ct
eap-dynamic->eap-tls clients to that one CA in the presence of multiple
connections on the same device that may use a different CA or certificates.
Kind regards,
Andreas
--
==========
Andreas Steffen and
Memory leaks are written to the log when the charon daemon exits and
all memory is released. Sending a HUP doesn't help.
On 05.08.22 15:21, Michael Schwartzkopff wrote:
On 05.08.22 14:36, Andreas Steffen wrote:
Hi Michael,
I'm not aware of any memory leak that we fixed. You could
rate.
As far as I read the changelog, no memory leak was fixed in 5.9.6 and
5.9.7.
Any idea how to proceed to pin down the cause of the leak? 200 kB/h
impacts the embedded device.
Mit freundlichen Grüßen,
==
Andreas St
305[openssl]
Do we miss a kernel module?
As far as I can see, we compiled the necessary module into the kernel,
which option would the algorithm be in the kernel?
Mit freundlichen Grüßen,
--
==========
swanctl.conf.
Cheers
Andreas
On 28.09.21 07:06, rathiranair wrote:
Hello
What is the configuration setup for implementing udp encapsulation?
Regards
Athira
==
Andreas Steffen andreas.stef...@strongswan.org
uniqueids = no
======
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
strongSec GmbH, 8952 Schlieren (Switzerland)
==
Confidential; Commercially Sensitive Business Data
======
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
strongSec GmbH, 8952 Schlieren (Switzerland)
==
D 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1
>
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
strongSec GmbH, 8952 Schlieren (Switzerland)
==
_4.x86_64"
>
> What is the difference between the two versions? Is one 32-bit and one
> 64-bit?
>
> *Dave Pearce*
>
> Blue Origin OLS
>
> dpear...@blueorigin.com <mailto:dpear...@blueorigin.com>
>
====
Hi,
the recording of the strongSwan and wolfSSL Webinar is now available
under the following link:
https://www.youtube.com/watch?v=Ul_M3XzRa4Q
Best regards
Andreas
On 28.05.21 13:30, Andreas Steffen wrote:
> Please join us for our upcoming webinar with Security Expert Eric
> Blank
Please join us for our upcoming webinar with Security Expert Eric
Blankenhorn from wolfSSL and Andreas Steffen from the strongSwan Project.
Leveraging the FIPS-certified security of wolfSSL and the power of
strongSwan to make a more perfect VPN!
strongSwan and wolfSSL are coming together to
is a 30sec timeout on the IPsec gateway. Is there
> a chance to increase this timeout (using stroke, ie. ipsec.conf)?
> https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection
> mentions only the DPD timeout (150 sec per default) and the inac-
> tivity timeout (child sa only,
gards,
RG.
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Networked Solutions
University of Applied Sciences Rappe
18DADC661F7EB7698D90A5ECEC8DB81EC258089F8E48EEBB2313BE63C33FF5
I'm fairly new to strongswan so I might have missed something in the server
configuration. Any hint is welcome.
Thanks
[1] https://wiki.strongswan.org/projects/strongswan/wiki/Fortinet
--
=======
Hello George,
you have to enable one of the libstrongswan plugins that support
ellicptic curve cryptography. Either the openssl, wolfssl or botan
plugin.
Best regards
Andreas
On 05.11.20 20:20, george wrote:
eature PUBKEY:ECDSA in plugin 'pem' has unmet dependency: PUBKEY:ECDSA
r confidential or otherwise legally exempt
> from disclosure. If you are not the named addressee, you are not
> authorized to read, print, retain, copy or disseminate this message or
> any part of it. If you have received this message in error, please
> notify
>
> Thank you for advice,
> Houman
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Scienc
But I think the remote side is not configured
for EAP-based client authentication or cannot
find its private signature key so AUTHENTICATION
FAILED ensues. Any chance of getting the remote log?
Andreas
On 11.05.20 08:45, Andreas Steffen wrote:
> Hi,
>
> in the remote section you ha
UP)
> N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR)
> N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
> [NET] sending packet: from xx.XX.yy.YY[4500] to
> xx.XX.zz.ZZ[4500] (432 bytes)
> [NET] received packet: from xx.XX.zz.ZZ[4500] to
> xx.XX.yy.YY[4500] (80 bytes)
of the key install on a client one still
> needs the password to use them.
>
>
>
> Regards
>
> Dries
======
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN So
gt; change: CONNECTING => DESTROYING
>
> What do I need to change in the android client configuration? I would
> prefer not to touch the linux server as it is working with windows
> clients, but will do so if absolutely necessary. Thank you for your
> assistance in this matter
stuck somewhere or missing something.
>
> My setup is:
> client -> Strongswan(centos 7) -> radius(free radius,centos 7) ->
> AD(Microsoft)
>
> Can you provide some guidance regarding this? I've to complete this
> project this month.
>
> Thank
between them in this
> context?
>
> Many Thanks,
> Houman
>
> On Wed, 31 Jul 2019 at 11:14, Andreas Steffen
> mailto:andreas.stef...@strongswan.org>>
> wrote:
>
> Hi Houman,
>
> you can get the number of active IKE SAs via
>
> swanctl --l
t; today and have a acctstoptime that is null. The count of these records
> would be the approximate number of active connections to the server.
>
>
> Is there a better way to achieve this or do you agree to this approach?
>
>
>
> Many Thanks,
>
> Houman
>
t; ipsec[1592]: charon (1601) started after 20 ms
> ipsec_starter[1592]: charon (1601) started after 20 ms
> charon[1601]: 07[CFG] received stroke: add connection 'myvpn'
> charon[1601]: 07[CFG] added configuration 'myvpn'
>
>
> Why did you
nprem-to-azure' inacceptable: constraint
> checking failed
> [CFG] no alternative config found
> [ENC] generating INFORMATIONAL request 2 [ N(AUTH_FAILED) ]
> [NET] sending packet: from 172.26.0.85[4500] to $MY_ON_PREM_EXT_IP[4500] (65
> bytes)
> initiate failed: establishing CH
NC/PTS feature compliant with TPM 1.2 and TPM 2.0 ?
>
> Thanks
>
>
>
>
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Networked Soluti
t;
> Thanks.
======
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-
transmit 5 of
request with message ID 1
Mar 15 00:37:41 klick001 charon: 14[NET] sending packet:
from 10.138.0.4[4500] to 200.10.1**.***[4500] (988 bytes)
Please assist as we are about to go live soon.
Thanks in advan
hat seamlessly?
>
> Many Thanks,
>
--
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences R
t; And what does 'length of TRAFFIC_SELECTOR_SUBSTRUCTURE substructure
> list invalid' means, I tried finding it in RFC, but could not find
> the same.
>
>
> Thanks & Regards,
>
> Yogesh Purohit
>
>
>
>
us --enable-openssl \
> --enable-eap-peap
>
> NPS
>
>
>
>
>
> Windows 10 reports:
>
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Op
tack mentioned for PSK based auth (irrespective of the PSK
> chosen by the user)?
>
>
> Thanks,
>
> Sandesh
>
>
> On Fri, Aug 31, 2018 at 3:50 PM Andreas Steffen
> mailto:andreas.stef...@strongswan.org>>
> wrote:
>
> Hi Sandesh,
>
>
ws.com/2018/08/20/ipsec-vpn-connections-broken-using-20-year-old-flaw/
> https://securityaffairs.co/wordpress/75352/hacking/key-reuse-ipsec-attack.html
>
> Thanks,
> Sandesh
==========
Andreas Steffen an
1 pkcs7 pkcs8 pkcs12 pgp
> dnskey sshkey pem fips-prf gmp curve25519 xcbc cmac hmac attr
> kernel-netlink resolve socket-default stroke vici updown xauth-generic
> counters
> 00[JOB] spawning 16 worker threads
>
> Please guide me on what did i miss?
>
> --
> Regards,
>
v/csrc/media/publications/sp/800-131a/rev-1/final/documents/sp800-131a_r1_draft.pdf
> [2]
> https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-57pt1r4.pdf
> [3]
> https://wiki.strongswan.org/projects/strongswan/wiki/SecurityRecommendations
>
--
=
f x509 certificates supported by both the above plugins?
> So, if I am enabling openssl plugin, can x509 plugin be disabled?
> My use case requires using x509 certificates, without CRL or OCSP support.
>
> - Divya
>
--
=========
from it, that switching to
> ESAPI is possible but not in the nearest future as ESAPI is quite new
> and require some significant time to learn how to use it. Am I correct?
>
> Pozdrowienia/Regards,
>
> Piotr Parus
>
>
>
> W dniu 26.06.2018 o 17:07, Andreas St
; Best regards,
>
> Piotr Parus
>
--
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Networked Solutions
HSR Universi
:43 schrieb Andreas Steffen:
>> Hi Sven,
>>
>> you can use certificate policies which are based on OIDs.
>>
>> With swanctl.conf:
>>
>> remote {
>> auth = pubkey
>> cert_policy =
>> ...
>> }
>>
>> or w
um 18:47 schrieb Andreas Steffen:
>> Hi Sven,
>>
>> according to section 5.1.3.12. "ExtendedKeyUsage" of RFC 4945
>> "The Internet IP Security PKI Profile of IKEv1/ISAKMP, IKEv2, and PKIX"
>> the IPsec User EKU is deprecated:
>>
>&g
c, if it is set. We may use some other flags
> out of our own space too.
>
> How can I check in StrongSwan, if a certain EKU exists?
>
> Regards
> Sven Anders
>
--
==
Andreas Steffen
509_parse_generalNames() to fail).
Regards,
Tobias
--
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Networked Solutions
University of Applied
'my.C_NK_VPN.pem' failed
Kind regards,
Mike.
--
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Networked Sol
:58, Modster, Anthony wrote:
Hello
? how to configure VICI for PSK
Thanks
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Instit
correct way to start strongswan
without 'ipsec start' ?
--
======
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for
6
rightauth=psk
esp=3des-aes-sha1-md5-modp1024
ike=3des-sha1-md5-modp1024
auto=add
type=tunnel
Thanks,
Balaji
--
==========
Andreas Steffen andreas.stef...@strongswan.
server has to
be configured.
Regards
Andreas
On 29.03.2018 20:12, Info wrote:
>
> On 03/29/2018 10:21 AM, Andreas Steffen wrote:
>> Hi,
>>
>> yes you can fully integrate a remote host into a LAN by using the
>> farp and dhcp plugins on the VPN gateway so that the gatew
ransitioning the LAN to
> IPV6. As my ISP will not foreseeably have IPV6 (Frontier Comm) I'll
> need to use a tunnel broker. Will this be a problem with Strongswan,
> and can the Android app do IPV6?
>
>
> On 03/28/2018 02:35 PM, Andreas Steffen wrote:
>> The co
it also doesn't explain
> "classic and combined-mode algos" nor not to mix them. I can't know
> these things by instinct.
>
> Something else is wrong with the example. I copied it -exactly- (except
> I used your esp_proposals), and the error log is attached.
AC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_1024
> Tue, 2018-03-27 15:26 15[CFG] local:
> Tue, 2018-03-27 15:26 15[CFG] id = cygnus.darkmatter.org
> Tue,
nectivity.
>>>
>>> I know the iPhone 4 is almost 8 years old, however, mine looks like I
>>> bought it yesterday, and the battery is still in a perfect shape, and I
>>> don't want to buy a new one in the foreseeable future. Please may I ask to
>>> pick the best cipher from
, hard 0(sec)
> expire use: soft 0(sec), hard 0(sec)
> lifetime current:
> 0(bytes), 0(packets)
> add 2018-03-12 18:15:44 use -
> src ::/0 dst ::/0 uid 0
> socket out action allow index 20 priority 0 share any flag (0x)
> lifetime c
,
> scheduled: 0
>
> loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509
> pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp
> curve25519 xcbc cmac hmac attr kernel-netlink socket-default stroke vici
> updown xauth-generic
>
>
>
7;t work that way, other than nobody gotten around to doing it?
>
> Regards,
> Jafar
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswa
t;
>
> Thanks in advance,
>
> Rajeev
>
--
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Networked Solutions
HSR Univer
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Networked Solutions
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland
t
> left=10.127.47.104
> leftsubnet=10.127.47.104/32
> leftid=10.127.47.104
> right=10.104.108.110
> rightsubnet=10.104.108.110/32
> rightid=10.104.108.110
> auto=start
>
> ~
> Regards,
> kalyani
>
--
] On Behalf Of Andreas
Steffen
Sent: Saturday, December 16, 2017 2:23 AM
To: Modster, Anthony ; users@lists.strongswan.org
Subject: Re: [strongSwan] OSCP
Hello Anthony,
if the OCSP URI is not included via an authorityInfoAccess extension in
the end entity certificate itself then an authority
>
>
> I did not find anything the docs.
>
>
> Mit freundlichen Grüßen,
>
--
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www
e needed on the host
>
>
>
> Thanks
>
>
>
--
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Networked Solutions
HSR
7:34 +0100
From: Andreas Steffen
To: Jafar Al-Gharaibeh , users@lists.strongswan.org
Hi Jafar,
locally loaded certificates are always trusted.
Regards
Andreas
On 07.12.2017 07:44, Jafar Al-Gharaibeh wrote:
Hi,
I have noticed that when configuring the local certificate in a
connection via
ugh a CA tustchain.
Thanks,
Jafar
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Networked Solutions
Universi
> rightsourceip=10.10.10.0/24
> rightsendcert=never
> eap_identity=%identity
>
> My /etc/ipsec.secrets contains:
>
> 128.199.36.88 : RSA "/etc/ipsec.d/private/vpn-server-key.pem"
> vpnusername %any% : EAP "vpnpasswordredacted"
>
> What might b
ither in GW1 or in GW2
- So my query is: whats the use of the option
"righthostaccess=yes"...where and when do we use this option?
thanks & regards
Rajiv
--
==
Andreas Steffen and
as to be decrypted
once by the device.
Many thanks,
Mario
--
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for N
T Root CA01, CN=TEST CableLabs
> Root Certification Authority"
>
> issuer: "C=US, O=CableLabs, OU=TEST Root CA01, CN=TEST CableLabs
> Root Certification Authority"
>
> validity: not before Nov 11 17:19:44 2014, ok
>
>
s me the following error:
>
>
> bash: caKey.der: Permission denied
>
>
> I tried to run it with sudo and I get the same error. I assume the key
> would be populated in:
>
> /etc/ipsec.d/private
>
>
> Any help is appreciated!
>
>
--
========
byte number. Thanks for confirming
that.
I also came across nonce plugin configuration:
nonce {
}
Is there really any thing configurable here or is that just there for
completeness?
Kind Regards,
Jafar
On 9/14/2017 1:56 AM, Andreas Steffen wrote:
Hi Jafar,
section 2.10 of IKEv2 RFC
Al-Gharaibeh wrote:
> Hi,
>
>What is the default length of the nonce used to establish and rekey
> IKE/Child SAs? is that based on the DH group? and is the length
> configurable?
>
> Thanks,
> Jafar
==========
nks,
Terry
--
======
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Networked Solutions
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (S
y the configuration backend, whether that private key is
> actually loaded into memory or it's just a reference to a key
> (as is the
> case here). Private keys on PKCS#11 tokens or in a TPM can't be
> accessed directly, so they never end up i
; Den 2017-08-04 kl. 19:04, skrev Noel Kuntze:
>> Hi,
>>
>> IIRC pfkey still uses the old truncation (It's mentioned in some
>> relatively recent ticket).
>> Try using kernel-netlink instead.
>>
>> Kind regards
>>
>> Noel
>>
>>
)
Regards
Andreas
On 04.08.2017 16:41, Dusan Ilic wrote:
> Hi Andreas
>
> One side is 2.6.36 and the other 3.10.20
>
>
> Den 2017-08-04 kl. 12:48, skrev Andreas Steffen:
>> Hi Dusan,
>>
>> this is a Linux kernel issue. Which kernel versions are you running
>
aes256-sha256-modp2048!
>>> esp=aes256-sha256-modp2048!
>>>
>>> Below combo doesn't work either:
>>>
>>> ike=aes256-sha256-modp2048!
>>> esp=aes128-sha256-modp2048!
>>>
>>>
>>> Also, are above settings good?
s not insert the Authentication
> payload in its IKE_AUTH response and this seems to make the initiator to
> send Authentication Failed."
>
> So, my question - What is EAP_ONLY sent? Is this configurable not to
> send it?
>
> - Shreyas
==
ritical plugin features
> 00[DMN] initialization failed - aborting charon
root@kltetmo:/ # pki --help
strongSwan 5.5.2 PKI tool
loaded plugins: aes des rc2 sha2 sha1 md5 random x509 revocation pkcs1
pkcs7 pkcs8 pkcs12 dnskey sshkey pem gmp hmac
========
forwards.
--
Piyush Agarwal
Life can only be understood backwards; but it must be lived forwards.
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
--
==
ou pls clarify this.
>
> cheers,
> vijaya
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Networked Solutions
HSR University of Applied
Security Associations (0 up, 0 connecting):
> none
>
> Problem is I have no SA Associations.
>
>
> I attach conf file from both sites. I have strongswan 5.2.1 on Debian 8 x64
>
> Thank you for any help.
>
>
--
===
it's still not binding to port 500. Is
> there any other place I should look at?
>
> Thanks,
> Di
>
>
> 2017-03-07 14:36 GMT-08:00 Andreas Steffen
> mailto:andreas.stef...@strongswan.org>>:
>
> Hi,
>
> selecting the --enable-all option is no
ome help on this, anything l missed or I should configure?
>
> Thanks,
> Di
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Networked So
(ADDR) SA TSi TSr
N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) ]
08[NET] sending packet: from 192.168.1.5[4500] to 192.168.1.11[33660]
(272 bytes)
11[NET] received packet: from 192.168.1.11[33660] to 192.168.1.5[4500]
(80 bytes)
11[ENC] parsed INFORMATIONAL request 12 [ N(AUTH_FAILED) ]
On 16.01.2017 20:39, Varun Singh wrote:
On Mon, Jan 16, 2017 at 6:04 PM, Michael Schwartzkopff wrote:
Am Montag, 16. Januar 2017, 20:06:45 schrieb Andreas Steffen:
Hi Varun,
we have customers who have successfully been running up to 60k
concurrent tunnels. In order to maximize performance
ation.
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switze
,
Mark
On Thursday, January 12, 2017 6:09 AM, Andreas Steffen
wrote:
Hi Mark,
you can find a [little-outdated] TNC server configuration HOWTO
under the following link:
https://wiki.strongswan.org/projects/strongswan/wiki/TNCS
In the meantime the TNC measurement policies are not hard-coded
any
@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil
P traffic so it was working.
Regards,
SSAdmin
Sent: Saturday, January 07, 2017 at 1:19 AM
From: "Andreas Steffen"
To: "ss admin" , users@lists.strongswan.org
Subject: Re: [strongSwan] Resubmission as plaintext - Strongswan with ESP-NULL
and ESP-NONE , NULL encryption and
roup = 10.1.9.119, IP = 10.1.9.119, Generating secret
keys: unknown encryption algorithm!
Jan 06 16:19:44 [IKEv1]Group = 10.1.9.119, IP = 10.1.9.119, Security
negotiation complete for LAN-to-LAN Group (10.1.9.119) Initiator, Inbound SPI
= 0xae679c9a, Outbound SPI = 0xcef968c7
Jan 06 16:19:4
appear to currently implement support RoHC over
IKEv2 (RFC 5857). I need to support this mode/extension and am trying
to understand the best approach. Any suggestions?
Thanks
Jordan
======
Andreas Steffen an
esp-sha-hmac
>
> crypto ipsec security-association lifetime seconds 3600
>
>
>
> crypto map revengemap 1 match address interestingtraffic
>
> crypto map revengemap 1 set peer 104.x.x.x
>
> crypto map revengemap 1 set ikev1 transform-set myVPN
>
> crypto map
omes this limitation?
> Does it come from StrongSwan implementation or from Linux kernel (as
> suggested by the error message)?
> Does anybody have ideas?
>
> Best regards,
> Gyula Kovacs
==========
Andreas Steffen
ssing something obvious, or does not understand this
feature, but I have no idea, what this can be.
Does anybody knows?
Best regards,
John,
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan
vvnrk.vanapa...@gmail.com <mailto:vvnrk.vanapa...@gmail.com>
>
>
> ___
> Users mailing list
> Users@lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
--
==
king
>>> to the kernel would require a kernel_ipsec_t as well. Is this correct?
>>
>> Yes.
>>
>> Regards,
>> Tobias
>>
> ___
> Users mailing list
> Users@lists.strongswan.org
> https://lis
ble 220 is
working!)
- FORWARD chain sees the source IP address as 192.168.2.X (host cannot
be reached until these packets are SNAT'ed to 10.2.0.3)
Richard Chan
==========
Andreas Steffen andreas.stef...@
Testing the availability of the strongSwan mailing list server.
Please disregard
Andreas
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution
Brian
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open S
strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
--
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Int
1 - 100 of 1348 matches
Mail list logo