Hi Noel,
I am trying to ping vti interfaces, when i ping i see the traffic coming
back but i don't see it on ipsec0, however i see the traffic on eth3
interface after it is decrypted, don't see the same reaching ipsec0.
# tcpdump -ni eth3 icmp
tcpdump: verbose output suppressed, use -v or -vv fo
Hi,
Is there a way to configure strongswan to block client to client traffic
without using iptables?
Loc
From: Loc Nguyen
Sent: Wednesday, November 29, 2017 11:15 AM
To: Noel Kuntze; users@lists.strongswan.org
Subject: Re: [strongSwan] Isolate clients and force local network traffictoan
interf
To make this even more obvious, the name of such config item should
refer to "local" as :
"StrictLocalCert=yes" or "EnforceValidLocalCert=yes"
On 12/7/2017 11:17 AM, Jafar Al-Gharaibeh wrote:
Hi Andreas,
I agree with you completely. I wasn't suggesting to change the
default behavior, sor
Hi Andreas,
I agree with you completely. I wasn't suggesting to change the
default behavior, sorry I didn't make that clear. I was thinking of
adding a new connection configuration item like "StrictCert=yes" or
"EnforceValidCert=yes" to achieve the new behavior. The default for such
a new
Hi Jafar,
I don't see any sense in strongSwan verifying local certificates.
At the extreme people are using self-signed certificates where there
is no trust chain at all both for the local and the remote end.
In that case trust has to be established over out-of-band channels.
You are free to pat
That's not possible.
On 07.12.2017 11:33, Alex Sharaz wrote:
> Hi,
> I've configured my vpn server ( 5.6.1) to use eap-radius to pass auths to our
> RADIUS service .
>
> I've also configured eap-radius.conf to pass the Calling-Station-Id and
> Framed-IP-Address to the RADIUS server.
>
> Unfortu
Hi,
I've configured my vpn server ( 5.6.1) to use eap-radius to pass auths to
our RADIUS service .
I've also configured eap-radius.conf to pass the Calling-Station-Id and
Framed-IP-Address to the RADIUS server.
Unfortunately what appears at the radius server seems to be the IPv4/IPv6
address of t