KMP; idle;
000 #33751: "customer/0x1":500 STATE_V2_IPSEC_R (IPsec SA established);
EVENT_SA_REKEY in 3414s; newest IPSEC; eroute owner; isakmp#33417; idle;
000 #33751: "customer/0x1" esp.9d603d4@E.F.G.H esp.232cb42f@A.B.C.D
tun.0@E.F.G.H tun.0@A.B.C.D ref=0 refhim=0 Traffic: ESPin=0
Gzipped log for time 00:42:14 is attached
As I understand, other side (Cisco ASA) sends ISAKMP_v2_INFORMATIONAL
message contains ISAKMP_NEXT_v2D payload asks to delete the #103354 SA
20.05.2021 19:33, Ivan Kuznetsov пишет:
Hello Paul
17.05.2021 18:01, Paul Wouters пишет:
On Mon, 17 May
Hello Paul
17.05.2021 18:01, Paul Wouters пишет:
On Mon, 17 May 2021, Ivan Kuznetsov wrote:
Yes, all the bkp* has the same life times:
[root@vpn3 ipsec.d]# ipsec auto --status | grep bkp | grep ike_life
000 "bkp/0x1": ike_life: 86400s; ipsec_life: 28800s; replay_window:
32; re
14.05.2021 16:08, Paul Wouters пишет:
On Fri, 14 May 2021, Ivan Kuznetsov wrote:
No, config lines are not ignored. Here is status output, it shows
'ike_life: 86400s' and 'ipsec_life: 28800s' implemented
[root@vpn3 ipsec.d]# ipsec auto --status | grep bkp/0x2
000 "bkp/0x2":
00
ion
is supposed to remain up; schedule EVENT_REVIVE_CONNS
May 14 14:00:01.953334: "bkp/0x2": initiating connection which received
a Delete/Notify but must remain up per local policy
May 14 14:00:01.953376: "bkp/0x2" #94672: initiating IKEv2 IKE SA
May 14 14:00:01.954247: &q
rekeymargin=5m
keyingtries=3
fragmentation=yes
#BKP's Cisco ASA has nonstadard DPD
#dpddelay=30
#dpdtimeout=120
#dpdaction=restart
Libreswan log is attached
--
Regards, Ivan Kuznetsov
SOLVO ltd
May 13 16:15:12.957820: "bkp/0x2" #92837: dele
Hmm, I remember I had similar problem with earler version of libreswan.
But my current configuration mostly has ikev1 peers. Few ikev2 peers
config has just one left/rightsubnet, so I'm not sure
27.09.2018 17:59, Satavee Junwana пишет:
I also have the same problem for ikev2.,
Libreswan
Hi, Eugeniy
rightsubnets=10.1.208.0/28,10.1.102.0/24,10.1.100.22/32
works at my site.
libreswan-3.21-1.el6_9
27.09.2018 17:49, Eugeniy Khvastunov пишет:
In all cases work only last subnet from list.
P.S.: libreswan-3.23-5.el7_5.x86_64
On Thu, Sep 27, 2018 at 5:46 PM Nick Howitt
24.04.2018 16:08, Ivan Kuznetsov пишет:
Customer side equipment is some Cisco router, I don't know details. Our
side is libreswan 3.21
Libreswan 3.21 under Linux (kernel 4.1.12)
The question seems to be about Linux netkey stack, not libreswan. But if
someone shows me the good URL to read I
ill a
problem?
Paul
___
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan
--
Ivan Kuznetsov
SOLVO ltd
___
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.
Hello
I trying to setup a site-to-site tunnel using ESP, IKEv2 and
certificates. My side is Oracle Linux 6 (a RHEL6 clone from Oracle),
libreswan 3.20, NETKEY stack as initiator. Other side is strongswan,
don't know exact version (not under my control), as responder.
My configuration:
conn
11 matches
Mail list logo