You can even use charon-cmd this way:
charon-cmd --host SERVER_HOSTNAME --profile ikev2-eap --identity LOGIN
--cert /PATH/TO/ca.crt
Using a valid CA lets Windows10 and MacOSX clients run without CA.crt, with
GNU/Linux we have to have ca.crt instead
2018-01-11 13:17 GMT+01:00 Noel Kuntze <
def gw Route's metric in Windows can be changed runtime.
If you want to fix the def gw from vpn in windows 10 just go in NIC
propriety of the vpn network interface, network, ipv4 -> Propriety,
Advanced, Use default gateway, then apply :)
https://goo.gl/Zj5ktL
2018-01-11 9:35 GMT+01:00 Marian
NAS-IP-Address = x.x.x.x
> NAS-Port = 10
> Message-Authenticator = 0x
> rad_recv: Access-Accept packet from host x.x.x.x port 1812, id=237,
> length=20
>
> Do I need to make any changes on the radius or Strongswan side to make
> them w
Hi RA,
Yes you can, I use NT-Password instead.
I get this working on LDAP and Freeradius
2018-01-09 14:07 GMT+01:00 RA :
> Hi.
>
> I have been able to follow the guides and tutorials online and
> successfully setup a Strongswan IKEv2 server which authenticates with a
> Freeradius
Ciao Marco,
Probably I'm wrong but I think that the Dead Peer Detection feature could
be helpfull for you
# dead-peer detection to clear any "dangling" connections in case
the client unexpectedly disconnects dpdaction=clear # If the tunnel
has no traffic for this long (default 30 secs),
ers-ml@thermi.consulting>:
> Not on openwrt. But you need plaintext or AD like passwords in LDAP.
> Otherwise you can't auth with mschap(v2).
>
> On 04.01.2018 14:38, Giuseppe De Marco wrote:
> > Yes Noel and thank you, my question is:
> > Is there any experiences about
mmand line tool. It's not a daemon (or generally a
> service).
> Are there any open questions?
>
> Kind regards
>
> Noel
>
> On 04.01.2018 14:14, Giuseppe De Marco wrote:
> > Hi and thank you Noel,
> > I meant to run ipsec and charon in the embedded openwrt router,
Hi and thank you Noel,
I meant to run ipsec and charon in the embedded openwrt router, I use dpd
as well
# dead-peer detection to clear any "dangling" connections in case
the client unexpectedly disconnects dpdaction=clear # If the tunnel
has no traffic for this long (default 30 secs), Charon
Hi,
Do you compile firmware by yourself or install packages in a stable release
using opkg command?
If you open the 4500 port means that you use ikev2/charon, isn't it?
I customize openwrt and lede firmwares for specific purposes, my packages
are here:
Hi Joshua,
from client side you should also read some auth failures.
Probably it means that the ca.crt is not valid or client doesn't understand
the auth-type because of missing plugin dependencies, It could depend by
the client type as well, if Linux with charon-cmd you have to specify the
Thank you Tobias, we really appreciate your time on it.
We are actually in production with stable 5.6.0 and we would also like to
know when next the stable release will have this patch deployed, to decide
when to drive the migration with patched stable release.
At this moment this is not a
I just had to tell you these informations,
I do not use mysql but mariadb as Debian9 standard introduces.
So, the development files upon the code was compiled are these:
libmariadbclient-dev-compat/stable,stable,now 10.1.26-0+deb9u1 amd64
2017-11-06 10:32 GMT+01:00 Tobias Brunner
charon[24548]: 14[IKE] assigning virtual IP 10.9.10.27
to peer 'giuseppe_dm'
2017-10-23 16:14 GMT+02:00 Simon Deziel <simon.dez...@gmail.com>:
> Hi Giuseppe,
>
> On 2017-10-23 06:56 AM, Giuseppe De Marco wrote:
> > I faced that there are no attr_sql support on stand
Using
Linux strongSwan U5.6.0/K4.9.0-4-amd64
compiled from sources on a Debian9, using mysql as database.
ipsec pool works very well, everything but --replace command that fails:
ipsec pool --replace net1_pool --addresses /etc/ipsec.pools
preparing MySQL statement failed: Commands out of sync;
I used Debian as Server and windows as clients in ike2 conn.
working setup can be found here
https://github.com/peppelinux/UniTools/blob/master/IPSec/ipsec.fw.sh
I never used ike1, sorry
2017-10-27 11:13 GMT+02:00 Ben Lavender :
> Anyone think they could assist
strongswan with
--enable--attr-sql
Thank you, I'll bring more usefull informations after all this, such the
setup notes
A huge setup migration is gonna to begin!
2017-10-16 22:08 GMT+02:00 Giuseppe De Marco <giuseppe.dema...@unical.it>:
> Hi all,
>
> I'm using Debian GNU/Lin
Hi all,
Is there someone that used attr_sql in Debian 9?
I cannot find this plugin into Debian 9 official strongswan packages.
If someone knows some workaround over this it would be very appreciated,
otherwise I think that I have to compile strongswan from sources.
Thank you
Hi all,
I'm using Debian GNU/Linux 9.2 (stretch) with standard strongswan package
from stretch apt repository (5.5.1-4+deb9u1).
The tunnel is a ikev2 with eap-radius authentication.
I'm facing the problem that Windows 10 clients doesn't send their right
identity.
Linux and Android clients works
18 matches
Mail list logo