On 2021-10-06 2:27 p.m., Philip Veale wrote:
On Wed, 6 Oct 2021 at 17:24, Simon Deziel wrote:
On 2021-10-06 12:22 p.m., Simon Deziel wrote:
On 2021-10-06 12:08 p.m., Philip Veale wrote:
Oct 6 16:43:55 VPN-Server charon: 00[LIB] opening
'/etc/letsencrypt/live/vpn.my-hostname/privke
On 2021-10-06 12:22 p.m., Simon Deziel wrote:
On 2021-10-06 12:08 p.m., Philip Veale wrote:
I hadn't tried that, but tried, didn't change anything. I noticed things
specifically related to StrongSWAN aren't working since the update to
Bullseye and swanctl is not a recognised comm
certbot with symlinks (from
'live' to 'archive') as it rotates through and creates new ones, keeping
the old, the newest versions are always symlinked.
Debian Stretch didn't have AppArmor but it's been enabled by default in
Debian since Buster. So ye
On 2018-01-25 12:35 PM, Hoggins! wrote:
> I'm just trying to make sure that I'm able to fine select different
> types of traffic on outbound UDP 4500 (we use NAT-T), and right now it
> seems that I'm still also catching "data" packets.
Maybe you can configure IPtables to look for those 4 bytes of
Hi Giuseppe,
On 2017-10-23 06:56 AM, Giuseppe De Marco wrote:
> I faced that there are no attr_sql support on standard Debian 9 packages.
Indeed, Debian doesn't provide the plugin you are looking for. In
Ubuntu, it is available in the libstrongswan-extra-plugins package.
There is a bug [1] about
On 2017-09-22 02:13 PM, Whit Blauvelt wrote:
>> Linux aliases are a deprecated concept. Bind the IP to any local
>> interface. Preferably one that can not go down. You can just add it.
>> Anyway, charon needs to listen on the IP to be able to send packets from
>> it.
>
> I use the word "alias" inc
On 2017-09-19 10:05 AM, Turbo Fredriksson wrote:
> On 19 Sep 2017, at 14:57, Noel Kuntze
> wrote:
>
>> Did you fix the MSS? Is the MTU on the tunnel correct? Did you maybe break
>> PMTU discovery?
>
> Not sure, can’t remember… How do I check?
You mentioned EC2 so please double check that your
Am 10.02.2017 um 00:22 schrieb Jose Novacho:
>
> if I replace the symbolic link with the actual file fullchain1.pem
> everything works as expected.
>
> I have also replaced the link, so it points at the
> /etc/letsencrypt//archive//trinity.ingames.cz/cert1.pem file. But
> that didn't help either.
On 09/07/2015 07:31 PM, Noel Kuntze wrote:
>> The distribution which I have used did not have ebtables-svae and
>> ebtables-restore scripts.
>> Strange enough: http://packages.ubuntu.com/precise/amd64/ebtables/filelist
>> I agree with your points. I think my script can be useful to initialize the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Fabrice,
On 03/19/2015 09:22 AM, Fabrice Barconnière wrote:
> I've configured VPN on Ubuntu Trusty with strongSwan 5.1.2 and
> connections are OK.
> But when i execute "ipsec statusall" command, it replies :
> "reading from socket failed: Permiss
Hi Thomas,
>> root@quark:/etc# tail -f /var/log/syslog | egrep -C 2 "fail|erro"
>> Feb 9 15:35:31 quark charon: 00[LIB] plugin 'xauth-generic': loaded
>> successfully
>> Feb 9 15:35:31 quark charon: 00[DMN] xauth-pam plugin requires
>> CAP_AUDIT_WRITE capability
>> Feb 9 15:35:31 quark charon:
On 12/09/2014 02:24 PM, Hasse Hagen Johansen wrote:
> So I have these rules:
>
> Chain zone_wan (1 references)
> target prot opt source destination
> ACCEPT udp -- 0.0.0.0/00.0.0.0/0 udp dpt:68
> ACCEPT icmp -- 0.0.0.0/00.0.0.0/0
Hi Thomas,
Have you looked at [1]? It says:
> EAP-MSCHAPv2 requires MD4 to generate the NT-Hashes
HTH,
Simon
1:
https://wiki.strongswan.org/projects/strongswan/wiki/Windows7#C-Authentication-using-EAP-MSCHAP-v2
On 12/03/2014 04:59 PM, Thomas wrote:
> Hi Noel, Hi Imarn
>
> thanks for your answ
Hi Karol,
For a container to be able to use the host's tunnel, you need to disable
the policy check in the container itself. Here is the command to run in
the container to achieve this:
# Allow IPsec running on the host to communicate with VZ
cat << EOF > /etc/sysctl.d/60-openvz-host-ipsec.conf
#
Hi Rolf,
On 14-05-09 01:31 PM, Rolf Schöpfer wrote:
> Hi
>
> Today I didn't succed to configure site2site VPN with strongSwan. Details:
>
> - Server Debian 7.3 32-bit, OpenVZ VM (Host is Proxmox)
I believe it's still not possible to run IPsec inside an OpenVZ
container. Since you are using Pro
Hi Joe,
Since your Linux is an EC2 VM you need to enable NAT traversal
(UDP/4500) on both sides. An alternative would be to use a VPC VM where
no NAT traversal is needed as ESP can flow freely (assuming you
authorized in the security group).
HTH,
Simon
On 14-01-21 04:13 AM, Spazzatura Elettronic
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello Noel and Luka,
On 13-11-13 04:46 PM, Noel Kuntze wrote:
> I have to say, that you're using the -I parameter of iptables incorrectly. It
> needs the position in which the rule should be put as the second parameter.
> Like that: iptables -I INP
17 matches
Mail list logo