[strongSwan] Cannot access certain websites from NetworkManager client
K. Cong
kc04bc at gmx.com
Fri Dec 23 18:50:00 CET 2016
Hi, I have strongSwan configured for road warrior use on CentOS 7,
roughly following this tutorial
https://raymii.org/s/tutorials/IPSEC_vpn_with_CentOS_7.html
I'm using two clients, the strongSwan Android app and the NetworkManager
plugin on Fedora 25.
It's working nicely for the most part, there's only one issue when using
the NetworkManager plugin---I cannot load https://github.com, I'm
getting the following message from cURL.
$ curl -v https://github.com
* Rebuilt URL to: https://github.com/
* Trying 192.30.253.113...
* TCP_NODELAY set
* Connected to github.com (192.30.253.113) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/ssl/certs/ca-bundle.crt
CApath: none
* NSS error -5961 (PR_CONNECT_RESET_ERROR)
* TCP connection reset by peer
* Curl_http_done: called premature == 1
* stopped the pause stream!
* Closing connection 0
curl: (35) TCP connection reset by peer
I don't see any error messages on the server and I don't think there's
anything wrong with my certificates, GitHub works fine when I'm not
using the VPN.
GitHub works fine on my Android device. So I suspect it's something to
do with my client configuration in the NetworkManager plugin. I'm using
a self-signed host certificate and "Certificate/private key" for client
authentication. I played around with the settings but I'm unable to fix
the problem. Has anyone seen a similar problem? What should I do to
troubleshoot further?
Thanks,
Kelong
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161223/3c80f7e2/attachment.sig>
More information about the Users
mailing list