search for: ikev2

Is there a "cookbook" for setting this up? There are examples for setting up a tunnel between two fixed-address networks (e.g. a remote LAN that needs to be "integrated" with a central LAN over IPSec but I can't find anything addressing the other situation -- remote user(s) where the connecting IPs are not known in advance, such as a person with a laptop or smartphone in a

...MY_IPV4%lnc0; }; spmd { unix "/var/run/racoon/spmif"; }; spmd_password "/usr/local/etc/racoon2/spmd.pwd"; }; # resolver info resolver { resolver off; }; # # default section # default { remote { ikev2 { logmode normal; kmp_sa_lifetime_time infinite; kmp_sa_lifetime_byte infinite; max_retry_to_send 3; interval_to_send 10 sec; times_per_send 1;...

https://bugzilla.netfilter.org/show_bug.cgi?id=1082 Bug ID: 1082 Summary: Hard lockup when inserting nft rules (esp. ct rule) Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: blocker Priority: P5 Component: kernel Assignee:

Hi ! Can Any one please send a working example of racoon2.conf for ikev2 Thanks in Advance. .....kamakshi.

...should be fine. > > Did you try using a simple RADIUS secret? In my experience long > secrets or ones containing special characters ?don?t work very well. I > would use alphanumerical only and no longer than 16 chars. > > We successfully use it to authenticate UniFi clients and IKEv2 > roadwarriors (using OPNsense). > > I believe you set > > lanman auth = yes > > as well, right? > > Does Samba give you anything in the logs? That way you might be able > to narrow it down? > > Alexander > > On Wednesday, Apr 12, 2023 at 12:21 PM, Ma...

...on using "ntlm auth = yes? should be fine. Did you try using a simple RADIUS secret? In my experience long secrets or ones containing special characters don?t work very well. I would use alphanumerical only and no longer than 16 chars. We successfully use it to authenticate UniFi clients and IKEv2 roadwarriors (using OPNsense). I believe you set lanman auth = yes as well, right? Does Samba give you anything in the logs? That way you might be able to narrow it down? Alexander > On Wednesday, Apr 12, 2023 at 12:21 PM, Matthias K?hne | Ellerhold Aktiengesellschaft via samba <samba a...

On 29/05/17 15:46, Robert Moskowitz wrote: > > > On 05/28/2017 06:57 PM, Rob Kampen wrote: >> On 28/05/17 23:56, Leon Fauster wrote: >>>> Am 28.05.2017 um 12:16 schrieb Robert Moskowitz <rgm at htt-consult.com>: >>>> >>>> >>>> >>>> On 05/28/2017 04:24 AM, Tony Mountifield wrote: >>>>> In article

On Fri, 2018-09-07 at 20:14 +0200, Luca Olivetti via samba wrote: > El 7/9/18 a les 17:59, Marco Gaiarin via samba ha escrit: > > > It is better to install squid/freeradius in the same host of a DC, or > > don't bother at all so they can be installed also on a DM? > > I don't know if it's better but I'm running freeradius with ntlm_auth on > a

Hello Alexander, thanks Alexander for these configuration snippets. Which version of Samba are you using? Is this on debian bullseye? Is the FreeRADIUS server installed on a DC or on a Domain Member? (I just tested the latter). is "ntlm auth = yes" OK for the DCs and the domain member or does it have to be "mschapv2-and-ntlmv2-only" for all servers (DCs + Member)? It