[strongSwan] Socket-win installing virtual IP failed (Strongswan 5.3.5 mingw Windows 10 64bit)
C. Emeric
curiousemeric at rotacioskapa.com
Tue Dec 29 08:35:18 CET 2015
Hello Noel,
Thanks for the response!
SO:
- Socket-win: module that binds on the socket
- Kernel-wfp: firewall module that installs rules
- Kernel-iph: ip related operations module
The windows implementation is my main gripe. The crypto choices are
abysmal for ikev2.
aes256-sha1-modp1024 even in windows 10! Otherwise the rekey fails.
Windows networking is a nightmare.
The MS ipsec implementation somehow brings up virtual ip-s as PPP links.
What kind of blackmagic it uses to do that is well beyond my imagination.
Maybe it only serves a loopback purpose, who knows?
Cheers,
Emeric
2015. 12. 29. 0:16 keltezéssel, Noel Kuntze írta:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello Emeric,
>
>> On the windows box I'm using socket-win, with the internal windows ikeext disabled. > Charon-svc is running in an admin cmd and I'm using a non-priv cmd to call swanctl. > I've read that kernel-iph can't install virtual ips, but I thought socket-win a completely separate userspace implementation. > > My question is: > - Am I missing a point and utterly misread/interpreted the online wiki?
> strongSwan on Windows currently can not install virtual IPs. Even if it could, the virtual IP would be quite useless, because
> the Windows IPsec component does not seem to be able to work with IPs that are installed on the loopback adapter.
> The description of the charon plugins gives all the infos. I wrote this from memory, so things could be off. Check
> the plugin pages. I already looked at this when the port was released and came to the conclusion that to build a working
> roadwarrior version of strongSwan on Windows, you'd need to either get Microsoft to fix that bug
> or implement your own IPsec backend in userspace (or kernelspace?) that handles that correctly.
>
> - --
>
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJWgcK3AAoJEDg5KY9j7GZY+IIP/1qS0bBfVlyUdDW/VlsBSZn7
> F86qdw0tC/vfqBYhbK/evCOe2FjPAECR1WfwRtSgpTnhtqNEijM2IElHH6mscqfh
> m8omlbK42mJI8mV0U/BafNXmLBBpx48+Z0Aak7ZbU663dgv6afMN9gruC7B/w4i2
> gSKXXWQS4DzjEdFJCnPasq9NL0R7ZnZWb65PmEhQukn280jtxHY1BYJyQuSAgGLF
> EhLOQ9ADW7u5k+7EHTnRAOb3Oph1Lby3i53WSre0vqruVWbmsAGRFjx6DkHuSGfS
> vu4+Gi+4vHksdPyjm51dbeSjtd7sWl8r9yH5Y09j7MThc5Wk1oIB9Gu0e/BR78WF
> Nk2FW9Nh8X4uVb5H2yVHleK3FYR9meAf/K9B0n8je1lxC+9wyYNuWDs8jz3RHaxc
> kzZLNrO+xJXbJ962qVkpEMlMZ3sBxVqOi+t21h79rogduylAykZqxV7D4V4GlAxL
> KOk3y/2hKxLNKeyic7AYXrlwlJFdEw+3oQRPiYoxf55/Zhs/KXKn9II7Lnk4lTaz
> 5IYS6IBzgX4QOHGRhwIWHGHlHbU7G56pkS2nO2Eeq+A2jS/0+AY5ign5XmF2Rpbl
> FTnf+OByp+eREN0MeDNcUuJxbvgvR/bcojC3Ce5/WA5E5GLkLWeaHw4qwNLegQql
> lpYGU7FllS14pnaZVURR
> =lv6I
> -----END PGP SIGNATURE-----
>
More information about the Users
mailing list