Hi Jafar,
You are right!
After I allowed user “frr” to access “charon.vici”, the error message is gone.
Now I’m getting this error message.
2017/11/08 15:41:45 NHRP: VICI: StrongSwan does not support mandatory events
(unpatched?)
I installed tteras’ patched version of strongswan.
However
I've installed strongswan on a new CentOS 7 server following
https://raymii.org/s/tutorials/IPSEC_vpn_with_CentOS_7.html
Connections from Windows 10 and Android are fine. My understanding of all
things VPN is very basic.
Getting the backup CentOS 6 libreswan connected has stumped me, I'm unable
As far as I know android clients are not supported curve25519.
You may use a wildcard (*) as in this:
rightid="C=SE, O=OurDomain, OU=rogue, CN=*"
Den 2017-11-07 kl. 13:48, skrev Ben Lavender:
>
> Hello, we have recently setup a host-to-host connection using IKE1
> with strongSwan on Linux and Windows using certificate authentication.
> We also have a
Den 2017-11-07 kl. 17:19, skrev Rafał Sanocki:
> Hi,
>
> I try connect client :
> strongSwan 5.6.0, Android 8.0.0 - OPR4.170623.009/2017-10-05, Nexus 5X
> - google/bullhead/LGE, Linux 3.10.73-ga51b1600b7f8, aarch64
>
> server:
> ipsec version Linux strongSwan U5.6.0/K4.13.2
>
> connection type
>
Terry,
From the limited information you are giving, my guess is that nhrpd
doesn't have permissions to access the VICI socket. nhrpd is probably
configured as part of FRR/Quagga with permissions to access
/var/run/frr or /var/run/quagga only. Whereas the vici socket, according to
Hi,
I try connect client :
strongSwan 5.6.0, Android 8.0.0 - OPR4.170623.009/2017-10-05, Nexus 5X -
google/bullhead/LGE, Linux 3.10.73-ga51b1600b7f8, aarch64
server:
ipsec version Linux strongSwan U5.6.0/K4.13.2
connection type
conn vpn-ikev2
keyexchange=ikev2
type=transport
> Hi,
>
> I’m trying to setup nhrpd with strongswan, and I’m getting this error message.
>
> Failure connecting VICI socket: permission denied
>
> I wonder if there is a way to test the VICI socket and see if it’s running
> properly?
>
> Regards,
>
> Terry
On 11/7/2017 07:37, Tobias Brunner wrote:
> Hi Joshua,
>
>> I got some problems about the configuration of strongswan, no matter
>> how I configured the IKEv2 connection just couldn't establish.
> This doesn't look like a configuration issue but a network problem. The
> client does not seem
Hi Martin,
> Client connects sucessfully and i can see tcpdumped traffic coming from VPN
> client to the destination hosts (on the backend router). Trouble is the
> returning traffic.
> Traffic reach the strongswan machine a from there it is not directed back to
> VPN client.
Please refer to
Hi Joshua,
> I got some problems about the configuration of strongswan, no matter
> how I configured the IKEv2 connection just couldn't establish.
This doesn't look like a configuration issue but a network problem. The
client does not seem to receive the IKE_SA_INIT response sent by the
Hello, we have recently setup a host-to-host connection using IKE1 with
strongSwan on Linux and Windows using certificate authentication. We also have
a requirement to add multiple other windows hosts to the configuration on
strongSwan. We originally setup the conn with the rightID parameter
Hi Joshua,
from client side you should also read some auth failures.
Probably it means that the ca.crt is not valid or client doesn't understand
the auth-type because of missing plugin dependencies, It could depend by
the client type as well, if Linux with charon-cmd you have to specify the
Hi everyone,
could you please help me with the following trouble?
I am tring to set up the ikev2 vpn access to our backup testing environment.
Clients are mostly Windows 10.
Client connects sucessfully and i can see tcpdumped traffic coming from VPN
client to the destination hosts (on the
Hi all,
Does anybody know if VXLAN over IPSec is supported by Strongswan?
Thanks,Sankar
Hello,
I got some problems about the configuration of strongswan, no matter
how I configured the IKEv2 connection just couldn't establish. The
strongswan's log is like this:
Nov 7 18:52:21 05[NET] <1> received packet: from 183.131.17.162[380] to
47.90.13.129[500] (616 bytes)
Nov 7 18:52:21
16 matches
Mail list logo