[strongSwan] SuSe Enterprise Linux 11 SP4 - Missing libgcrypt.so.20()(64bit) Dependancy - StrongSwan 5.1.3

2015-09-06 Thread Paton, Andy
Hey Guys, Trying to get Strongswan configured on SEL 11, SP4 - but getting an error on install missing: libgcrypt.so.20()(64bit) Any thoughts on how I can resolve this? Or get a compatible StrongSwan package? Regards, Andy Paton - Bsc. (Hons), MBCS Mobility Architect [HP]

[strongSwan] unsubscribe

2015-08-01 Thread Paton, Andy
Andy Paton - Bsc. (Hons), MBCS Mobility Architect UK Public Sector [togaf9-certified] Planned Annual Leave: 10th - 24th August 2015 andy.pa...@hp.com atlas-ctosd-busde...@diif.r.mil.uk (restricted) andrew.pa...@hp.r.mil.uk

Re: [strongSwan] Android client + connection to strongswan server issue

2013-09-18 Thread Paton, Andy
Have you got IP forwarding enabled on your Gateway? Regards, Andy Paton - Bsc. (Hons), MBCS Innovation Engineer andy.pa...@hp.com -Original Message- From: users-bounces+andy.paton=hp@lists.strongswan.org [mailto:users-bounces+andy.paton=hp@lists.strongswan.org] On Behalf Of

Re: [strongSwan] regarding dns resolution

2013-09-04 Thread Paton, Andy
Rakesh, I think you would benefit from looking into the MOBIKE capabilities of Strongswan. This is there to cater with the change of IP address and re-homing the connection. Regards, Andy Paton - Bsc. (Hons), MBCS Innovation Engineer andy.pa...@hp.com [HP]

Re: [strongSwan] Strongswan as a VPN Hub with a single network adapter

2013-08-30 Thread Paton, Andy
What is your routing setup on the spokes? Regards, Andy Paton - Bsc. (Hons), MBCS Innovation Engineer andy.pa...@hp.com [HP] From: users-bounces+andy.paton=hp@lists.strongswan.org [mailto:users-bounces+andy.paton=hp@lists.strongswan.org]

Re: [strongSwan] about strongSwan VPN Client for Android 4.x

2013-08-21 Thread Paton, Andy
Hello, There is an already built APK available in the Google Play store. Which I recommend as your first port of call for learning. Also the android source, and make files are contained within the strongswan code repos. These can be found at strongswan.org. Regards, --

[strongSwan] Strongswan - 5.0.4 NAT Questions

2013-08-12 Thread Paton, Andy
All, I have a road warrior configuration, where the road warrior is behind NAT, connecting from a Virtual Machine, through to the gateway 10.1.0.2. In the logs the source IP of traffic to the gateway is the default gateway on the public network that hosts the SS GW. 10.1.0.1. However - I have

[strongSwan] Advice on Scaling up / out strongswan

2013-08-07 Thread Paton, Andy
All, I am now starting to look at our infrastructure design for deploying strongswan as a production VPN headend. We are looking at support around 70,000 VPN users, with persistent VPN connections (Always on). Are there any good resources on scaling up / i.e. At what point does throwing tin a

Re: [strongSwan] Query reagrding emergency call

2013-08-02 Thread Paton, Andy
Poonam, What do you mean by Emergency Call? Andy Paton - Bsc. (Hons), MBCS Innovation Engineer [HP] From: users-bounces+andy.paton=hp@lists.strongswan.org [mailto:users-bounces+andy.paton=hp@lists.strongswan.org] On Behalf Of Poonam2 Gupta Sent: 02 August 2013 09

[strongSwan] Strongswan 5.0.4 - Building Packages for Ubuntu Distibution

2013-07-25 Thread Paton, Andy
All, I am now ready to package up Strongswan to deploy more easily onto production systems and was just wandering the best way to achieve this for Ubuntu based machines? Ideally I want to create packages and all dependancies that I can push to a server on a non-internet connected gateway. How

Re: [strongSwan] StrongSwan Windows 8 IKEv2 (Using Agile VPN Client) Problems with 32-Bit version of windows 8.

2013-07-24 Thread Paton, Andy
...@hp.com<mailto:andy.pa...@hp.com> [HP]<http://www.hp.com/> -Original Message- From: Martin Willi [mailto:mar...@strongswan.org] Sent: 23 July 2013 14:10 To: Paton, Andy Cc: users@lists.strongswan.org Subject: Re: [strongSwan] StrongSwan Windows 8 IKEv2 (Using Agile VPN Clien

Re: [strongSwan] StrongSwan Windows 8 IKEv2 (Using Agile VPN Client) Problems with 32-Bit version of windows 8.

2013-07-23 Thread Paton, Andy
.pa...@hp.com> [HP]<http://www.hp.com/> -Original Message- From: Tobias Brunner [mailto:tob...@strongswan.org] Sent: 22 July 2013 16:10 To: Paton, Andy Cc: users@lists.strongswan.org Subject: Re: [strongSwan] StrongSwan Windows 8 IKEv2 (Using Agile VPN Client) Problems with 32-Bi

Re: [strongSwan] Win7 L2TP/IPSEC clients disconnect every 8 hours

2013-07-22 Thread Paton, Andy
Some useful info from the Wiki which may help you on this one: Rekeying behavior IKE_SA rekeying The Windows 7 client supports IKE_SA rekeying, but can't handle unsupported Diffie Hellman groups. If a strongSwan gateway initiates IKE

[strongSwan] StrongSwan Windows 8 IKEv2 (Using Agile VPN Client) Problems with 32-Bit version of windows 8.

2013-07-22 Thread Paton, Andy
All, A bit of a strange issue: I have a certificate based IKEv2 connection profile defined for Windows 8, which works fine when connecting from a x64 device. When I try on an HP ElitePad 900 (which runs 32 Bit windows 8 Build 9200) it fails, saying it cant find a matching peer config. I am st

Re: [strongSwan] Inter-tunnel routing

2013-06-26 Thread Paton, Andy
Jeroen, Have you enabled IPV4 forwarding on your gateway? I am using Ubuntu and the below settings worked for me: To check if ipforwarding is off: sysctl net.ipv4.ip_forward If it is disabled you will get the following: Net.ipv4.ip_forward = 0 To turn on... temporarilally (until the next reb

[strongSwan] iOS 6 & Strongswan 5.0.4

2013-06-25 Thread Paton, Andy
All, Having mastered getting Android and Windows 8 Devices connected to strongswan 5.0.4, my attention has turned to iOS. Specifically iOS 6.1.3 - as this is the only OS I have on my iDevices. I am trying to implement Certificate + Xauth authentication, however I am not having much luck. My c

[strongSwan] Strongswan - IPSEC Gateway - Firewalling Troubles

2013-06-10 Thread Paton, Andy
All, I am currently - (struggling) - to work out how to best achieve an outcome to the following scenario, and would appreciate any help you could provide. Scenario 1. RoadWarrior IPSEC IKEv2 VPN Gateway 2. Routing to multiple backends, based on certificates [cid:image004.jpg@01CE

[strongSwan] ipsec_updown default location Ubuntu

2013-06-06 Thread Paton, Andy
Can anyone tell me where the default updown script is on Ubuntu where I will be able to make changes to the dynamic IPTABLES configuration. Regards, Andy Paton HP Enterprise Services ___ Users mailing list Users@lists.strongswan.org https://lists.stro

Re: [strongSwan] Certificate Based Routing

2013-06-05 Thread Paton, Andy
s. I wonder if there are any more scalable options? Regards, Andy Paton Business Development Solution Architect HP Enterprise Services From: Ulrich Schinz [mailto:ulrich.sch...@ksfh.de] Sent: 05 June 2013 10:20 To: Paton, Andy; users@lists.strongswan.org Subject: Re: [strongSwan] Certificate Based Ro

[strongSwan] Certificate Based Routing

2013-06-05 Thread Paton, Andy
I am trying to design a unified VPN gateway - by unified i mean one VPN headend, which can handle connections to multiple backends. I have a VM with a number of NiC's attached: eth0 - Front Facing IP of Headend 10.1.0.2/30 eth1 - Backend Resource grouup A 172.18.81.137/24 eth2 - Backend Resource

[strongSwan] subscribe

2013-06-05 Thread Paton, Andy
Andy Paton Business Development Solution Architect ATLAS CTOSD UK Public Sector Defence, Home & Foreign Affairs andy.pa...@hp.com M +44 7786 748 199 HP Enterprise Services Defence & Security UK Ltd Registered Office: Cain Road Bracknell, Berkshire, RG12 1HN United Kingd