,
I understand I can not handle ipsec.conf defined connexions through vici
interface. (I guess I am right).
In consequence, I'm currently trying to move my configuration from ipsec.conf
to vici conf file to get a more dynamic behavior.
My problem is that I don't see how to keep the
On 7/5/2017 10:20, Tobias Brunner wrote:
> Hi Karl,
>
>> Yes. If the frag-eating monster does not get me BOTH certificates work
>> (when sent from the server with the switch turned on.)
> OK, I see what the problem is. If no certificate is exchanged the used
> certificate does not end up in the
Hi Karl,
> Yes. If the frag-eating monster does not get me BOTH certificates work
> (when sent from the server with the switch turned on.)
OK, I see what the problem is. If no certificate is exchanged the used
certificate does not end up in the remote auth-cfg in a way currently
used when
Thanks Tobias,
I compiled the kernel with res-gcm support and it now works fine.
One other issue - the client is actually a router, and NATed clients behind it
can’t seem to access the internet, although the client itself can.
Any thoughts?
> On 5 Jul 2017, at 15:48, Tobias Brunner
On 7/5/2017 09:25, Tobias Brunner wrote:
> Hi Karl,
>
>> BTW is the OCSP check failure due to lack of "curl" support in the
>> Android client?
> No, it's because the revocation plugin can't build an OCSP request (only
> the x509 plugin can do so but on Android we use the openssl plugin to
> parse
Hi Karl,
> BTW is the OCSP check failure due to lack of "curl" support in the
> Android client?
No, it's because the revocation plugin can't build an OCSP request (only
the x509 plugin can do so but on Android we use the openssl plugin to
parse certificates so that plugin isnt' enabled). I
On 7/5/2017 02:47, Tobias Brunner wrote:
> Hi Karl,
>
>> Except that I can't install the server's certificate into Android's
>> storage (whether from the base "Security" tab or in the StrongSwan
>> client); it refuses and says there's no certificate it can import.
> If you tried the import option
Hi Jamie,
> Server is Ubuntu 17, Client LEDE trunk. Authentication happens, but I think
> client and server cannot agree on an algorithm?
They do, but the chosen algorithm (probably AES-GCM) apparently is not
supported by the client's kernel:
> 16[KNL] received netlink error: Function not
>Yes, IPs are assigned based on the remote identity. If an existing
>lease for an identity is found, which is not currently assigned to a
>client, it will be reused.
Sigh! my fault. Just tested again and stuff working as expected
Rgds
Alex
On 5 July 2017 at 11:35, Tobias Brunner
Hi,
New user here. I’m having trouble with a Strongswan client/server connection,
which I believe is due to the encryption algorithm choice.
Server is Ubuntu 17, Client LEDE trunk. Authentication happens, but I think
client and server cannot agree on an algorithm? if I leave the ike and esp off
Hi Alex,
> Everything works except when i connect to SSWan from multiple apple
> devices with same .mobielconfig each remote client gets the same ip
> address assigned.
>
> Currently sitting with connection from iOS 10 and macos 10.12 both with
> same ip address assigned.
>
> I'm guessing its
Hi,
Running 5.5.3 and using attr-sql to assign ip addresses out of an ip pool
Built a .mobilconfig flle which users can download from a website to instal
on their machine.
Everything works except when i connect to SSWan from multiple apple devices
with same .mobielconfig each remote client gets
Hi Karl,
> Except that I can't install the server's certificate into Android's
> storage (whether from the base "Security" tab or in the StrongSwan
> client); it refuses and says there's no certificate it can import.
If you tried the import option in the CA certificate view of the app and
it
17 matches
Mail list logo