[strongSwan] Cisco issues with FlexVPN

2019-09-30 Thread Volodymyr Litovka
Dear colleagues, sorry for possible offtopic. Not sure this is Strongswan's issue, but probably there are people who use Cisco and can comment. Did anybody face such issue on Cisco IOS routers? - https://community.cisco.com/t5/vpn-and-anyconnect/flexvpn-much-ipsec-sa-on-tunnel/m-p/3930044 Thank

[strongSwan] No traffic between Strongswan 5.6.2 server and 5.7.2 roadwarrior, works in other client versions

2019-09-30 Thread Alexander Hill
Hi, I have a roadwarrior setup with a server running 5.6.2 on Ubuntu Bionic. Clients are a mix of 5.6.2 (Bionic), 5.3.5 (Xenial) and 5.5.1 (Stretch) and all work fine. I'm testing an updated client image on an Asus Tinkerboard S with Armbian Buster which ships with 5.7.2. On this client, I can co

Re: [strongSwan] xauth authentication backend

2019-09-30 Thread Tobias Brunner
Hi Christoph, > Is the local RADIUS server the recommend approach or would it be > possible to write a custom xauth-plugin? Sure, but that's probably a lot more work than using RADIUS. > Is there a way to load plugins dynamically at runtime? Load them dynamically after the daemon has already s

Re: [strongSwan] xauth authentication backend

2019-09-30 Thread Noel Kuntze
Hello, You can express arbitrary authentication logic in FreeRADIUS. I do not know if you can do checks in parallel to save time or if FreeRADIUS does that by itself automatically already. No, you can't load plugins at runtime. (Yeah, mixed top and bottom posting like pros) Kind regards Noel

Re: [strongSwan] strongSwan 5.7.2: received retransmit of response with ID 0, but next request already sent

2019-09-30 Thread Noel Kuntze
Hello, I'd say the remote peer doesn't get the reply. Kind regards Noel Am 30.09.19 um 05:37 schrieb yni...@sina.com: >  HI all, > > I got a problem on my debian 10 PC box when connecting to a windows VPN > server. > > The strongSwan always  returns the error:  "received retransmit of respon

Re: [strongSwan] xauth authentication backend

2019-09-30 Thread Michael Schwartzkopff
Am 30.09.19 um 10:00 schrieb Christoph Harder: > Hello, > > thank you for the help so far. > > Is the local RADIUS server the recommend approach or would it be > possible to write a custom xauth-plugin? > > I suspect most RADIUS servers do provide a way to do authentication by > database (e.g. a lo

Re: [strongSwan] xauth authentication backend

2019-09-30 Thread Christoph Harder
Hello, thank you for the help so far. Is the local RADIUS server the recommend approach or would it be possible to write a custom xauth-plugin? I suspect most RADIUS servers do provide a way to do authentication by database (e.g. a locally running SQL database) or directory (LDAP and Active