That's because the settings app uses GTK 4, while `nm-connection-editor`
still uses GTK 3. In order for the strongSwan plugin to work with GTK
4, it has to be built with `--with-gkt4`. That creates an additional
version of the editor that's linked against GTK 4 (besides the one
linked against GT
Hi Patrik,
* What was the outcome of this action?
With the `nm-connection-editor` you can edit it, but you can not do that
via network-manager!
That's because the settings app uses GTK 4, while `nm-connection-editor`
still uses GTK 3. In order for the strongSwan plugin to work with
Hi Daniel,
Applying any change to any field in the
NetworkManager strongswan VPN plugin config will write a text config
file with the 'certificate=' line.
As I said, I can't reproduce this. I can change whatever in the GUI, no
"certificate=" line is added to the config file.
Notice the mi
Hi Daniel,
Removing the blank "certificate=" line from the VPN connection config in
/etc/NetworkManager/system-connections/ restores the original behavior.
However, modifying the connection config in NetworkManager will again add
the blank "certficiate=" line, once again breaking the connection
Hi Richard,
You either need the md4 plugin, or one of the openssl or gcrypt plugins
(which also provide the MD4 algorithm) to use EAP-MSCHAPv2 (there should
be error in the log during startup regarding the missing dependency).
The openssl plugin is shipped with libstrongswan-standard-plugins, the
Hi Robert,
> The contents of /etc/strongswan.d/charon/pkcs11.conf are:
> pkcs11 {
The contents of that file are not relevant to charon-nm (unless you
changed strongswan.conf). Configure the plugin's settings directly in
strongswan.conf in the charon-nm.plugins.pkcs11 section (or set them in
the
Package: libssl1.0.0
Version: 1.0.1e-2+deb7u18
When calling tls1_PRF() tls1_export_keying_material() directly passes
the value of algorithm2 instead of using ssl_get_algorithm2(), which
overrides the default PRF algorithm when TLS 1.2 is used. Therefore,
the keying material is actually derived us
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
>>> I'm unsure about this, but I'm also unsure what's the difference between
>>> the sql plugin and the mysql/sqlite plugins. Is the sql plugin without
>>> at least one of the database backends plugins?
>>
>> The sql plugin [1] is a configuration backe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Yves-Alexis,
> I'm unsure about this, but I'm also unsure what's the difference between
> the sql plugin and the mysql/sqlite plugins. Is the sql plugin without
> at least one of the database backends plugins?
The sql plugin [1] is a configuration
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
> Please enable the ‘duplicheck’ plugin. This plugin is a more
> specialized form of the ‘uniqueids’ feature for detecting duplicate
> identities. This plugin is marked as stable according to the
> PluginList¹ wiki and doesn't require any additi
Hi Vladimir,
> It may be possible I am only one who encounter this problem, because of very
> unusual configuration:
>
> leftsubnet = 192.168.0.0/24
> rightsubnet = 0.0.0.0/0
>
> With this configuration I had a problem in version 4.5 also, but I have solved
> it by deleting second de
Hi Michael,
fixed upstream in [1].
Regards,
Tobias
[1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=8e066237
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Hi Yves-Alexis,
thanks for the report.
> Strongswan, when adding a dns server in /etc/resolv.conf, seems to
> remove the file and recreate it, thus not preserving the symlink.
True, charon adds the received DNS server to a new file with the same
name (after opening and unlinking the existing /et
>From 1ad1c0f41311296d22fa183a7b7cba0b97dc03b3 Mon Sep 17 00:00:00 2001
From: Tobias Brunner
Date: Mon, 26 Mar 2012 15:00:14 +0200
Subject: [PATCH] Added support for the resolvconf framework in resolve plugin.
If /sbin/resolvconf is found nameservers are not written directly to
/etc/r
Hi Tony,
> I cannot use iOS to connect to my server using IKEv1, prompting
> "could not validate server certificate" (I have installed both client
> p12 and CA certificate on the iOS device).
This is more likely related to missing subjectAltNames in the gateway
certificate. You have to make sure
Hi Tony,
I'm not sure if --enable-cisco-quirks is actually required to support
iOS devices. I know our wiki says otherwise, but the page you refer to
was written mainly by a user who apparently assumed the client on iOS
devices is written by Cisco, which is a common misconception. The fact
is, t
16 matches
Mail list logo
