ot;Use IPv6 transport addresses" option in the advanced profile settings?
>
> Regards,
> Tobias
>
--
Claude Tompers
Network and systems engineer
Fondation RESTENA
2, avenue de l'Université
L-4365 Esch/Alzette
OpenPGP_signature
Description: OpenPGP digital signature
kind regards,
--
Claude Tompers
Network and systems engineer
Fondation RESTENA
2, avenue de l'Université
L-4365 Esch/Alzette
OpenPGP_signature
Description: OpenPGP digital signature
, Claude Tompers wrote:
> Hello Tobias,
>
> Thanks a lot for you remarks. I will review the config.
>
> kind regards,
> Claude
>
>
> On 26/03/2020 17:11, Tobias Brunner wrote:
>> Hi Claude,
>>
>>> Before diving deeper into logs etc. Do these connection
Hello Tobias,
Thanks a lot for you remarks. I will review the config.
kind regards,
Claude
On 26/03/2020 17:11, Tobias Brunner wrote:
> Hi Claude,
>
>> Before diving deeper into logs etc. Do these connection settings look
>> good to you ? Thinking of all sorts of timers.
> There is lots of ques
; figure out what's wrong.
>
> Kind regards
>
> Noel
>
> [1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests
>
> Am 24.03.20 um 14:26 schrieb Claude Tompers:
>> Hi Tom,
>>
>> leftsendcert is set. Here are the details of th
t; https://wiki.strongswan.org/projects/strongswan/wiki/AppleClients#IKEv2-on-iOS-9-amp-macOS-1011-and-newer
>
> leftsendcert=always solves a similar issue for us, I believe.
>
> Perhaps you could post some details of your installation?
>
> Tom
>
> On Mar 24, 2020, at 6:56 AM, Cla
Hi all,
Our whole team has issues with the native OSX VPN client not being very
stable with our strongswan VPN server.
Connections drop sometimes randomly but certainly after roughly 55 minutes.
I'm wondering if anyone has the same issue and managed to solve it, or
if there's another Mac VPN clien
Hi Tobias,
Sorry, I missed that one. Thanks for the info.
kind regards,
Claude
On 06/03/2020 11:21, Tobias Brunner wrote:
> Hi Claude,
>
>> Is this a known issue ?
> Yes, see [1].
>
> Regards,
> Tobias
>
> [1] https://wiki.strongswan.org/issues/974
--
Clau
+0x94) [0x7fff69f9be65]
-> _pthread_start (in libsystem_pthread.dylib) + 148
/usr/lib/system/libsystem_pthread.dylib @ 0x7fff69f96000
(thread_start+0xf) [0x7fff69f9783b]
-> thread_start (in libsystem_pthread.dylib) + 15
killing ourself, received critical signal
kind regards,
Claude
On 08/12/2014 01:49 PM, Tobias Brunner wrote:
> Hi Claude,
>
>> The phone is an Sony Xperia Z1C with Android 4.4.2.
> The app won't work properly on 4.4 before 4.4.3, see [1] and related issues.
>
>> Aug 12 13:38:37 00[JOB] spawning 16 worker threads
> Hm, never seen it stop so early. Does that ha
Hello,
I suppose my Android phone did update the strongswan app without asking me.
Without any changes, it stopped working. I can't see any activity on the
vpn server.
I attached the clients log file. The phone is an Sony Xperia Z1C with
Android 4.4.2.
Does anybody else have this issue ?
kind r
On Mon, 17 Mar 2014 14:34:14 +0100
Mikael Magnusson wrote:
> On 03/17/2014 09:35 AM, Claude Tompers wrote:
> > Hello,
> >
> > We have some issues with strongswan on Android phones.
> > The phone gets both IPv4 and IPv6 addresses. When trying to connect
> > to th
instead of DNS names into the mail client.
Both IPv6 and IPv4 are known to work with other clients, for example
strongswan on Linux.
Is this a known issue with strongswan/Android ? Are there some tweaks
to get this to work ?
kind regards,
Claude
--
Claude Tompers
Ingénieur réseau et système
rightsendcert=never
rightid=
rightcert=
Is this configuration compatible with native OSX (and IOS) VPN clients ?
kind regards,
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche 6, rue Richard Coude
could be to install a dummy IP on a tun device just to remove it
> afterwards.
>
> I've pushed a new release [1] that adds such a workaround. Even if it
> is not very elegant, it works fine here.
>
> Regards
> Martin
>
> [1]http://download.strongswan.org/osx/str
unately I wasn't able to reproduce it reliably. Sometimes it works
> for days, sometimes it does not, might be a bug. I'll do some additional
> testing; maybe just increasing the (hardcoded) timeout helps.
>
> Regards
> Martin
>
- --
Claude Tompers
Ingénieur réseau et sy
t; launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist
>
> During startup or any changes to the Keychain, you should see something
> like:
>
> loaded 209 certificates from /System/Library/Keychains/...
> loaded 12 certificates from /Library/Keychains/...
>
>
Regards
> Martin
>
> [1]http://download.strongswan.org/osx/strongswan-5.1.0-3.app.zip
>
>
> ___
> Users mailing list
> Users@lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
--
Claude Tompers
Ingénieu
On 08/08/2013 02:33 PM, Martin Willi wrote:
> Hi Claude,
>
>> malloc_speed.o: undefined reference to symbol 'clock_gettime@@GLIBC_2.2.5'
> See http://wiki.strongswan.org/issues/373#change-1099 .
>
> Regards
> Martin
>
Hi Martin,
Thanks for your quick reply.
[all-recursive] Error 1
make[1]: Leaving directory `/usr/src/strongswan-5.1.0'
make: *** [all] Error 2
Any hint how to fix this ?
kind regards,
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
oblem.
Rights on the files are ok. Am I missing something ?
kind regards,
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352
thinks that its VPN connection is
still alive but has no more connectivity.
Is this a known behaviour ? Is the issue on the server or the client side ?
kind regards,
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
ts5rc/ikev2/ip-two-pools-v4v6-db/
>
> Regards
>
> Andreas
>
> On 03/26/2013 09:46 AM, Claude Tompers wrote:
> > Hello,
>
> > My strongswan 5.0.2 installation has some bizarre behaviour with
> > IKEv2 connections that ask both an IPv4 and an IPv6 address.
&g
5.194 to peer 'C=LU ...
The client really ends up with two addresses from tech-v4 pool.
I've changed the following line in the server's ipsec.conf :
rightsourceip=%tech-v6,%tech-v4
The result was that strongswan distributed 2 addresses from the tech-v6
pool.
Is there an error in my
preferred way addressing this
issue. I attached it to this mail.
kind regards,
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409
gt; in rightid, such as "C=CH, O=strongSwan, OU=sales, CN=*".
>
> Regards
> Martin
>
Hi Martin,
Thanks for the explanations, it works. :)
kind regards,
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education
Hi,
Is the rightgroups parameter in ipsec.conf appicable to Certificate DN's ?
kind regards,
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxem
ID_PROT request with message ID 0
processing failed
Is this a known issue ? Is there a workaround to this so I can be
independent of the certificates size ?
kind regards,
Claude
On 09/10/2012 01:47 PM, Claude Tompers wrote:
> Hi Martin,
>
> I'm still under the impression th
instead of the system store in keychain. At least that's the only
difference I see.
Thanks a lot for you help and patience.
kind regards,
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue
On 09/06/2012 03:04 PM, Claude Tompers wrote:
> On 09/06/2012 12:20 PM, Martin Willi wrote:
>> Claude,
>>
>>> The other Mountain Lion had the exact same behaviour as mine (also
>>> 10.8.1),
>> Strange, as my 10.8.1 works just fine.
>>
>>> t
s will happen for 5.0.1.
> Fixed with [1], RADIUS accounting should work in upcoming releases when
> using IKEv1 with xauth-eap and eap-radius.
>
> Regards
> Martin
>
> [1]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=cf85ebbf
>
Awesome. Thanks a lot !! :)
regards,
erday discussion about
>> credential plugin)
> That's not entirely true. %prompt is still supported but not during a
> simple ipsec start. You have to use ipsec rereadsecrets to get the prompt.
>
> Regards,
> Tobias
>
--
Claude Tompers
Ingénieur réseau et sys
nces+richter=ecos...@lists.strongswan.org [mailto:users-
>> bounces+richter=ecos...@lists.strongswan.org] On Behalf Of Claude
>> Tompers
>> Sent: Tuesday, September 11, 2012 2:13 PM
>> To: Users@lists.strongswan.org
>> Subject: [strongSwan] %prompt not working
>>
&g
Hi,
My ipsec.secrets file contains the following line :
: RSA ctompers-key.pem %prompt
But instead of prompting me, strongswan-5.0.0 just says that it can't
find the private key.
Isn't this syntax supported anymore ?
kind regards,
Claude
--
Claude Tompers
Ingénieur réseau
profile is available at
> [2], after installation you should be able to connect with "tester" /
> "test". If this works, something is wrong with your setup, if not,
> something with your Mac.
>
> Regards
> Martin
>
> [1]http://demo.revosec.c
tions ?
kind regards,
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
signature.asc
Description: OpenP
ks for the test. My MacBook says it could not validate the server
certificate.
At least this shows that my Macbook isn't completely broken.
If you want to have a look at the logs, my machine's IP address is
158.64.1.176 or 2001:a18:1:8:.
The connection works on my iPhone.
The set
On 09/05/2012 02:33 PM, Claude Tompers wrote:
Hi Martin,
> Hi Martin,
>> Hi Claude,
>>
>>> Still the same error. One thing that also appears odd, is that I don't
>>> see a config selection line in the log ( ie: selected peer config
>>> "RESTEN
= crl_ext' line
in my openssl.cnf.
It works now.
thanks a lot for your help.
kind regards,
Claude
>
> Isn't this correct ?
>
> kind regards,
> Claude
>
>
>
> ___
> Users mailing list
> Users@lists.strongswa
planations.
I don't see an authorityKeyIdentifier in my CRL, but my openssl.cnf
contains :
[ crl_ext ]
authorityKeyIdentifier = keyid:always,issuer:always
Isn't this correct ?
kind regards,
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Résea
anymore ?
Why does strongswan compare the DN to a fingerprint ? Am I missing an
option there ?
kind regards,
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
there ?
Also, I had installed strongswan on my Macbook to test it. I imagine
there should be no interactions between both VPN clients ?
kind regards,
Claude
>
> Regards
> Martin
>
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Educati
l
the same as I posted.
kind regards,
Claude
On 09/03/2012 03:25 PM, Claude Tompers wrote:
> On 09/03/2012 03:09 PM, Martin Willi wrote:
>>> I just defined the certificate in the Mac interface but did not enter a
>>> username or password.
>> This won't work. If no
is now:
conn RESTENA
keyexchange=ikev1
rightauth=pubkey
rightauth2=xauth-eap
rightsourceip=%ikev1
kind regards,
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenho
ways trust'. The key in the p12 package was protected by
a password which I was asked on import, so I think that does not matter
anymore.
kind regards,
Claude
>
> Regards
> Martin
>
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinform
y. Am I right about that ?
What can I do to fix this ?
kind regards,
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +
; it are open source [2] (not the Windows frontend apparently).
>
> Regards,
> Tobias
>
> [1] http://www.shrew.net/software
> [2] http://www.shrew.net/download/ike
Hi Tobias,
This seems to work quite well.
Thanks for the tip.
kind regards,
Claude
--
Claude Tompers
Ingénie
gt; tickets. Will this work in future releases?
> Yes, that currently does not work. I'll try to fix this, but I'm not
> sure yet if this will happen for 5.0.1.
>
> Regards
> Martin
>
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformati
Hi,
I did just stumble over the Cisco Anyconnect App for iPhone and I
wondered if (and I may be completely wrong) that app does IKEv2 ?
As far as I know, the 'normal' Anyconnect client is capable to connect
with IKEv2.
If so, is it compatible with strongswan ?
kind regards,
Claude
1. I have some users that connect via Cisco VPN client. When do you
foresee that Cisco quirks work with Charon/IKEv1 ?
2. I have noticed that Charon/IKEv1 does not send radius accounting
tickets. Will this work in future releases ?
kind regards,
Claude
--
Claude Tompers
Ingénieur réseau et systè
Hello Martin,
Thanks a lot for the patches, they work great.
kind regards,
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409
ss, typically in the "Calling-Station-Id" field.
Is there a precise reason that this field is missing, or would it be
possible to add it in a future release ?
kind regards,
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Educat
ired to get NM
> fixed.
>
> Regards
> Martin
>
> [1]http://download.strongswan.org/NetworkManager/NetworkManager-strongswan-1.3.0.tar.bz2
> [2]http://mail.gnome.org/archives/networkmanager-list/2011-September/msg00037.html
>
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTE
because I don't have that machine
in my hands, so I'm just asking if there's any issue like this known to
you ?
kind regards,
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Rich
ers currently online.
thanks a lot for your help,
kind regards,
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352
Mar 29 18:18:57 2011 Mar 29 18:19:15
2011
...
(Example output for one user)
This does not seem to have disturbed their VPN connection but I wonder
what could have caused this.
kind regards,
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinfor
> by removing all checks for the '/' character, leaving only the
> tests for the ',' separator.
>
> Best regards
>
> Andreas
>
> On 29.10.2010 13:41, Claude Tompers wrote:
> > Is this something that will be changed in a future release or a
; On 29.10.2010 09:23, Claude Tompers wrote:
> > Thank you for your quick answer.
> > Is there no way to escape such characters ? i.e. "ST=n\/a"
> >
> > regards,
> > Claude
> >
> >
> >
> > On Friday 29 October 2010 09:14:43 A
guished Names (RDNs).
>
> openssl x509 -in carolCert.pem -notext -subject
>
> returns
>
> subject= /C=CH/O=Linux strongSwan/OU=Research/cn=ca...@strongswan.org
>
> and which can be used with right|leftid.
>
> Thus "ST=n/a" will cause a syntax err
53:24
> 2010 C=CH, O=Linux strongSwan, OU=Research, cn=ca...@strongswan.org
> bigpool 10.3.0.4static Oct 28 23:53:10 2010 Oct 28 23:53:20
> 2010 C=CH, O=Linux strongSwan, OU=Accounting, cn=d...@strongswan.org
>
> Best regards
>
> Andreas
>
> On 10/28/20
27;"
> > into the file ?
>
> No, the address file parser does this conversion for you, no need for
> manual conversion.
>
> > It does not work for users that authenticate with a certificate
>
> What does not work? Do you get an error?
>
> Regards
> Ma
lid SQL
> code:
>
> ./scripts/id2sql "O=strongswan, CN=test"
>
> > typeencoding
> > 9,
> > X'302431133011060355040a130a7374726f6e677377616e310d300b0603550403130474657374'
>
> Regards
> Martin
>
>
--
Claude Tompers
Ingé
9 validOct 28 14:48:24 2010 Oct 28 14:48:33 2010
C=LU, ST=n/a, L=Luxembourg, O=Fondation RESTENA, CN=Test Certificate
I suppose I use the wrong format for putting the certificate in the file ? How
does this work ?
kind regards,
Claude
--
Claude Tompers
Ingénieur réseau et système
Fo
n.git;a=commitdiff;h=1f2c32835519b31ac5a30c95de2102086dec3cf8
>
> should fix this. Alternatively you can try the latest release
> candidate 4.5.0rc3:
>
>http://download.strongswan.org/strongswan-4.5.0rc3.tar.bz2
>
> Regards
>
> Andreas
>
> On 10/25/2010 08:19
Is that something you are going to look into ? Maybe a bug ?
Claude
On Friday 22 October 2010 16:08:29 Andreas Steffen wrote:
> Yep, I have the suspicion that there might be an issue with either
> the attribute or total packet length.
>
> Andreas
>
> On 22.10.2010 15:47, Cl
So strongswan should send the exact same message, except for the actual string ?
On Friday 22 October 2010 15:37:46 Andreas Steffen wrote:
> But if you replace the standard banner by one defined via attr-sql,
> it fails? Strange!
>
> On 22.10.2010 15:04, Claude Tompers wrote:
>
>
> Regards
>
> Andreas
>
> On 22.10.2010 14:29, Claude Tompers wrote:
> > Hello Andreas,
> >
> > They all fail, as soon as I set one of them (unity_def_domain /
> > banner / unity_split_include). Cisco client says "Negotiating
> > secur
e jointly developed the attr-sql functionality
> but I didn't test the interoperability with the Chisco
> client myself.
>
> Regards
>
> Andreas
>
> On 22.10.2010 11:40, Claude Tompers wrote:
> > I attached the Ciso log.
> > I think the interesting pa
tributes because it just keeps
> retransmitting the ModeCfg request. Could you
> find out what errors occur in the Cisco log?
>
> Regards
>
> Andreas
>
> On 22.10.2010 10:48, Claude Tompers wrote:
> > Hi Andreas,
> >
> > Setting the leftsubnet did not
===
> Andreas Steffen andreas.stef...@strongswan.org
> strongSwan - the Linux VPN Solution!www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switz
Hello,
Does anybody know if the MacOS built-in VPN client will be able to do IKEv2 in
the new MacOS 10.7 Lion ?
kind regards,
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Ri
Hello,
Is it possible to do split tunneling with CISCO VPN client and pluto so that a
road-warrior is still able to access i.e. printers in his local network ?
kind regards
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Educ
send or receive any traffic.
>
> With the additional strongswan.conf option
>
> charon {
> inactivity_close_ike = yes
> }
>
> The IKE_SA corresponding to the CHILD_SA will be closed, too.
>
> Best regards
>
> Andreas
>
> On 20.10.2010 15:
Hi,
We are using strongswan in a road warrior configuration and some of our
warriors tend to keep their VPN connections going after usage.
Is there a way to put a maximum connection duration so that they disconnect
anyway after a given time ?
kind regards,
Claude
--
Claude Tompers
Ingénieur
Hello,
Is it possible to make strongswan listen only on a given interface ? I've
searched the man pages up and down but I did not find anything.
thanks a lot.
greetings,
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education
e are pluto specific options.
>
> > --enable-socket-raw
>
> What's the reason for enabling the raw socket? Using the default is just
> fine (socket-default if pluto disabled, socket-raw otherwise).
>
> If you enforce socket-raw for some reasons, you should d
dvance for your help
kind regards
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
signature.asc
Description:
ON environment variable is not set.
>
> > In ipsec.conf, I added : leftupdown="sudo ipsec _updown"
>
> Try to add -E to sudo to preserve ENV variables.
>
> > In /etc/sudoers, i added : vpn ALL = NOPASSWD: /usr/local/sbin/ipsec
>
> To allow -E, add SETENV
down="sudo ipsec _updown"
In /etc/sudoers, i added : vpn ALL = NOPASSWD: /usr/local/sbin/ipsec
Still I get the error below on the interface version.
Can you please help me on this ? Any idea is appreciated.
thank you very much
kind regards,
Claude
On Friday 09 July 2010 11:
in7 clients
> (behind NAT) use different IKE identities, the SAs are therefore
> different.
>
> Regards
> Martin
>
>
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard
eap_identity=%identity
rightauth=eap-radius
rightsourceip=192.168.120.192/26
thanks a lot for your answers
kind regards
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
sername for Windows 7
> > clients as well ?
>
> Not at this stage. The configuration selection uses the IKE identities.
> The EAP-Identity is not known yet, but we need a configuration that says
> we should use EAP to authenticate the client.
>
> The EAP-Identity is shown in &qu
Oops, sometimes I forget the most evident things.
I forgot to put the keyfile into the ipsec.secrets.
My bad, so sorry.
kind regards,
Claude
On Wednesday 07 July 2010 13:06:11 Claude Tompers wrote:
> Hello Stefan,
>
> Ok, in that case the IKEv2 ID is not that important, but why can&
ds,
Claude
On Wednesday 07 July 2010 10:11:50 Claude Tompers wrote:
> Hi,
>
> I've had it already compiled with --with-capabilities=libcap .
> I've tried sudo'ing and it has changed something, but I think there are still
> missing some bits.
>
> Here's
===
> Andreas Steffen andreas.stef...@strongswan.org
> strongSwan - the Linux VPN Solution!www.strongswan.org
> Institute for Internet Technologies and Applications
> University of A
I installed the certificate exactly the same way as my self-signed before. That
one worked perfectly.
Is it possible the the "/" or the "*" characters make some issues ?
thanks a lot in advance
kind regards
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RE
being reassigned to another user C on computer C for
example, even though user A is still online on machine A ?
Is there a way to "forbid" a user to login twice simultaniously ?
kind regards,
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinfor
pt.
> Pluto uses the updown script not only for firewalling, but also for
> route installation.
> You'll have to run the updown script with root privileges. Never tried
> it, but file system based capability settings might work. Another
> alternative is to define
> leftupd
being reassigned to another user C on computer C for
example, even though user A is still online on machine A ?
Is there a way to "forbid" a user to login twice simultaniously ?
kind regards,
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinfor
pt.
> Pluto uses the updown script not only for firewalling, but also for
> route installation.
> You'll have to run the updown script with root privileges. Never tried
> it, but file system based capability settings might work. Another
> alternative is to define
> leftupd
Delete SA payload: PROTO_IPSEC_ESP SA(0xb985df50) not found (maybe
expired)
The Cisco client says that the connection was successful though but the traffic
seems not to be decrypted and forwarded afterwards.
Any helpful ideas ?
Thanks in advance
kind regards
Claude
--
Claude To
Hello,
I recently added a feature request for radius accounting tickets in the
tracking system.
Is there a chance that this feature will make it in a future strongswan release
?
If so, could you give me a rough idea of when this will happen ?
thank you
kind regards
Claude
--
Claude Tompers
he location
> is defined in a separate AuthorityInfoAccess certificate extension.
> If you would like to have this feature supported in a future
> strongSwan release, please send me your certificate so that
> I can analyze it.
>
> Regards
>
> Andreas
>
> On 24.06.201
rwise
> the default pluto plugin load list will not be updated.
>
> Andreas
>
> On 24.06.2010 12:54, Andreas Steffen wrote:
> > Hi Claude,
> >
> > if you are using an explicit pluto.load statement in strongswan.conf
> > then you must add curl to the plugin list.
;
> Andreas
>
> On 24.06.2010 12:52, Claude Tompers wrote:
> > Thanks for your fast answer.
> >
> > I did recompile, the error message is now slightly different, but the
> > outcome is the same. :(
> >
> > Jun 24 12:47:48 vpn6-test pluto[1705]: fetchin
etch CRLs from the local file system. Compile
> strongSwan with
>
>./configure --enable-curl
>
> Regards
>
> Andreas
>
> On 24.06.2010 11:51, Claude Tompers wrote:
> > Hello,
> >
> > My strongswan server is unable to refetch crls.
> > When th
ejected
The permissions on the crl are :
-rw--- 1 root root 1064 May 21 08:13
/usr/local/etc/ipsec.d/crls/VPNCA-crl.pem
Any ideas ?
thanks very much
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Rec
> Andreas
>
> On 22.06.2010 16:16, Claude Tompers wrote:
> > Hello,
> >
> > I'm using strongswan 4.4.0 with ikev2 daemon charon.
> > The dns server entries from strongswan.conf are not pushed to the clients,
> > neither Windows 7 nor Ubuntu with strongs
troke
socket-raw kernel-netlink fips-prf eap-radius eap-mschapv2 eap-identity updown
plugins {
eap-radius {
secret = veryverysecret
server = my-freeradius-server
}
}
dns1 = 192.168.1.28
dns2 = 192.168.1.15
}
Any ideas to correct this issue ?
many thanks
Claude
--
C
TH payload.
>
> In its current form, you can't use FreeRADIUS for your setup, my
> apologies. One could extend FreeRADIUS to copy over the MPPE keys, but
> writing such a patch is not something I can do in a few minutes.
>
> Regards
> Martin
>
>
--
Claude Tomper
1 - 100 of 125 matches
Mail list logo