[strongSwan] I have some questions about strongswan configuration.
Hyun-Jin Kim
be.successor at gmail.com
Wed Aug 19 06:35:28 CEST 2015
Thank you for answer.
I'm sorry for the confusion.
To put it delicately, I want to add Radius server in G/W1 ==== G/W2 IPsec.
So, G/W1 and G/W2 have to work as a Radius client.
[image: 본문 이미지 1]
Currently, I tried out the tips from you.
rightauth=eap-md5 => eap-radius
> *<Server configuration>*
>
> 1) ipsec.conf
> [...]
> conn rw-eap
> rightauth=eap-radius
> [...]
*My problem is....*
*1) Why this message is generated ??*
*syslog message : Aug 19 12:14:23 radSer charon: 10[IKE] loading EAP_RADIUS
method failed*
*2) Radius Server couldn't capture any packet.*
How can I solve this problem...? Please help me.
This is my configuration.
(I raised the debugging level : charondebug="lib 3,cfg 3,net 3,ike 3, enc
3, chd 3, mgr 3, dmn 3")
*<G/W1 configuration>*
1) ipsec.conf
config setup
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
conn rw-eap
left=192.168.0.1
leftsubnet=129.254.73.0/24
leftcert=moon.pem
leftid=strongswan moon
leftauth=pubkey
leftfirewall=yes
rightid=strongswan sun
rightauth=eap-radius
rightsendcert=never
right=192.168.0.2
auto=add
2) strongswan.conf
charon {
load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl
revocation hmac xcbc stroke kernel-netlink socket-default fips-prf
eap-radius updown
plugins{
eap-radius {
secret = testing123
address = 129.254.72.87
}
}
}
3) ipsec.secrets
: RSA moon.key "1p2p3p"
: RSA ca.key "1p2p3p"
4) ipsec statusall
Status of IKE charon daemon (strongSwan 5.2.2, Linux 3.13.0-61-generic,
x86_64):
uptime: 59 minutes, since Aug 19 12:22:10 2015
malloc: sbrk 2568192, mmap 0, used 398432, free 2169760
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0,
scheduled: 0
loaded plugins: charon aes des sha1 sha2 md5 pem pkcs1 gmp random nonce
x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
fips-prf eap-radius updown
Listening IP addresses:
192.168.0.1
129.254.73.189
Connections:
rw-eap: 192.168.0.1...192.168.0.2 IKEv2
rw-eap: local: [C=KR, ST=Some-State, O=Etri, CN=strongswan moon]
uses public key authentication
rw-eap: cert: "C=KR, ST=Some-State, O=Etri, CN=strongswan moon"
rw-eap: remote: [strongswan sun] uses EAP_RADIUS authentication
rw-eap: child: 129.254.73.0/24 === dynamic TUNNEL
Security Associations (0 up, 0 connecting):
none
5) tail -f /var/log/syslog /var/log/auth.log
root at radSer:/home/guest/temp/strongswan-5.2.2# tail -f /var/log/syslog
/var/log/auth.log
==> /var/log/syslog <==
Aug 19 13:15:00 radSer avahi-daemon[904]: Invalid response packet from host
129.254.190.77.
Aug 19 13:15:00 radSer avahi-daemon[904]: Invalid response packet from host
129.254.195.208.
Aug 19 13:15:00 radSer avahi-daemon[904]: Invalid response packet from host
129.254.172.192.
Aug 19 13:15:00 radSer avahi-daemon[904]: Invalid response packet from host
fe80::6e3b:e5ff:fe06:ad82.
Aug 19 13:15:00 radSer avahi-daemon[904]: Invalid response packet from host
129.254.172.139.
Aug 19 13:15:10 radSer avahi-daemon[904]: server.c: Packet too short or
invalid while reading known answer record. (Maybe a UTF-8 problem?)
Aug 19 13:17:01 radSer CRON[30816]: (root) CMD ( cd / && run-parts
--report /etc/cron.hourly)
Aug 19 13:20:21 radSer avahi-daemon[904]: message repeated 4 times: [
server.c: Packet too short or invalid while reading known answer record.
(Maybe a UTF-8 problem?)]
Aug 19 13:21:09 radSer avahi-daemon[904]: Invalid response packet from host
fe80::5265:f3ff:fe5d:c1a.
Aug 19 13:22:01 radSer avahi-daemon[904]: server.c: Packet too short or
invalid while reading known answer record. (Maybe a UTF-8 problem?)
==> /var/log/auth.log <==
Aug 19 12:22:10 radSer ipsec_starter[30718]: !!
http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad
Aug 19 12:22:11 radSer ipsec_starter[30739]: charon (30740) started after
20 ms
Aug 19 12:22:21 radSer charon: 12[IKE] 192.168.0.2 is initiating an IKE_SA
Aug 19 12:22:32 radSer charon: 04[IKE] 192.168.0.2 is initiating an IKE_SA
Aug 19 12:39:01 radSer CRON[30777]: pam_unix(cron:session): session opened
for user root by (uid=0)
Aug 19 12:39:01 radSer CRON[30777]: pam_unix(cron:session): session closed
for user root
Aug 19 13:09:01 radSer CRON[30800]: pam_unix(cron:session): session opened
for user root by (uid=0)
Aug 19 13:09:01 radSer CRON[30800]: pam_unix(cron:session): session closed
for user root
Aug 19 13:17:01 radSer CRON[30815]: pam_unix(cron:session): session opened
for user root by (uid=0)
Aug 19 13:17:01 radSer CRON[30815]: pam_unix(cron:session): session closed
for user root
==> /var/log/syslog <==
Aug 19 13:22:35 radSer charon: 13[NET] received packet: from
192.168.0.2[500] to 192.168.0.1[500] (692 bytes)
Aug 19 13:22:35 radSer charon: 13[ENC] parsed IKE_SA_INIT request 0 [ SA KE
No N(NATD_S_IP) N(NATD_D_IP) ]
Aug 19 13:22:35 radSer charon: 13[IKE] 192.168.0.2 is initiating an IKE_SA
==> /var/log/auth.log <==
Aug 19 13:22:35 radSer charon: 13[IKE] 192.168.0.2 is initiating an IKE_SA
==> /var/log/syslog <==
Aug 19 13:22:36 radSer charon: 13[ENC] generating IKE_SA_INIT response 0 [
SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
Aug 19 13:22:36 radSer charon: 13[NET] sending packet: from
192.168.0.1[500] to 192.168.0.2[500] (440 bytes)
Aug 19 13:22:36 radSer charon: 14[NET] received packet: from
192.168.0.2[4500] to 192.168.0.1[4500] (492 bytes)
Aug 19 13:22:36 radSer charon: 14[ENC] parsed IKE_AUTH request 1 [ IDi
N(INIT_CONTACT) CERTREQ IDr SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR)
N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
Aug 19 13:22:36 radSer charon: 14[IKE] received cert request for "C=KR,
ST=Some-State, O=Etri, CN=strongswan1"
Aug 19 13:22:36 radSer charon: 14[CFG] looking for peer configs matching
192.168.0.1[C=KR, ST=Some-State, O=Etri, CN=strongswan
moon]...192.168.0.2[strongswan sun]
Aug 19 13:22:36 radSer charon: 14[CFG] selected peer config 'rw-eap'
Aug 19 13:22:36 radSer charon: 14[IKE] loading EAP_RADIUS method failed
Aug 19 13:22:36 radSer charon: 14[IKE] peer supports MOBIKE
Aug 19 13:22:36 radSer charon: 14[ENC] generating IKE_AUTH response 1 [ IDr
EAP/FAIL ]
Aug 19 13:22:36 radSer charon: 14[NET] sending packet: from
192.168.0.1[4500] to 192.168.0.2[4500] (156 bytes)
*<G/W2 configuration>*
1) ipsec.conf
config setup
# charondebug="lib 3,cfg 3,net 3,ike 3, enc 3, chd 3, mgr 3, dmn 3"
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
conn home
left=192.168.0.2
leftid=strongswan sun
leftauth=eap
leftfirewall=yes
right=192.168.0.1
rightid=strongswan moon
rightsubnet=129.254.73.0/24
rightauth=pubkey
rightcert=moon.pem
auto=add
2) strongswan.conf
charon {
load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl
revocation hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5
updown
plugins{
eap-radius {
secret = testing123
address = 129.254.72.87
}
}
3) ipsec.secrets
: RSA sun.key "1p2p3p"
: RSA moon.key "1p2p3p"
strongswan sun : EAP "testing123"
4) ipsec statusall
Status of IKE charon daemon (strongSwan 5.2.2, Linux 3.13.0-57-generic,
x86_64):
uptime: 62 minutes, since Aug 19 12:23:22 2015
malloc: sbrk 405504, mmap 0, used 344912, free 60592
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0,
scheduled: 0
loaded plugins: charon aes des sha1 sha2 md5 pem pkcs1 gmp random nonce
x509 curl revocation hmac xcbc stroke kernel-netlink socket-default
fips-prf eap-md5 updown
Listening IP addresses:
192.168.0.55
192.168.0.2
129.254.73.188
Connections:
home: 192.168.0.2...192.168.0.1 IKEv2
home: local: [strongswan sun] uses EAP authentication
home: remote: [C=KR, ST=Some-State, O=Etri, CN=strongswan moon]
uses public key authentication
home: cert: "C=KR, ST=Some-State, O=Etri, CN=strongswan moon"
home: child: dynamic === 129.254.73.0/24 TUNNEL
Security Associations (0 up, 0 connecting):
none
5) tail -f /var/log/syslog /var/log/auth.log
root at radClient:~# tail -f /var/log/syslog /var/log/auth.log
==> /var/log/syslog <==
Aug 19 13:24:57 radClient avahi-daemon[843]: Invalid response packet from
host fe80::fe15:b4ff:fe78:6dc3.
Aug 19 13:24:58 radClient avahi-daemon[843]: Invalid response packet from
host fe80::3664:a9ff:fe69:ad9b.
Aug 19 13:24:58 radClient avahi-daemon[843]: Invalid response packet from
host 129.254.194.88.
Aug 19 13:24:58 radClient avahi-daemon[843]: server.c: Packet too short or
invalid while reading known answer record. (Maybe a UTF-8 problem?)
Aug 19 13:24:58 radClient avahi-daemon[843]: Invalid response packet from
host 129.254.172.139.
Aug 19 13:24:58 radClient avahi-daemon[843]: Invalid response packet from
host fe80::6e3b:e5ff:fe06:ad82.
Aug 19 13:24:58 radClient avahi-daemon[843]: Invalid response packet from
host 129.254.72.230.
Aug 19 13:24:58 radClient avahi-daemon[843]: Invalid response packet from
host fe80::a2b3:ccff:fe9b:4b2e.
Aug 19 13:24:59 radClient avahi-daemon[843]: Invalid response packet from
host fe80::a65d:36ff:fe62:e868.
Aug 19 13:24:59 radClient avahi-daemon[843]: Invalid response packet from
host 129.254.190.77.
==> /var/log/auth.log <==
Aug 19 12:23:21 radClient ipsec_starter[10575]: !!
http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad
Aug 19 12:23:21 radClient ipsec_starter[10596]: charon (10597) started
after 20 ms
Aug 19 12:23:39 radClient charon: 12[IKE] initiating IKE_SA home[1] to
192.168.0.1
Aug 19 12:23:39 radClient charon: 13[IKE] establishing CHILD_SA home
Aug 19 12:23:50 radClient charon: 07[IKE] initiating IKE_SA home[2] to
192.168.0.1
Aug 19 12:23:50 radClient charon: 08[IKE] establishing CHILD_SA home
Aug 19 13:17:01 radClient CRON[10644]: pam_unix(cron:session): session
opened for user root by (uid=0)
Aug 19 13:17:01 radClient CRON[10644]: pam_unix(cron:session): session
closed for user root
Aug 19 13:23:53 radClient charon: 08[IKE] initiating IKE_SA home[3] to
192.168.0.1
Aug 19 13:23:53 radClient charon: 09[IKE] establishing CHILD_SA home
==> /var/log/syslog <==
Aug 19 13:25:46 radClient charon: 05[NET] received packet: from
192.168.0.1[500] to 192.168.0.2[500] (692 bytes)
==> /var/log/auth.log <==
Aug 19 13:25:46 radClient charon: 05[IKE] 192.168.0.1 is initiating an
IKE_SA
==> /var/log/syslog <==
Aug 19 13:25:46 radClient charon: 05[ENC] parsed IKE_SA_INIT request 0 [ SA
KE No N(NATD_S_IP) N(NATD_D_IP) ]
Aug 19 13:25:46 radClient charon: 05[IKE] 192.168.0.1 is initiating an
IKE_SA
Aug 19 13:25:46 radClient charon: 05[IKE] sending cert request for "C=KR,
ST=Some-State, O=Etri, CN=strongswan1"
Aug 19 13:25:46 radClient charon: 05[ENC] generating IKE_SA_INIT response 0
[ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
Aug 19 13:25:46 radClient charon: 05[NET] sending packet: from
192.168.0.2[500] to 192.168.0.1[500] (465 bytes)
Aug 19 13:25:46 radClient charon: 07[NET] received packet: from
192.168.0.1[4500] to 192.168.0.2[4500] (1228 bytes)
Aug 19 13:25:46 radClient charon: 07[ENC] parsed IKE_AUTH request 1 [ IDi
CERT N(INIT_CONTACT) IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR)
N(MULT_AUTH) N(EAP_ONLY) ]
Aug 19 13:25:46 radClient charon: 07[IKE] received end entity cert "C=KR,
ST=Some-State, O=Etri, CN=strongswan moon"
Aug 19 13:25:46 radClient charon: 07[CFG] looking for peer configs matching
192.168.0.2[strongswan sun]...192.168.0.1[C=KR, ST=Some-State, O=Etri,
CN=strongswan moon]
Aug 19 13:25:46 radClient charon: 07[CFG] selected peer config 'home'
Aug 19 13:25:46 radClient charon: 07[CFG] using trusted ca certificate
"C=KR, ST=Some-State, O=Etri, CN=strongswan1"
Aug 19 13:25:46 radClient charon: 07[CFG] checking certificate status of
"C=KR, ST=Some-State, O=Etri, CN=strongswan moon"
Aug 19 13:25:46 radClient charon: 07[CFG] certificate status is not
available
Aug 19 13:25:46 radClient charon: 07[CFG] reached self-signed root ca
with a path length of 0
Aug 19 13:25:46 radClient charon: 07[CFG] using trusted certificate
"C=KR, ST=Some-State, O=Etri, CN=strongswan moon"
Aug 19 13:25:46 radClient charon: 07[IKE] authentication of 'C=KR,
ST=Some-State, O=Etri, CN=strongswan moon' with RSA signature successful
Aug 19 13:25:46 radClient charon: 07[IKE] peer supports MOBIKE
Aug 19 13:25:46 radClient charon: 07[IKE] IKE_SA home[4] established
between 192.168.0.2[strongswan sun]...192.168.0.1[C=KR, ST=Some-State,
O=Etri, CN=strongswan moon]
==> /var/log/auth.log <==
Aug 19 13:25:46 radClient charon: 07[IKE] IKE_SA home[4] established
between 192.168.0.2[strongswan sun]...192.168.0.1[C=KR, ST=Some-State,
O=Etri, CN=strongswan moon]
==> /var/log/syslog <==
Aug 19 13:25:46 radClient charon: 07[IKE] scheduling reauthentication in
3316s
Aug 19 13:25:46 radClient charon: 07[IKE] maximum IKE_SA lifetime 3496s
==> /var/log/auth.log <==
Aug 19 13:25:46 radClient charon: 07[IKE] CHILD_SA home{4} established with
SPIs cf4d1089_i c47c418e_o and TS 192.168.0.2/32 === 129.254.73.0/24
==> /var/log/syslog <==
Aug 19 13:25:46 radClient charon: 07[IKE] CHILD_SA home{4} established with
SPIs cf4d1089_i c47c418e_o and TS 192.168.0.2/32 === 129.254.73.0/24
Aug 19 13:25:46 radClient vpn: + C=KR, ST=Some-State, O=Etri, CN=strongswan
moon 129.254.73.0/24 == 192.168.0.1 -- 192.168.0.2
Aug 19 13:25:46 radClient charon: 07[ENC] generating IKE_AUTH response 1 [
IDr SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) ]
Aug 19 13:25:46 radClient charon: 07[NET] sending packet: from
192.168.0.2[4500] to 192.168.0.1[4500] (220 bytes)
Aug 19 13:25:46 radClient charon: 12[NET] received packet: from
192.168.0.1[4500] to 192.168.0.2[4500] (76 bytes)
Aug 19 13:25:46 radClient charon: 12[ENC] parsed INFORMATIONAL request 2 [
N(AUTH_FAILED) ]
Aug 19 13:25:46 radClient charon: 12[IKE] received DELETE for IKE_SA home[4]
Aug 19 13:25:46 radClient charon: 12[IKE] deleting IKE_SA home[4] between
192.168.0.2[strongswan sun]...192.168.0.1[C=KR, ST=Some-State, O=Etri,
CN=strongswan moon]
==> /var/log/auth.log <==
Aug 19 13:25:46 radClient charon: 12[IKE] deleting IKE_SA home[4] between
192.168.0.2[strongswan sun]...192.168.0.1[C=KR, ST=Some-State, O=Etri,
CN=strongswan moon]
==> /var/log/syslog <==
Aug 19 13:25:46 radClient charon: 12[IKE] IKE_SA deleted
==> /var/log/auth.log <==
Aug 19 13:25:46 radClient charon: 12[IKE] IKE_SA deleted
==> /var/log/syslog <==
Aug 19 13:25:46 radClient vpn: - C=KR, ST=Some-State, O=Etri, CN=strongswan
moon 129.254.73.0/24 == 192.168.0.1 -- 192.168.0.2
Aug 19 13:25:46 radClient charon: 12[ENC] generating INFORMATIONAL response
2 [ ]
Aug 19 13:25:46 radClient charon: 12[NET] sending packet: from
192.168.0.2[4500] to 192.168.0.1[4500] (76 bytes)
*<FreeRADIUS configuration>*
1) radiusd.conf
# radiusd.conf -- FreeRADIUS server configuration file.
prefix = /usr
exec_prefix = ${prefix}
sysconfdir = /etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = ${localstatedir}/log/freeradius
raddbdir = ${sysconfdir}/freeradius
radacctdir = ${logdir}/radacct
# name of the running server. See also the "-n" command-line option.
name = freeradius
# Location of config and logfiles.
confdir = ${raddbdir}
run_dir = ${localstatedir}/run
# Should likely be ${localstatedir}/lib/radiusd
db_dir = ${raddbdir}
# libdir: Where to find the rlm_* modules.
libdir = ${exec_prefix}/lib
# pidfile: Where to place the PID of the RADIUS server.
pidfile = ${run_dir}/${name}.pid
# max_request_time: The maximum time (in seconds) to handle a request.
max_request_time = 30
# cleanup_delay: The time to wait (in seconds) before cleaning up
cleanup_delay = 5
# max_requests: The maximum number of requests which the server keeps
max_requests = 1024
# listen: Make the server listen on a particular IP address, and send
listen {
type = auth
ipaddr = 129.254.72.87
port = 0
}
# This second "listen" section is for listening on the accounting
# port, too.
#
listen {
type = acct
ipaddr = 129.254.72.87
port = 0
}
# hostname_lookups: Log the names of clients or just their IP addresses
hostname_lookups = no
# Core dumps are a bad thing. This should only be set to 'yes'
allow_core_dumps = no
# Regular expressions
regular_expressions = yes
extended_expressions = yes
# Logging section. The various "log_*" configuration items
log {
destination = files
file = ${logdir}/radius.log
syslog_facility = daemon
stripped_names = no
auth = yes
auth_badpass = yes
auth_goodpass = yes
}
# The program to execute to do concurrency checks.
checkrad = ${sbindir}/checkrad
# Security considerations
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
# PROXY CONFIGURATION
proxy_requests = yes
$INCLUDE proxy.conf
# CLIENTS CONFIGURATION
$INCLUDE clients.conf
# THREAD POOL CONFIGURATION
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
# MODULE CONFIGURATION
modules {
$INCLUDE ${confdir}/modules/
$INCLUDE eap.conf
$INCLUDE sql.conf
$INCLUDE sql/mysql/counter.conf
}
# Instantiation
instantiate {
exec
expr
expiration
logintime
}
# Policies
$INCLUDE policy.conf
# Include all enabled virtual hosts
$INCLUDE sites-enabled/
2) eap.conf
eap {
default_eap_type = md5
md5 {
}
}
3) clients.conf
etri1 129.254.73.189 {
secret = testing123
shortname = moon
}
etri2 129.254.73.188 {
secret = testing123
shortname = sun
}
4) users
sun Cleartext-Password := "testing123"
moon Cleartext-Password := "testing123"
5) proxy.conf
realm strongswan.org {
type = radius
authhost = LOCAL
accthost = LOCAL
}
6) strongswan.conf
# /etc/strongswan.conf - strongSwan configuration file
charon {
load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation
constraints pubkey gmp random nonce curl kernel-netlink socket-default
updown stroke
}
libstrongswan {
dh_exponent_ansi_x9_42 = no
}
------------------------------------
Hyun-jin Kim, Master's course
Information Security Laboratory
ChungNam National University
E: be.successor at gmail.com
Tel : +82-10-4410-4292 / +82-42-821-7443
------------------------------------
2015-08-19 4:41 GMT+09:00 Noel Kuntze <noel at familie-kuntze.de>:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello,
>
> > *<Server configuration>*
> >
> > 1) ipsec.conf
> > [...]
> > conn rw-eap
> > rightauth=eap-md5
> > [...]
>
> That tells strongSwan to try to authenticate the other side using eap-md5.
> This doesn't make sense, if you want to delegate the eap authentication
> to a RADIUS server. You need to set that value to eap-radius.
>
> Judging from your diagram and the configs, you want to authenticate the
> server
> to the client using a cerificate and delegate the EAP authentication,
> which happens after the certificate authentication, to a RADIUS server?
>
> In that case, strongSwan only relays the EAP messages in the IKE exchange
> to
> the RADIUS server and does not do any EAP exchanges with the client.
> Therefore you need to tell it to use the eap-radius plugin for
> authenticating the client.
> If you had followed the configuration file[1] for moon correctly, you had
> seen that:
>
> > [...]
> > conn rw-eap
> > rightauth=eap-radius
> > [...]
>
> Also, the auth.log file on the server tells you the problem:
>
> > Aug 18 16:21:23 radSer charon: 06[CFG] selected peer config 'rw-eap'
> > Aug 18 16:21:23 radSer charon: 06[IKE] loading EAP_MD5 method failed
> > Aug 18 16:21:23 radSer charon: 06[ENC] generating IKE_AUTH response 1 [
> IDr EAP/FAIL ]
>
>
>
>
> [1]
> https://www.strongswan.org/uml/testresults/ikev2/rw-eap-md5-radius/moon.ipsec.conf
>
> - --
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJV04pcAAoJEDg5KY9j7GZYT2MP/iJr11MEX4AyiouOqODaW9yD
> BnBJeIb+kRInQSs1HW00sX06mwvoXSZRHjBEhwFNiSyangpsrjITeNMEk1BK++Sx
> ZQnEP99FwPOUiJz4gKeZQ/5bqbJpI/MX7UHGj24aqGZEjOfUdso/Tk4dA0QuH7oy
> vjYLJObaNIxERCMey1Aqwe4/Msja6S3WNqO/CGxaMCdGj7kd3VN5H97r06ZnQRTY
> LbruPPeBYqGpcEshu1DuYwdwf2yK0MKEQ/JuKOmRKx/yDVGhKQxVk/MEEKnIQfWx
> hIrYLr2gma4guLCFiKgKrrV5dpE5VVffhCJrkg948QQVDNDNpQiVG3q2SkwM0TEV
> 4CEA6y84V6rcuhBSXjw5QQoaIW/E2zk9T1ItqtRReDRxRt1B9ATR/+3C0fYIgCNn
> cJaxjeUaj/9DCC0gq+vlEoEx4D4L2CBRU53qohyiAersRwLZaMRqHuibDWsDOyJF
> hLSpRHz+AzvXTgl1xBMx2Amiai/QzasEo175LsC3iro2iNVEd0XnCJfZYy3Kso9E
> EGkN/fdv+T+P3E9XIqvLrM2tkdVEiqDvQZ8azPeadC1Bte5g+aeNGjkuzb7aWG41
> /QW6oSEf7Ns8QZww6swKFyIVEFPtw1Cqq7pGE8ay3MXAhPsAVqKL22a+vYcVNTC2
> 5nMt6eS37EXmDUzAkdH8
> =fzqJ
> -----END PGP SIGNATURE-----
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150819/27f27b88/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 71645 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150819/27f27b88/attachment-0001.png>
More information about the Users
mailing list