Hi,
I have a very simple ikev2 connection block. Sample below:I can connect and
browse http/https fine. But if I try to use a web socket, the connection fails.
Sample url that fails to even load the pagehttp://www.websocket.org/echo.html
Is there something I need to setup to get web sockets working correctly?
config setup charondebug="dmn 1, mgr 1, ike 1, chd 1, job 1, cfg 1, knl 1, net
1, asn 1, enc 1, lib 1, esp 1, tls 1" #plutodebug=all # crlcheckinterval=600
strictcrlpolicy=no # cachecrls=yes # charondebug=4 nat_traversal=yes
#charonstart=no #plutostart=no
ca servers auto=add
conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1
keyexchange=ikev1 auto=add
conn iphone-ios8-ike-v2
ike=aes256-sha256-modp2048,aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024!
# Win7 is aes256, sha-1, modp1024; iOS is aes256, sha-256, modp1024; OS X is
3DES, sha-1, modp1024
esp=aes256-sha256-modp2048,aes256-sha256,aes256-sha1,3des-sha1! # Win 7 is
aes256-sha1, iOS is aes256-sha256, OS X is 3des-shal1 keyexchange=ikev2
rightauth=pubkey left=%defaultroute leftid=@*.example.com
leftsubnet=0.0.0.0/0 leftfirewall=no leftcert=example.pem
leftsendcert=always leftupdown=/usr/local/example/bin/up_down/se_updown
right=%any # !!!do not specify rightsubnet!!! #rightsubnet=10.252.0.0/16
rightsourceip=10.252.0.0/16 rightsendcert=always # Require all subject fields
to be matched by star # As well as CA's pull in #rightid="C=US, ST=*, L=*,
O=*, CN=*" eap_identity=%any fragmentation=yes auto=add
Joshua J. Gross
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
