strongSwan

22.01.2021

16:01 strongSwan Issue #3679: DH group ECP_256 unacceptable, requesting MODP_3072

> How can we make a client, that uses only this combination?Because the client is in remote location.There is no chan...

15:25 strongSwan Issue #3679: DH group ECP_256 unacceptable, requesting MODP_3072

Why would you think the server config has anything to do with how the client behaves?
> only from 500-->500 and 45...

14:35 strongSwan Issue #3681 (Closed): STrongswan remote clients are not reconnecting once strongswan server has restarted

14:21 strongSwan Issue #3679: DH group ECP_256 unacceptable, requesting MODP_3072

> I have realized that there is a log eg: remote host is behind NAT.
> This warning was not there before.
It's no...

11:24 strongSwan Issue #3679: DH group ECP_256 unacceptable, requesting MODP_3072

> Okay.Is that the reason why there are 4 cases from sudo ss -nlup|grep 500 output ?
No, as you can see it's the s...

10:49 strongSwan Issue #3679: DH group ECP_256 unacceptable, requesting MODP_3072

> Why the issue is always here when i restart VPN Server ?
No idea. Maybe your config is incorrect.
> It seems ...

10:44 strongSwan Issue #3498: FreeBSD + dhcp+farp plugin

With version:5.9.2, the _farp_ plugin will work on macOS and FreeBSD.

10:44 strongSwan Revision 8d8739ac: github: Enable farp plugin on macOS

github: Enable farp plugin on macOS

10:44 strongSwan Revision 1af4ae87: cirrus: Build farp plugin on FreeBSD

cirrus: Build farp plugin on FreeBSD

10:21 strongSwan Revision 14e838b3: tls-peer: Verify server selects the same cipher suite after HelloRetryRequest

tls-peer: Verify server selects the same cipher suite after HelloRetryRequest
This is as per RFC 8446, section 4.1.4.