ing through
because of some python dependency. So I have installed strongswan-5.6.0. If
you suggest it is better to install 5.6.1 or the latest, I can try that as
well.
Regards,
Sriram.
On Wed, Apr 25, 2018 at 7:25 PM, Tobias Brunner
wrote:
> Hi Sriram,
>
> > What is the reason for S
keyexchange=ikev2
authby=pubkey
dpdaction=clear
leftsubnet=::0/0
rightdns=2001:0:0:1::202
*rightsourceip=2001:0:0:15::/64*
*Regards,*
*Sriram*
n
strongswan site
https://www.strongswan.org/testing/testresults/ipv6-stroke/rw-ip6-in-ip4-ikev2/carol.ipsec.conf
Is there anything I m missing here ?
Kindly let me know.
Regards,
Sriram.
On Thu, Jan 4, 2018 at 11:52 AM, Sriram wrote:
> Hi,
> We are using strongswan - 5.3.0 in our linux device, wh
e two resolv.conf files like for
secgw1, /etc/resolvtunnel_secgw1.conf and for secgw2,
/etc/resolvtunnel_secgw2.conf
Regards,
Sriram.
/etc/resolvtunnel_secgw2.conf
My apologies if the question sounds lame.
Regards,
Sriram.
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
y's
certificate validity is as follows,*
* validity: not before Oct 19 11:44:56 2015, oknot after
Oct 18 11:44:56 2017, ok*
systime-fix plugin is included. Is this the desired behavior ?
Regards,
Sriram.
___
Users mailing li
Hi Tobias.
Yes you are right, strongswan complains about this. Since logs got rolled
over and there is no console access, I could not catch this issue soon.
Thanks for the help.
Regards,
Sriram.
On Fri, Jul 29, 2016 at 6:32 PM, Tobias Brunner
wrote:
> Hi Sriram,
>
> > So I thin
, charon would have
defaulted to 576. Please clarify.
Regards,
Sriram
On Fri, Jul 29, 2016 at 1:48 PM, Tobias Brunner
wrote:
> Hi Sriram,
>
> > But the concern is fragment size, though it is set as 1200,
> > fragment_size of 576 is seen in the wireshark.
>
> I'm ass
payload.
But the concern is fragment size, though it is set as 1200, fragment_size
of 576 is seen in the wireshark.
What could be the reason for this ?
Without this feature enabled, IP does the fragmentation of ike packets only
if the packet size crosses 1500.
Regards,
Sriram
Thanks Miroslav. I did that.
Regards,
Sriram
On Fri, May 22, 2015 at 2:38 PM, Miroslav Svoboda
wrote:
> I suppose you may want to create a new bug report for this issue.
> You can do it here:
> https://wiki.strongswan.org/projects/strongswan/issues/new
> You would need to creat
-- Forwarded message --
From: Sriram
Date: Fri, May 22, 2015 at 8:47 AM
Subject: [strongSwan] Encryption/Decryption with Libipsec - issue.
To: users@lists.strongswan.org
Hi,
I m using strongswan-5.3.0 for tunnel establishment. In that I m trying
out libipsec which does
w_peer_ts = yes
}
}
Let me know if this is an existing issue.. Please let me know if any
further information is required.
Regards,
Sriram.
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
b5_ohome{1}:
AES_CBC_128/HMAC_SHA1_96, 134677 bytes_i (1720 pkts, 1s ago),
home{1}: x.x.x.1/32 === 0.0.0.0/0 <http://0.0.0.0/0># cat
/proc/sys/net/ipv4/conf/all/rp_filter2*
Any help is this regard is appreciated..
Regards,
Sriram
___
Users m
ar
dpddelay=10
leftprotoport=0
rightprotoport=0
rekeyfuzz=100%
rekeymargin=540s
-- truncated --
--
Sriram
Justice, n.:
A decision in your favor.
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
Hi,
This issue got solved by havingsubjectAltName = email:
123456789...@abc.com' in the certificate.
Earlier it was subjectAltName = DNS:123456789...@abc.com'...
It is rightly said by strongswan that it is not a valid DN.
Regards,
Sriram
On Thu, Aug 14, 2014 at 8:38 PM, Sri
'
not confirmed by certificate, defaulting to 'C=IN, ST=KAR, L=BLR,
O=ABC,OU=Networking, CN=123456789ABC..
How to overcome this situation ?
Regards,
Sriram
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
?
Any help in this regard is appreciated.
Regards,
Sriram
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
regard is appreciated.
Regards,
Sriram.
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
enssl req -new -out eleven.req -keyout eleven.key -nodes -newkey rsa:1024
-subj /CN=eleven
openssl x509 -req -in eleven.req -CAkey ca-int1.key -CA ca-int1.crt -days
10 -set_serial 38184821 -sha512 -out eleven.crt
Please let me know how to resolve this issue.
Regards,
Sriram.
On Tue
Thanks Andreas, Let me check that and get back to you.
Regards,
Sriram.
On Tue, Mar 4, 2014 at 7:38 PM, Andreas Steffen <
andreas.stef...@strongswan.org> wrote:
> Hi Siram,
>
> in order for an Intermediate CA certificate to be accepted by
> strongSwan, the CA basic
s in 28 days)
pubkey:RSA 2048 bits
keyid: be:25:1a:4a:e6:f8:44:c4:fe:32:a8:d4:7c:9d:75:42:7d:51:19:0f
subjkey: c3:59:68:a5:73:e8:b8:76:45:06:3b:c8:a4:62:b3:06:61:7e:9a:c0
authkey: c3:59:68:a5:73:e8:b8:76:45:06:3b:c8:a4:62:b3:06:61:7e:9a:c0
Regards,
Sriram.
On Tue, Mar 4, 2014 at
issue, how can I achieve that.
https://lists.strongswan.org/pipermail/users/2013-March/008956.html
Any help in this regard is appreciated.
Regards,
Sriram.
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
issue, how can I achieve that.
https://lists.strongswan.org/pipermail/users/2013-March/008956.html
Any help in this regard is appreciated.
Regards,
Sriram.
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
. I am using ikev2
solution from strongswan-5.1.1
One way is to copy these files into corresponding /etc/ipsec.d/ folders and
start the ike negotiations.
is it possible that ikev2 daemon sends a certReq to CA and get the
certificates automatically ?
Regards,
Sriram
Hi Martin,
*Does that host have access to 10.206.1.11 without the IPsec tunnel?*
No, every other protocol data between .10 and .11 are encrypted.
Let me check my by making the tunnel more specific.
Thanks for the information and hints.
Regards,
Sriram.
On Fri, Jan 17, 2014 at 4:53 PM
t /etc/strongswan.conf
# strongswan.conf - strongSwan configuration file
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509
revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5
updown
}
Earlier httpd was not up in 10.206.1.11, I started the httpd service, st
certificate validation authority.
Can any one suggest, what could've gone wrong. Your help in this regard is
appreciated.
Regards,
Sriram.
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
27 matches
Mail list logo