If no load statement is given, the plugin configuration depends on
your ./configure options. If you didn't --disable-gmp explicitly, it is
built and used by default.
Does this apply even if we have a different version of gmp library
(libgmp.so.3.4.1 in /usr/lib)?
On 6/4/2012 10:49 AM, Martin
Yes, we are using/controlling the strictcrlpolicy when we are enabling
'revocation'.
Our systems' engineer wanted to have the plugin not even loaded when the
'revocation' is to be disabled.
On 6/1/2012 6:59 AM, Martin Willi wrote:
Hi,
So, it would be ideal to have some sort of 'dynamic
Thank You.
Unfortunately, our linux version is for running real-time sw and we do
not have all kernel modules. Looking at ours now, we do not have
ldconfig...
The libexec/ipsec/plugins have all strongswan-*.so plugins and they are
being loaded properly. I'm a bit confused why these
Much in advance,
-Yong Choo
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
Thank You.
Looks like that solved one problem but produced the following error:
configure:15460: checking curl/curl.h usability
configure:15460: powerpc-wrs-linux-gnu-ppc_e500v2-glibc_cgl-gcc -c -g -O2
-fomit-frame-pointer -D__USE_STRING_INLINES -pipe -DDEBUG_LEVEL=3 conftest.c5
Thank You.
When I used LDFLAGS to point the proper directory, now there is the
following problem seen in the process of configuration:
Perhaps there is a bug? or some other mechanism that I'm not aware of?
(Note that
it is --lib
(I tried to build the strongswan in the native linux host machine and
everything is fine.)
Thanks in advance,
-Yong Choo
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
in the release note was what got me confused, i.e. I
thought that without 'load', the statement led me to believe that the
revocation plugin is automatically loaded in :)
_OCSP/CRL checking in IKEv2 has been moved to the revocation plugin,
enabled by default._
-Yong Choo
On 1/9/2012 10:43 PM, Andreas
can I determine the proper order?
What error messages would I get? What debug level should I set at
(currently it is set to 0)?
Perhaps it would be another 'feature' to have a simpler way of
identifying/controlling the plugin loading capability?
Thanks Much,
-Yong Choo
On 1/10/2012 7:54 AM
the loading of plugin at run-time.
Thanks Much,
-Yong Choo
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
be easily disabled by not loading the
revocation plugin. What is not possible is to disable CRL checking on a per
connection definition basis.
Regards
Andreas
On 1/9/2012 12:30 PM, Yong Choo wrote:
Hi,
Looking at http://wiki.strongswan.org/projects/1/wiki/441,
OCSP/CRL checking in IKEv2 has been
?
Yong Choo wrote:
Hi,
I'm getting the following errors on my linux 2.6.21 based using
strongswan 4.3.3 version:
Any Help would be appreciated! (The host that I'm communicating with has
2.6.27 and it has no problem)
I configured/checked all required IPV6 kernel protocols in linux 2.6.21
Hi,
I'm getting the following errors on my linux 2.6.21 based using
strongswan 4.3.3 version:
Any Help would be appreciated! (The host that I'm communicating with has
2.6.27 and it has no problem)
I configured/checked all required IPV6 kernel protocols in linux 2.6.21
as defined in the
Is there a tool in strongSwan which performs the functions as in
'setkey' in racoon?
Thanks,
-Yong Cho
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
Thank you!
I will look into my build area and the target board.
-Yong Choo
Andreas Steffen wrote:
Hi,
the error message:
*configured DH group MODP_2048 not supported*
means that neither the gmp nor the openssl plugin could be
loaded successfully which implement the big number
FYI: The linux version for the board is 2.6.21.7.
And the snip of the ipsec.conf for this is (very simple):
conn net-enb40
left=135.39.111.226
right=135.185.91.86
auto=add
and I'm using Predefined Key for these two.
Yong Choo wrote:
Hi all,
I'm trying
read pluto man page where the usage of ipv4/6 can be controlled by
--ipv4 --ipv6, --tunnelipv4, --tunnelipv6 options but it was not clear
on the charon.
- man page on the ipsec.config did not mention about controlling ipv4
.vs. ipv6.
Thanks Again,
-Yong Choo
Auto Detect! The Best!
Thank You!
Andreas Steffen wrote:
Hi Yong Choo,
we don't use the --ipv4, --ipv6, --tunnelipv4, and --tunnelipv6
options at all. I think they are FreeS/WAN legacy and should be
removed from our man pages.
Both strongSwan pluto and strongSwan charon detect IPv4
Will the charon's log show the auto-detected ipv4 .vs. ipv6 per connection?
I looked at the daemon.log auth.log example but did not see. Perhaps I
need to enable more charon debug level?
Yong Choo wrote:
Auto Detect! The Best!
Thank You!
Andreas Steffen wrote:
Hi Yong Choo,
we don't
--sharedstatedir=/usr/com --mandir=/usr/share/man
--infodir=/usr/share/info --cache-file=wrs_config_cache
Thanks Much!
-Yong Choo
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
20 matches
Mail list logo