Re: Can't connect from StrongSWAN to OpenBSD's iked

e-server 192.168.1.254 \ >> config access-server 192.168.1.254 > > I’m using 4096 keys and modp4096 but AFAIK both the server and the > cliente support them. I’m not sure where to start troubleshooting the > problem and could use some help. > > Thanks in a

Re: Can't connect from StrongSWAN to OpenBSD's iked

. I plan to stay active on this topic, so watch that tech@ thread for more details. >> On 19/06/2017, at 05:07, Tim Stewart wrote: >> >> theblo...@gmail.com writes: >> >>> Hello, >>> >>> I’ve been trying to create an IPSec VPN in my OpenBSD

iked: NAT Detection and Child SA Rekeying

Hello misc@, I have discovered what may be an oversight in iked(8)'s NAT detection code, as well as traffic blocking after the first rekey of the Child SA when NAT has been detected by one of the IKE daemons. I have the following passive config on a host with a static IP (1.2.3.4): ikev2 "demo"

Re: "athn0: could not load firmware" for AR9271

smit path and 2 receiver paths (1T2R). I will reply with more details if I can better quantify the issues I'm having. -TimS -- Tim Stewart --- Mail: t...@stoo.org Matrix: @tim:stoo.org

iked support for IKEv2 Message Fragmentation (RFC 7383)

on such work. If not, perhaps someone that is familiar with the code could suggest an approach at a high level? Thanks for any advice, -TimS [1] Whenver I've asked, the reason is usually something about DDoS prevention. -- Tim Stewart --- Mail: t...@stoo.org M

Re: iked support for IKEv2 Message Fragmentation (RFC 7383)

Tim Stewart writes: > Hello misc@, > > My IKEv2 sessions are occasionally down due to transit networks dropping > UDP fragments for one reason or another[1]. It happens frequently > enough that I am considering implementing support for RFC 7383 in > iked. > > Before

Re: Is anyone able to use certificates with openbsd iked/ikev2 and Apple iOS (iphone)?

the iPad successfully connected. Can you try applying that patch and see if it resolves your issue? If it also works for you, I'll reply on that thread and see if anyone wants to opine on the patch. -TimS -- Tim Stewart t...@stoo.org

Re: Is anyone able to use certificates with openbsd iked/ikev2 and Apple iOS (iphone)?

o yours. I'll do another round of testing and be more explicit about the crypto transforms, and will reply here with the results. Thanks for the link! -TimS >> On Apr 4, 2019, at 20:08, Tim Stewart wrote: >> >> Hi Ted, >> >> On 6/2/18 12:26 PM, Theodore Wynnych

OpenBSD 4.2 dhcpd(8)

Hello all, Does anyone know which version of ISC DHCP that OpenBSD 4.2 uses for dhcpd(8)? I wasn't able to find any clue on the webpage or associated documentation. It feels a lot like a 2.x release based on the options available, but I just want to make sure. Thanks. -- -TimS Tim St

Re: OpenBSD 4.2 dhcpd(8)

e. >From the first sentence of `man dhcpd' on a brand-new OpenBSD 4.2 installation: , | The Internet Software Consortium DHCP Server, dhcpd, implements the | Dynamic Host Configuration Protocol (DHCP) and the Internet | Bootstrap Protocol (BOOTP). ` I'm not assuming that they just dr

Re: OpenBSD 4.2 dhcpd(8)

l make sure and check cvsweb next time before bothering the list. -- -TimS Tim Stewart Lead UNIX Systems Administrator Ciena Corporation Alpharetta, GA, USA [EMAIL PROTECTED]