s
> being used.
> >
> > So how to identify the initiator cookie and encryption key from logs for
> ike version 1.
> >
> > Thanks
> >
> > --
> > Best Regards,
> >
> > Yogesh Purohit
>
>
--
Best Regards,
Yogesh Purohit
/questions/12019/how-can-i-decrypt-ikev1-andor-esp-packets
But this was used when strongswan used Pluto daemon but now Charon is being
used.
So how to identify the initiator cookie and encryption key from logs for
ike version 1.
Thanks
--
Best Regards,
Yogesh Purohit
#x27;t handled. But I could not find it.
Please let me know what is causing these logs and what does it mean which
is why tunnel is not getting up ?
--
Best Regards,
Yogesh Purohit
??
--
Best Regards,
Yogesh Purohit
Thanks Tobias for the reply,
But I visited strongswan wiki page for plugins where description for
openssl plugin is - crypto backend based on openssl, provides
RSA/ECDSA/DH/ECDH support. So on my setup RSA certificates are working
whereas ECDSA certs are facing this issue.
So how does RSA certi
ate failed
Please let me know if there are any changes in two version for ECDSA
certificates, because same RSA certificate are working on both versions for
me ?
On Thu, May 9, 2019 at 4:17 PM Yogesh Purohit
wrote:
> Hi,
>
> I was using strongswan 5.5.2 version where I was using ECDSA c
ugin which is needed for it because same certificate I
was able to use it with previous version ?
--
Best Regards,
Yogesh Purohit
07[DMN] <9> killing ourself, received critical signal
And then charon restarted itself. So what can be issue for this ?
This issue is not persistent though.
--
Best Regards,
Yogesh Purohit
邊緣測試邊緣
So can I configure this certificate in peer side and add the string in
'rightid' in ipsec.conf on my local machine.
Does strongswan support it ?
--
Best Regards,
Yogesh Purohit
SA) ?
> > Or what is the expected behavior in this case ?
>
> Yes, this is the default behavior, a single IKE_SA per pair of
> identities. Have a look at the uniqueids option (or unique in
> swanctl.conf).
>
> Regards,
> Tobias
>
--
Best Regards,
Yogesh Purohit
27; field of
> > Subject distinguished name and only '*E*' instead ?
>
> emailAddress should be an alias for E. So not sure what went wrong
> initially.
>
> Regards,
> Tobias
>
--
Best Regards,
Yogesh Purohit
Best Regards,
Yogesh Purohit
distinguished name and only '*E*' instead ?
--
Best Regards,
Yogesh Purohit
such as:
*ICOOKIE: c6 d1 45 92 85 15 0c 7e*
Thanks & Regards,
Yogesh Purohit
?
>
> Regards
>
> Andreas
>
> On 29.10.2018 06:43, Yogesh Purohit wrote:
> > Adding subject line to my query
> >
> > On Mon, Oct 29, 2018 at 11:12 AM Yogesh Purohit
> > mailto:yogeshpuroh...@gmail.com>> wrote:
> >
> > Hi Team,
> &
s expected by
strongswan for PSK.
And what does 'length of TRAFFIC_SELECTOR_SUBSTRUCTURE substructure list
invalid' means, I tried finding it in RFC, but could not find the same.
Thanks & Regards,
Yogesh Purohit
Adding subject line to my query
On Mon, Oct 29, 2018 at 11:12 AM Yogesh Purohit
wrote:
> Hi Team,
>
> I am trying to establish tunnel with my strongswan.
> But after receiving IKE_AUTH response my local strongswan end (initiator)
> rejects tunnel saying ' length of TRAFFIC_S
ad of
type NOTIFY to message
<10.109.229.250_1.1.1.0/24-10.109.229.252_2.1.1.0/24|32> generating
CREATE_CHILD_SA response 2 [ N(NO_PROP) ]
<10.109.229.250_1.1.1.0/24-10.109.229.252_2.1.1.0/24|32> insert payload
NOTIFY into encrypted payload
So my query is, in CHILD_SA, even DH group received and configured are
matching still it says no acceptable DH group and rejects the connection
with 'No Prop'
Why is it saying no acceptable DH group when it is same ?
Thanks for the reply.
--
Best Regards,
Yogesh Purohit
18 matches
Mail list logo