[strongSwan] Solved: Re: unable to set IPSEC_POLICY on socket: Operation not supported
Rolf Schöpfer
rolf at samplezone.ch
Thu May 15 18:16:09 CEST 2014
Finally after hours of work and the brilliant help of Noel I did succeed:
- IPSec VPN site2host, monowall (ikev1, PSK) <-> debian strongSwan
- Debian is running as an OpenVZ Guest on Proxmox
For this to work you need:
- libipsec (compile strongswan >=5.1 on Debian 7, see below)
- TUN Device, see https://openvz.org/VPN_via_the_TUN/TAP_device
- secondary privat Address on VM Guest on venet
- on Monowall (only ikev1 avail.) "Enable NAT Traversal (NAT-T)", Negotiation mode "main", My identifier "IP address" ...
Regards, Rolf
Am 14.05.2014 18:29, schrieb Rolf Schöpfer:
> Hi Noel
>
> Right after my e-mail I was checking processes with ps -ef and saw /usr/bin/charon which points to the debian installed version. I did remove it before compiling new version (apt-get purge
> strongswan), that didn't remove everything though.
>
> It's now much better
>
> <<< Development SZ 18:17:49 >>> root:/usr/strongswan-5.1.3
> # ipsec statusall
> Status of IKE charon daemon (strongSwan 5.1.3, Linux 2.6.32-26-pve, i686):
> uptime: 14 seconds, since May 14 18:17:42 2014
> malloc: sbrk 135168, mmap 0, used 86392, free 48776
> worker threads: 7 of 16 idle, 5/0/4/0 working, job queue: 0/0/0/0, scheduled: 0
> loaded plugins: charon aes des sha1 sha2 md5 pem pkcs1 gmp random nonce hmac xcbc stroke kernel-libipsec kernel-netlink socket-default updown
> Listening IP addresses:
> xx.xx.xx.xx
> Connections:
> net-net: xx.xx.xx.xx...xx.xx.xx.xx IKEv2
> net-net: local: [development] uses pre-shared key authentication
> net-net: remote: [office] uses pre-shared key authentication
> net-net: child: 10.10.200.0/24 === 10.10.10.0/24 TUNNEL
> Security Associations (0 up, 0 connecting):
> none
> <<< Development SZ 18:17:56 >>> root:/usr/strongswan-5.1.3
> # ifconfig
> ipsec0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:500
> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
>
>
> Thank you very much for your help.
>
> Next, I'll try site2site stuff with the other device.
>
> Regards, Rolf
>
> Am 14.05.2014 18:18, schrieb Noel Kuntze:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> Hello Rolf,
>>
>> Yes, it should.
>> it could be, that the PID file remained, when charon crashed. Check if charon is dead. If it is and the PID file is still there, remove it. Start it then.
>> Also check, if ipsec stop/start/restart work and how charon reacts to it. Charon should get send sigterm/sigint/sigkill, if you use ipsec stop or ipsec restart.
>>
>> If you use strongSwan with userspace IPsec processing, strongSwan will create a tun device called "ipsec0" and devices with incrementing numbers dependent on the number of active connections.
>> The list of loaded plugins look odd. Also your version of strongSwan is still incredibly outdated.
>>
>> Regards,
>> Noel Kuntze
>>
>> Am 14.05.2014 18:14, schrieb Rolf Schöpfer:
>>> Hi Noel
>>>
>>> Brilliant, that helped a lot.
>>>
>>> After recompiling, TUN Device was missing. This was very useful: https://openvz.org/VPN_via_the_TUN/TAP_device.
>>>
>>> Now I get some infos:
>>>
>>> <<< Development SZ 18:02:42 >>> root:/usr/strongswan-5.1.3
>>> # ipsec statusall
>>> Status of IKEv2 charon daemon (strongSwan 4.5.2):
>>> uptime: 9 minutes, since May 14 18:00:07 2014
>>> malloc: sbrk 135168, mmap 0, used 55600, free 79568
>>> worker threads: 9 idle of 16, job queue load: 0, scheduled events: 0
>>> loaded plugins: aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-raw updown
>>> Listening IP addresses:
>>> xx.xx.xx.xx
>>> Connections:
>>> net-net: xx.xx.xx.xx...xx.xx.xx.xx
>>> net-net: local: [development] uses pre-shared key authentication
>>> net-net: remote: [office] uses any authentication
>>> net-net: child: 10.10.0.0/16 === 10.10.10.0/24
>>> Security Associations:
>>> none
>>>
>>> <<< Development SZ 18:09:08 >>> root:/usr/strongswan-5.1.3
>>> # ipsec listall
>>> -> shows nothing
>>>
>>> <<< Development SZ 18:10:46 >>> root:/usr/strongswan-5.1.3
>>> # ipsec restart
>>> Stopping strongSwan IPsec...
>>> Starting strongSwan 5.1.3 IPsec [starter]...
>>> !! Your strongswan.conf contains manual plugin load options for charon.
>>> !! This is recommended for experts only, see
>>> !! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad
>>> charon is already running (/var/run/charon.pid exists) -- skipping daemon start
>>>
>>>
>>> Shouldn't charon stop/start as well with ipsec restart?
>>>
>>>
>>> Thanks, Rolf
>>>
>>>
>>>
>>>
>>> Am 14.05.2014 16:50, schrieb Noel Kuntze:
>>> Hello Rolf,
>>>
>>> I just looked over the article and noticed, that the plugin "kernel-libipsec" actually provides the interface to charon, with which IPsec processing is done in userspace, not libipsec.
>>> So you need to actually configure "--with-kernel-libipsec", too.
>>> Look at this test scenario, for all the details: http://www.strongswan.org/uml/testresults/libipsec/net2net-cert/index.html
>>> Sorry for the mistake.
>>>
>>> Regards,
>>> Noel Kuntze
>>>
>>> Am 14.05.2014 16:48, schrieb Rolf Schöpfer:
>>>>>> Hi Noel
>>>>>>
>>>>>> Wow you are fast :-)
>>>>>>
>>>>>> Config looks like this:
>>>>>>
>>>>>> # /etc/strongswan.conf - strongSwan configuration file
>>>>>>
>>>>>> charon {
>>>>>> load = nonce libipsec charon aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
>>>>>> multiple_authentication = no
>>>>>> }
>>>>>>
>>>>>>
>>>>>>
>>>>>> It's better but strongSwan is not happy. Looks like netlink is used instead of libipsec?
>>>>>>
>>>>>> # tail -21 /var/log/syslog
>>>>>> May 14 16:39:50 development charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.1.3, Linux 2.6.32-26-pve, i686)
>>>>>> May 14 16:39:50 development charon: 00[KNL] unable to set IPSEC_POLICY on socket: Operation not permitted
>>>>>> May 14 16:39:50 development charon: 00[NET] installing IKE bypass policy failed
>>>>>> May 14 16:39:50 development charon: 00[KNL] unable to set IPSEC_POLICY on socket: Operation not permitted
>>>>>> May 14 16:39:50 development charon: 00[NET] installing IKE bypass policy failed
>>>>>> May 14 16:39:50 development charon: 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported
>>>>>> May 14 16:39:50 development charon: 00[NET] installing IKE bypass policy failed
>>>>>> May 14 16:39:50 development charon: 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported
>>>>>> May 14 16:39:50 development charon: 00[NET] installing IKE bypass policy failed
>>>>>> May 14 16:39:50 development charon: 00[CFG] loading ca certificates from '/etc/config/strongswan/ipsec.d/cacerts'
>>>>>> May 14 16:39:50 development charon: 00[CFG] loading aa certificates from '/etc/config/strongswan/ipsec.d/aacerts'
>>>>>> May 14 16:39:50 development charon: 00[CFG] loading ocsp signer certificates from '/etc/config/strongswan/ipsec.d/ocspcerts'
>>>>>> May 14 16:39:50 development charon: 00[CFG] loading attribute certificates from '/etc/config/strongswan/ipsec.d/acerts'
>>>>>> May 14 16:39:50 development charon: 00[CFG] loading crls from '/etc/config/strongswan/ipsec.d/crls'
>>>>>> May 14 16:39:50 development charon: 00[CFG] loading secrets from '/etc/config/strongswan/ipsec.secrets'
>>>>>> May 14 16:39:50 development charon: 00[CFG] loaded IKE secret for @development @office
>>>>>> May 14 16:39:50 development charon: 00[LIB] loaded plugins: charon nonce aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
>>>>>> May 14 16:39:50 development charon: 00[LIB] unable to load 16 plugin features (16 due to unmet dependencies)
>>>>>> May 14 16:39:50 development charon: 00[JOB] spawning 16 worker threads
>>>>>> May 14 16:39:50 development charon: 08[CFG] received stroke: add connection 'net-net'
>>>>>> May 14 16:39:50 development charon: 08[CFG] added configuration 'net-net'
>>>>>>
>>>>>>
>>>>>> Am 14.05.2014 16:35, schrieb Noel Kuntze:
>>>>>> Hello Rolf,
>>>>>>
>>>>>> The "socket-raw" plugin isn't available anymore. Use socket-default instead.
>>>>>> Also, please include "charon" in the load statement.
>>>>>>
>>>>>> Regards,
>>>>>> Noel Kuntze
>>>>>>
>>>>>> Am 14.05.2014 16:32, schrieb Rolf Schöpfer:
>>>>>>>>> Hi Noel
>>>>>>>>>
>>>>>>>>> Nonce and ipsec were missing. It looks now like this:
>>>>>>>>>
>>>>>>>>> # /etc/strongswan.conf - strongSwan configuration file
>>>>>>>>>
>>>>>>>>> charon {
>>>>>>>>> load = nonce libipsec aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-raw updown
>>>>>>>>> multiple_authentication = no
>>>>>>>>> }
>>>>>>>>>
>>>>>>>>> Still some errors (prepeding socket didn't help):
>>>>>>>>>
>>>>>>>>> <<< Development SZ 16:27:48 >>> root:/usr/strongswan-5.1.3
>>>>>>>>> # tail -12 /var/log/syslog
>>>>>>>>> May 14 16:26:28 development charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.1.3, Linux 2.6.32-26-pve, i686)
>>>>>>>>> May 14 16:26:28 development charon: 00[LIB] feature CUSTOM:libcharon-receiver in critical plugin 'charon' has unmet dependency: CUSTOM:socket
>>>>>>>>> May 14 16:26:28 development charon: 00[LIB] feature CUSTOM:libcharon in critical plugin 'charon' has unmet dependency: CUSTOM:libcharon-receiver
>>>>>>>>> May 14 16:26:28 development charon: 00[CFG] loading ca certificates from '/etc/config/strongswan/ipsec.d/cacerts'
>>>>>>>>> May 14 16:26:28 development charon: 00[CFG] loading aa certificates from '/etc/config/strongswan/ipsec.d/aacerts'
>>>>>>>>> May 14 16:26:28 development charon: 00[CFG] loading ocsp signer certificates from '/etc/config/strongswan/ipsec.d/ocspcerts'
>>>>>>>>> May 14 16:26:28 development charon: 00[CFG] loading attribute certificates from '/etc/config/strongswan/ipsec.d/acerts'
>>>>>>>>> May 14 16:26:28 development charon: 00[CFG] loading crls from '/etc/config/strongswan/ipsec.d/crls'
>>>>>>>>> May 14 16:26:28 development charon: 00[CFG] loading secrets from '/etc/config/strongswan/ipsec.secrets'
>>>>>>>>> May 14 16:26:28 development charon: 00[CFG] loaded IKE secret for @development @office
>>>>>>>>> May 14 16:26:28 development charon: 00[LIB] failed to load 2 critical plugin features
>>>>>>>>> May 14 16:26:28 development charon: 00[DMN] initialization failed - aborting charon
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Am 14.05.2014 16:15, schrieb Noel Kuntze:
>>>>>>>>> Hello Rolf,
>>>>>>>>>
>>>>>>>>> What is your charon.load line?
>>>>>>>>> Make sure nonce and libipsec are in it and preferably somewhere in front of it.
>>>>>>>>>
>>>>>>>>> Regards,
>>>>>>>>> Noel Kuntze
>>>>>>>>>
>>>>>>>>> Am 14.05.2014 16:13, schrieb Rolf Schöpfer:
>>>>>>>>>>>> Hi Noel
>>>>>>>>>>>>
>>>>>>>>>>>> You are right, I need a newer Version for libipsec. I did compile now newest strongSwan:
>>>>>>>>>>>>
>>>>>>>>>>>> ./configure --prefix=/usr/strongswan-5.1.3 --sysconfdir=/etc/config/strongswan --enable-kernel-libipsec
>>>>>>>>>>>> make
>>>>>>>>>>>> make install
>>>>>>>>>>>>
>>>>>>>>>>>> Some output:
>>>>>>>>>>>> ...
>>>>>>>>>>>> ...
>>>>>>>>>>>> strongSwan will be built with the following plugins
>>>>>>>>>>>> -----------------------------------------------------
>>>>>>>>>>>> libstrongswan: aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp xcbc cmac hmac
>>>>>>>>>>>> libcharon: kernel-libipsec socket-default stroke updown xauth-generic
>>>>>>>>>>>> libhydra: attr kernel-netlink resolve
>>>>>>>>>>>> libtnccs:
>>>>>>>>>>>> ...
>>>>>>>>>>>> ...
>>>>>>>>>>>>
>>>>>>>>>>>> I use the same configuration. And get following output:
>>>>>>>>>>>>
>>>>>>>>>>>> <<< Development SZ 16:01:11 >>> root:/usr/strongswan-5.1.3
>>>>>>>>>>>> # sbin/ipsec start
>>>>>>>>>>>> Starting strongSwan 5.1.3 IPsec [starter]...
>>>>>>>>>>>> !! Your strongswan.conf contains manual plugin load options for charon.
>>>>>>>>>>>> !! This is recommended for experts only, see
>>>>>>>>>>>> !! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad
>>>>>>>>>>>> # deprecated keyword 'plutostart' in config setup
>>>>>>>>>>>> ### 1 parsing error (0 fatal) ###
>>>>>>>>>>>>
>>>>>>>>>>>> <<< Development SZ 16:01:17 >>> root:/usr/strongswan-5.1.3
>>>>>>>>>>>> # tail /var/log/syslog
>>>>>>>>>>>> May 14 16:01:17 development charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.1.3, Linux 2.6.32-26-pve, i686)
>>>>>>>>>>>> May 14 16:01:17 development charon: 00[LIB] feature CUSTOM:libcharon in critical plugin 'charon' has unmet dependency: NONCE_GEN
>>>>>>>>>>>> May 14 16:01:17 development charon: 00[LIB] feature CUSTOM:libcharon-receiver in critical plugin 'charon' has unmet dependency: CUSTOM:socket
>>>>>>>>>>>> May 14 16:01:17 development charon: 00[CFG] loading ca certificates from '/etc/config/strongswan/ipsec.d/cacerts'
>>>>>>>>>>>> May 14 16:01:17 development charon: 00[CFG] loading aa certificates from '/etc/config/strongswan/ipsec.d/aacerts'
>>>>>>>>>>>> May 14 16:01:17 development charon: 00[CFG] loading ocsp signer certificates from '/etc/config/strongswan/ipsec.d/ocspcerts'
>>>>>>>>>>>> May 14 16:01:17 development charon: 00[CFG] loading attribute certificates from '/etc/config/strongswan/ipsec.d/acerts'
>>>>>>>>>>>> May 14 16:01:17 development charon: 00[CFG] loading crls from '/etc/config/strongswan/ipsec.d/crls'
>>>>>>>>>>>> May 14 16:01:17 development charon: 00[CFG] loading secrets from '/etc/config/strongswan/ipsec.secrets'
>>>>>>>>>>>> May 14 16:01:17 development charon: 00[CFG] loaded IKE secret for @development @office
>>>>>>>>>>>> May 14 16:01:17 development charon: 00[LIB] failed to load 2 critical plugin features
>>>>>>>>>>>> May 14 16:01:17 development charon: 00[DMN] initialization failed - aborting charon
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> You see I'm lost - strongSwan is to new for me to understand where to tweak things (compile or config?)
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks for your help.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Am 09.05.2014 19:33, schrieb Noel Kuntze:
>>>>>>>>>>>> Hello Rolf,
>>>>>>>>>>>>
>>>>>>>>>>>> OpenVZ virtualised guests do not have their own kernel and are not allowed to access the XFRM policies of the host kernel.
>>>>>>>>>>>> That's why that doesn't work. Use libipsec as a backend, instead of netlink. libipsec works in userspace.
>>>>>>>>>>>> You probably have to upgrade to a newer version of strongSwan, that supports libipsec, because it's one of the newer things.
>>>>>>>>>>>>
>>>>>>>>>>>> Regards,
>>>>>>>>>>>> Noel Kuntze
>>>>>>>>>>>>
>>>>>>>>>>>> Am 09.05.2014 19:31, schrieb Rolf Schöpfer:
>>>>>>>>>>>>>>> Hi
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Today I didn't succed to configure site2site VPN with strongSwan. Details:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> - Server Debian 7.3 32-bit, OpenVZ VM (Host is Proxmox)
>>>>>>>>>>>>>>> - I did configure 'Gateway moon' of http://www.strongswan.org/uml/testresults4/ikev2/rw-psk-ipv4/
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> # ipsec start
>>>>>>>>>>>>>>> Starting strongSwan 4.5.2 IPsec [starter]...
>>>>>>>>>>>>>>> !! Your strongswan.conf contains manual plugin load options for
>>>>>>>>>>>>>>> !! pluto and/or charon. This is recommended for experts only, see
>>>>>>>>>>>>>>> !! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> # tail /var/log/daemon.log
>>>>>>>>>>>>>>> May 9 19:22:49 development charon: 00[DMN] Starting IKEv2 charon daemon (strongSwan 4.5.2)
>>>>>>>>>>>>>>> May 9 19:22:49 development charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
>>>>>>>>>>>>>>> May 9 19:22:49 development charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
>>>>>>>>>>>>>>> May 9 19:22:49 development charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
>>>>>>>>>>>>>>> May 9 19:22:49 development charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
>>>>>>>>>>>>>>> May 9 19:22:49 development charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
>>>>>>>>>>>>>>> May 9 19:22:49 development charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
>>>>>>>>>>>>>>> May 9 19:22:49 development charon: 00[CFG] loaded IKE secret for @development.test @office.test
>>>>>>>>>>>>>>> May 9 19:22:49 development charon: 00[KNL] listening on interfaces:
>>>>>>>>>>>>>>> May 9 19:22:49 development charon: 00[KNL] venet0
>>>>>>>>>>>>>>> May 9 19:22:49 development charon: 00[KNL] 127.0.0.2
>>>>>>>>>>>>>>> May 9 19:22:49 development charon: 00[KNL] [Public IP not shown in this E-Mail]
>>>>>>>>>>>>>>> May 9 19:22:49 development charon: 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported
>>>>>>>>>>>>>>> May 9 19:22:49 development charon: 00[NET] installing bypass policy on receive socket failed
>>>>>>>>>>>>>>> May 9 19:22:49 development charon: 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported
>>>>>>>>>>>>>>> May 9 19:22:49 development charon: 00[NET] installing bypass policy on send socket failed
>>>>>>>>>>>>>>> May 9 19:22:49 development charon: 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported
>>>>>>>>>>>>>>> May 9 19:22:49 development charon: 00[NET] installing bypass policy on send socket failed
>>>>>>>>>>>>>>> May 9 19:22:49 development charon: 00[KNL] unable to set IPSEC_POLICY on socket: Operation not permitted
>>>>>>>>>>>>>>> May 9 19:22:49 development charon: 00[NET] installing bypass policy on receive socket failed
>>>>>>>>>>>>>>> May 9 19:22:49 development charon: 00[KNL] unable to set IPSEC_POLICY on socket: Operation not permitted
>>>>>>>>>>>>>>> May 9 19:22:49 development charon: 00[NET] installing bypass policy on send socket failed
>>>>>>>>>>>>>>> May 9 19:22:49 development charon: 00[KNL] unable to set IPSEC_POLICY on socket: Operation not permitted
>>>>>>>>>>>>>>> May 9 19:22:49 development charon: 00[NET] installing bypass policy on send socket failed
>>>>>>>>>>>>>>> May 9 19:22:49 development charon: 00[DMN] loaded plugins: aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-raw updown
>>>>>>>>>>>>>>> May 9 19:22:49 development charon: 00[DMN] unable to drop daemon capabilities
>>>>>>>>>>>>>>> May 9 19:22:49 development charon: 00[DMN] capability dropping failed - aborting charon
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I did check Kernel stuff: http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I did load some Modules on the Host manually:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> # modprobe ah4
>>>>>>>>>>>>>>> # modprobe esp4
>>>>>>>>>>>>>>> # modprobe ipcomp
>>>>>>>>>>>>>>> # modprobe xfrm4_tunnel
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> But still the same Error.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Is there another missing Module?
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Any help is appreciated.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Flink
>>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>>> Users mailing list
>>>>>>>>>>>>>>> Users at lists.strongswan.org
>>>>>>>>>>>>>>> https://lists.strongswan.org/mailman/listinfo/users
>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>> Users mailing list
>>>>>>>>>>>>> Users at lists.strongswan.org
>>>>>>>>>>>>> https://lists.strongswan.org/mailman/listinfo/users
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> Users mailing list
>>>>>>>>>>>> Users at lists.strongswan.org
>>>>>>>>>>>> https://lists.strongswan.org/mailman/listinfo/users
>>>>>>>
>>>>
>>>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v2.0.22 (GNU/Linux)
>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>>
>> iQIcBAEBCAAGBQJTc5c6AAoJEDg5KY9j7GZYX7sP/0n/LfF40wmM24Jy9GUFtLD2
>> 32JEYgynZ58JesSaENqMIICTmYPGA1QHbCrthJP6C3vm+3cfvX0RKN6BWGzHE6Px
>> 8anLk2XSDBvr2JBAABvziiy/i4LBd+gbZIyKW2ZL5M3ry47GIh5P7/4EqTw6XZ01
>> 7guKUvyZb4BF0l/UfUzsVNvNnLWrC60ZvKmdHj4gC19kW0wjmdinj1JomPXpyknb
>> cJXT3K2WP4t9hrpMsZTE46UY3SYlil59XPWyGjwL4XoQSzwhMjRX4KussgDqfo4T
>> h5qocuycFzhfCufsYToCCs8QOVC2V1eIQDc4Z3T+qY4cubJNyDv+VZz8mcFvCvTs
>> d3uDmoPjyE2nUEXMxN6Sze6zCzEolNJ7kf4biCrp7Uitclkjxrik3QgPK2TlHipJ
>> zc+3Yjdu4LxVHhHcR6tfLFVUf1mABcJh5p6AyV2BxuHyHjb+k6vKulVwfgBYw4tX
>> r8TBtg5Oj/I3OsVMzzIcQiT1imxjkKTFWLIdUGXZErhWz9kpMhzq3p1JNbX9LZEn
>> PiGYRxGELy7EbjEYtcD322AaD+3l0fsDNGafj1EHslfu1WgaXzZWF+HbZT/LVub4
>> hQWbI80FhR6kpGFwkbocZ3Lm71jK8q5ROKza6BRZGrelWJRf6D1nAx1XIqegHE9c
>> DN7Q41Kp/0Yfdi0VYu50
>> =YbGO
>> -----END PGP SIGNATURE-----
>>
>>
>>
>
More information about the Users
mailing list