[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: Re: [strongSwan] xAuth request for VICI
From: Sam Johnson <sam () 80pct ! com>
Date: 2015-02-27 21:59:56
Message-ID: CAFer5xQsiS4M9KtifNkqaxKbaagyoOePQR5TTLwUKTVtW4Qr4g () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Ok, thanks for the information.
Two final (quick) questions:
1) Is there alternative for 'leftfirewall=yes' in the VICI interface to
automatically setup iptables rules?
2) What is the syntax for loading a secret in via VICI. My current format (
`load_shared({'type': 'xauth', 'data': 'test : XAUTH "test"'})` ) says it
loads successfully but does not authenticate.
Thank you for your helping getting this setup.
Best,
Sam
On Fri, Feb 27, 2015 at 4:19 AM, Martin Willi <martin@strongswan.org> wrote:
> Hi,
>
> > Your fix to use the ordered dictionary worked perfectly. Thank you very
> > much. It is now accepting vpn connections.
>
> Great. I'll check how we can mention that issue in the documentation.
>
> > Regarding the `vips` configuration, I thought that it was the replacement
> > for the `rightsourceip` option in ipsec.conf (obviously I misinterpreted
> > the documentation).
>
> No, the rightsourceip option is separated in swanctl.conf/vici to the
> pools and vips options for servers and clients, respectively.
>
> > It does work when I create a pool as you specified, but
> > if I want to give each connection a static pre-determined ip is there
> > anyway to do that other than creating a pool for each connection?
>
> No, currently there is no way to directly specify an address with the
> pools option. You have to use dedicated pools, or use a pool backend
> that supports static leases (attr-sql).
>
> Regards
> Martin
>
>
[Attachment #5 (text/html)]
<div dir="ltr">Ok, thanks for the information.<div><br></div><div>Two final (quick) \
questions:</div><div><br></div><div>1) Is there alternative for \
'leftfirewall=yes' in the VICI interface to automatically setup iptables \
rules?</div><div><br></div><div>2) What is the syntax for loading a secret in via \
VICI. My current format ( `load_shared({'type': 'xauth', \
'data': 'test : XAUTH "test"'})` ) says it loads \
successfully but does not authenticate.</div><div><br></div><div>Thank you for your \
helping getting this \
setup.</div><div><br></div><div>Best,</div><div><br></div><div>Sam</div><div \
class="gmail_extra"><br><div class="gmail_quote">On Fri, Feb 27, 2015 at 4:19 AM, \
Martin Willi <span dir="ltr"><<a href="mailto:martin@strongswan.org" \
target="_blank">martin@strongswan.org</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">Hi,<br> <span class=""><br>
> Your fix to use the ordered dictionary worked perfectly. Thank you very<br>
> much. It is now accepting vpn connections.<br>
<br>
</span>Great. I'll check how we can mention that issue in the documentation.<br>
<span class=""><br>
> Regarding the `vips` configuration, I thought that it was the replacement<br>
> for the `rightsourceip` option in ipsec.conf (obviously I misinterpreted<br>
> the documentation).<br>
<br>
</span>No, the rightsourceip option is separated in swanctl.conf/vici to the<br>
pools and vips options for servers and clients, respectively.<br>
<span class=""><br>
> It does work when I create a pool as you specified, but<br>
> if I want to give each connection a static pre-determined ip is there<br>
> anyway to do that other than creating a pool for each connection?<br>
<br>
</span>No, currently there is no way to directly specify an address with the<br>
pools option. You have to use dedicated pools, or use a pool backend<br>
that supports static leases (attr-sql).<br>
<br>
Regards<br>
<span class="HOEnZb"><font color="#888888">Martin<br>
<br>
</font></span></blockquote></div><br><br clear="all"><div><br></div><div \
class="gmail_signature"><div dir="ltr"></div></div> </div></div>
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic