Thanks Noel!,
Going back to the config options, what exactly is engine_id here:
charon.plugins.openssl.engine_id [pkcs11]
ENGINE ID to use in the OpenSSL plugin.
Thanks,
Jafar
On 11/9/2017 2:56 PM, Noel Kuntze wrote:
That those are all the options you can set.
The first
That those are all the options you can set.
The first plugin that provides a feature is used. rdrand will only be used as
PRNG, if it is loaded earlier than openssl.
If a plugin uses another plugin's PRNG implementation depends on the exact code.
On 09.11.2017 21:42, Jafar Al-Gharaibeh wrote:
What about?
what if I enable rdrand above does that become the default for all random
numbers used by strongswan ignoring OpenSSL's RNG?
Does enabling those other RNG plugins have any effect on OpenSSL itself? I.e is
there a way to set OpenSSL's RNG directly from Strongswan?
On
Hi,
I am compiling StrongSwan with these options:
--enable-openssl #enables the OpenSSL crypto plugin.
#--enable-rdrand # don't enable Intel RDRAND random generator plugin.
--disable-random #disable RNG implementation on top of /dev/(u)random.
Looking through the code, OpenSSL
I have requirements for a VPN which is always up. The initiator must
always be reachable from the responder. The initiator may not have a
static IP address.
I've seen recommendations for implementing this requirement on the
initiator using kernel trap, e.g.
"start_action = trap"
which also
Hi Gordon,
> Connections from Windows 10 and Android are fine. My understanding of
> all things VPN is very basic.
That's because they use IKEv2, which is what you configured in strongSwan.
> Getting the backup CentOS 6 libreswan connected has stumped me, I'm
> unable to get past "no IKE config