Hi Toni,
Toni Mueller wrote on Wed, Jan 04, 2012 at 06:09:55PM +0100:
> I've run into an interoperability problem with an Astaro, which does
> not like our certificate. The certificate basically looks like
>
> ...
> Subject: C=DE, L=..., CN=IP-number
> ...
> Subject Alternative Name: IPv4 Ad
Hi,
I've run into an interoperability problem with an Astaro, which does not
like our certificate. The certificate basically looks like
...
Subject: C=DE, L=..., CN=IP-number
...
Subject Alternative Name: IPv4 Address: IP-number
...
Now the Astaro is said to require an ID type of ASN1-DN, w
Hi Stu,
On Sun, Dec 04, 2011 at 11:24:24AM +, Stuart Henderson wrote:
> I don't see any code changes that would result in a different presentation
> order of certificates between 4.8 and 5.0..
>
> tcpdump traces of the negotiation from 4.8 and 5.0 might be useful, as might
> logs from the 3rd
I don't see any code changes that would result in a different presentation
order of certificates between 4.8 and 5.0..
tcpdump traces of the negotiation from 4.8 and 5.0 might be useful, as might
logs from the 3rd party and maybe isakmpd, though I'll be the first to admit
isakmpd logging is pretty
Hi,
I'm running into a problem with OpenBSD 5.0 and isakmpd. A config that
works on 4.8, doesn't work on 5.0: the client is denied access,
allegedly due to OpenBSD shipping the wrong (X.509) certificate, or
certificates in the wrong order. The (3rd party) claim is that it might
ship the CA certifi
Hey List !
quick question... Is there a way to clear one specific VPN in the
ipsecctl reference table or a really need to clear the entire table ? (
ipsecctl -F )
Example... I got a bunch of VPN ( 50 + ) , need to flush the state of
this particular one:
BSD 4.3 // config in /etc/ipsec.conf
Hi,
in my VPN setup, I want to authenticate sites to each other using X.509
certificates. In my "classic" isakmpd.conf, I have this:
[IPSEC-mobile-clients]
Phase= 2
Configuration= mobile-quick-mode
Local-ID= default-route
Remote-ID= dummy-remot
On Thursday 11 January 2007 12:46 pm, Jacob Yocom-Piatt wrote:
> have you tried following this ipsecctl "howto"
Yes
> there are tons of things you could have wrong when not using ipsecctl.
> you didn't post any of the relevant config files or debugging
> information, so how do you expect anyone t
Neil Joseph Schelly wrote:
Does anyone have any suggestions for points to investigate? I can provide
configuration details about parts of this if anyone has a good place to look.
I've already manually configured tunnels with isakmpd.conf (rather than
ipsec.conf) in hopes that something would
I'm having a problem with an IPSec tunnel I have configured connecting two
networks together. Each firewall is running OpenBSD 3.9. At one end, it's a
pair of firewalls running CARP and I've turned off sasyncd to troubleshoot
now, because I didn't want to have it interfering and I suspect it m
On Wed, Feb 15, 2006 at 06:11:41PM -0500, Matthew Closson wrote:
> Hello,
>
> If you enable RFC3706 - Dead Peer Detection in isakmpd.conf, what is the
> result of a peer-failing the DPD check. Will it Start over with Phase1
> negotiations again for that ISAKMP peer, or will it simply remove the
Hello,
If you enable RFC3706 - Dead Peer Detection in isakmpd.conf, what is the
result of a peer-failing the DPD check. Will it Start over with Phase1
negotiations again for that ISAKMP peer, or will it simply remove the SA
and cookies and not try to renegotiate. If anyone know off hand, tha
On Wed, Aug 03, 2005 at 09:28:32AM -0400, Brandon Mercer wrote:
> I've tried running the debug, but I
> can't figure out which part of the proposal is incompatible. My config has:
when i had to setup a tunnel against a speedstream 5930 ( dsl modem/router ),
i told the speedstream to make an
This is what I have that I got working 2+ years ago... Hope this helps.
[Netgear-FVS318-main-mode]
EXCHANGE_TYPE= ID_PROT
Transforms=3DES-SHA,AES-SHA
[Netgear-FVS318-quick-mode]
DOI=IPSEC
EXCHANGE_TYPE=QUICK_MODE
Suites=QM-ESP-3DES-SHA-PFS-SUITE,QM-ESP-AES-SHA-PFS-SUITE
[AES-SHA]
Hello all,
I've been setting up a hub and spoke VPN for a while now and for the
most part things are working as normal. However, I have one box a
netgear FVS318v1 that doesn't give me the flexibility in creating my VPN
policies and IKE setup that the other ones do (FVS318v3). I keep seeing
a no c
15 matches
Mail list logo
