On 2021-10-06 2:27 p.m., Philip Veale wrote:
On Wed, 6 Oct 2021 at 17:24, Simon Deziel wrote:
On 2021-10-06 12:22 p.m., Simon Deziel wrote:
On 2021-10-06 12:08 p.m., Philip Veale wrote:
Oct 6 16:43:55 VPN-Server charon: 00[LIB] opening
'/etc/letsencrypt/live/vpn.my-hostname/privkey.pem
On 2021-10-06 12:22 p.m., Simon Deziel wrote:
On 2021-10-06 12:08 p.m., Philip Veale wrote:
I hadn't tried that, but tried, didn't change anything. I noticed things
specifically related to StrongSWAN aren't working since the update to
Bullseye and swanctl is not a recognised command. StrongSWAN
and creates new ones, keeping
the old, the newest versions are always symlinked.
Debian Stretch didn't have AppArmor but it's been enabled by default in
Debian since Buster. So yeah, the dist-upgrade kinda broke things.
Thanks to Simon Deziel in this old thread from years ago;
https
On 2018-01-25 12:35 PM, Hoggins! wrote:
> I'm just trying to make sure that I'm able to fine select different
> types of traffic on outbound UDP 4500 (we use NAT-T), and right now it
> seems that I'm still also catching "data" packets.
Maybe you can configure IPtables to look for those 4 bytes of
Hi Giuseppe,
On 2017-10-23 06:56 AM, Giuseppe De Marco wrote:
> I faced that there are no attr_sql support on standard Debian 9 packages.
Indeed, Debian doesn't provide the plugin you are looking for. In
Ubuntu, it is available in the libstrongswan-extra-plugins package.
There is a bug [1] about
On 2017-09-22 02:13 PM, Whit Blauvelt wrote:
>> Linux aliases are a deprecated concept. Bind the IP to any local
>> interface. Preferably one that can not go down. You can just add it.
>> Anyway, charon needs to listen on the IP to be able to send packets from
>> it.
>
> I use the word "alias"
On 2017-09-19 10:05 AM, Turbo Fredriksson wrote:
> On 19 Sep 2017, at 14:57, Noel Kuntze
> wrote:
>
>> Did you fix the MSS? Is the MTU on the tunnel correct? Did you maybe break
>> PMTU discovery?
>
> Not sure, can’t remember… How do I check?
Am 10.02.2017 um 00:22 schrieb Jose Novacho:
>
> if I replace the symbolic link with the actual file fullchain1.pem
> everything works as expected.
>
> I have also replaced the link, so it points at the
> /etc/letsencrypt//archive//trinity.ingames.cz/cert1.pem file. But
> that didn't help
On 09/07/2015 07:31 PM, Noel Kuntze wrote:
>> The distribution which I have used did not have ebtables-svae and
>> ebtables-restore scripts.
>> Strange enough: http://packages.ubuntu.com/precise/amd64/ebtables/filelist
>> I agree with your points. I think my script can be useful to initialize the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Fabrice,
On 03/19/2015 09:22 AM, Fabrice Barconnière wrote:
I've configured VPN on Ubuntu Trusty with strongSwan 5.1.2 and
connections are OK.
But when i execute ipsec statusall command, it replies :
reading from socket failed: Permission
Hi Thomas,
root@quark:/etc# tail -f /var/log/syslog | egrep -C 2 fail|erro
Feb 9 15:35:31 quark charon: 00[LIB] plugin 'xauth-generic': loaded
successfully
Feb 9 15:35:31 quark charon: 00[DMN] xauth-pam plugin requires
CAP_AUDIT_WRITE capability
Feb 9 15:35:31 quark charon: 00[LIB]
On 12/09/2014 02:24 PM, Hasse Hagen Johansen wrote:
So I have these rules:
Chain zone_wan (1 references)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/00.0.0.0/0 udp dpt:68
ACCEPT icmp -- 0.0.0.0/00.0.0.0/0
Hi Thomas,
Have you looked at [1]? It says:
EAP-MSCHAPv2 requires MD4 to generate the NT-Hashes
HTH,
Simon
1:
https://wiki.strongswan.org/projects/strongswan/wiki/Windows7#C-Authentication-using-EAP-MSCHAP-v2
On 12/03/2014 04:59 PM, Thomas wrote:
Hi Noel, Hi Imarn
thanks for your
Hi Karol,
For a container to be able to use the host's tunnel, you need to disable
the policy check in the container itself. Here is the command to run in
the container to achieve this:
# Allow IPsec running on the host to communicate with VZ
cat EOF /etc/sysctl.d/60-openvz-host-ipsec.conf
#
Hi Rolf,
On 14-05-09 01:31 PM, Rolf Schöpfer wrote:
Hi
Today I didn't succed to configure site2site VPN with strongSwan. Details:
- Server Debian 7.3 32-bit, OpenVZ VM (Host is Proxmox)
I believe it's still not possible to run IPsec inside an OpenVZ
container. Since you are using
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello Noel and Luka,
On 13-11-13 04:46 PM, Noel Kuntze wrote:
I have to say, that you're using the -I parameter of iptables incorrectly. It
needs the position in which the rule should be put as the second parameter.
Like that: iptables -I INPUT
16 matches
Mail list logo