[strongSwan] eap-mschapv2 NetworkManager
Peter Winterer
winterer at informatik.uni-freiburg.de
Tue Oct 12 14:14:04 CEST 2010
Hi Tobias,
thank you very much for your answer!
Is there also an workaround for the strongSwan NetworkManager plugin?
Thanks
peter
Am 12.10.2010 13:40, schrieb Tobias Brunner:
>
>> 2.) However, with an ubuntu 10.10 box, with the new stable packages, I
>> can not establish a connection.
>> I think something is broken (both, EAP and certificate authentication).
>> Can someone please confirm this?
>
> Unfortunately, the package currently included in Ubuntu 10.10
> (4.4.0-2ubuntu1) is broken. The current package in Debian (4.4.1-5) is
> fine however, so whenever that gets adopted in Ubuntu it should work again.
>
> The actual problem is that in the broken package all three socket
> implementations (socket-default, socket-dynamic, socket-raw) are
> compiled and loaded. This somehow prevents charon from receiving any
> packets at all. The three plugins are all used in different scenarios:
> socket-default in case only IKEv2 is used, socket-dynamic for a special
> use case with dynamic ports and finally socket-raw which is used for
> mixed setups, with the IKEv1 daemon pluto running on the same host.
> For distributions socket-raw is in most cases the right choice.
>
> As a workaround you can explicitly specify the plugins to load in
> strongswan.conf (charon.load option). The default list of plugins can
> be retrieved from the log file (or by starting the daemon with "ipsec
> start --nofork"). From that list remove the two unneeded socket
> implementations, so only socket-raw gets loaded (or socket-default, if
> you don't use IKEv1).
More information about the Users
mailing list