[Swan] Intermittent connection lose

Hi, I have a VPN which would fail every 8 hours or so, at the time of phase 1 IKE expiration. Here is the config file: config setup protostack=netkey plutodebug=none listen=xxx.xxx.xxx.20 conn conn_vpn-1200910-tunnel authby=secret left=xxx.xxx.xxx.20

[Swan-commit] Changes to ref refs/heads/master

New commits: commit 5ae0019c2c989f5270a8cd4ded2fcd5e5d19ea41 Author: Andrew Cagney Date: Thu Sep 27 17:40:35 2018 -0400 testing: in ikev1-responder-retransmit-01-Q2 use --impair replay-duplicates Rather than rely on re-transmits. ___

[Swan-commit] Changes to ref refs/heads/master

New commits: commit 5f7474eb582777cac25bf97ce3420e5fd92b2eff Merge: 1e306b2 84c1261 Author: Andrew Cagney Date: Thu Sep 27 16:02:16 2018 -0400 ikev2: eliminate ikev2_crypto_start() Inline the relevant code at the call site. Merge commit

Re: [Swan-dev] why do we bother checking out_raw() et.al.'s result?

So, I got curious and went looking for the word 'containing'. In IKEv2 I found the following under "3.2. Generic Payload Header" a use of the word: o Next Payload (1 octet) - Identifier for the payload type of the next payload in the message. If the current payload is the last

Re: [Swan] rightsubnets

Hi Joe, Currently I have Libreswan-3.21rc5/CenOS6.9, it working fine either ikev1 or ikev2 – But I’m planed and testing for updating to CentOS7.X/Libreswan-3.26, as mentioned on previous email I;’ve configuration that working fine with IKEv1, just only change to IKEv2 … Libreswan keep

Re: [Swan-dev] f28 and testing's(f22) abysmal results

A status update ... On Tue, 25 Sep 2018 at 10:25, Andrew Cagney wrote: > So what can be done? Several changes to the framework (I assume we > don't want to disable electric fence) are: > > - on the theory that the HOST's KVM is too old, upgrade testing to > something more recent, I thing that's

Re: [Swan] rightsubnets

In all cases work only last subnet from list. I had the same issue with a StrongSwan instance as the remote end. This was the issue: https://www.mail-archive.com/search?l=swan@lists.libreswan.org=subject:%22Re%5C%3A+%5C%5BSwan%5C%5D+Tunnels+coming+establishing+and+dropping+quickly%22=newest=1

Re: [Swan] rightsubnets

Hi Joe, Libreswan3-2.1/Ikev2/Centos 7.5 , it will say – syntax error Sent from Mail for Windows 10 From: Madden, Joe Sent: Thursday, September 27, 2018 22:15 To: Satavee Junwana; J Kephart Cc: swan@lists.libreswan.org Subject: RE: [Swan] rightsubnets I believe it should be like this: It

Re: [Swan] Azure + LibreSwan

Hi Paul, I've ran though the output from debug but I'm not sure how to read it in order to find the azure proposal. https://pastebin.com/raw/Qdns0p5q Am I being dense - How do you tell the proposal from this log output? Cheers Joe. -Original Message- From: Swan On Behalf Of

Re: [Swan] rightsubnets

I believe it should be like this: It should be like this:

Re: [Swan] rightsubnets

Hmm, I remember I had similar problem with earler version of libreswan. But my current configuration mostly has ikev1 peers. Few ikev2 peers config has just one left/rightsubnet, so I'm not sure 27.09.2018 17:59, Satavee Junwana пишет:  I also have the same problem for ikev2., Libreswan

Re: [Swan] rightsubnets

Hi, Eugeniy rightsubnets=10.1.208.0/28,10.1.102.0/24,10.1.100.22/32 works at my site. libreswan-3.21-1.el6_9 27.09.2018 17:49, Eugeniy Khvastunov пишет: In all cases work only last subnet from list. P.S.: libreswan-3.23-5.el7_5.x86_64 On Thu, Sep 27, 2018 at 5:46 PM Nick Howitt

Re: [Swan] rightsubnets

I also have the same problem for ikev2., Libreswan initiate phase1 for each submet. But there has no problem wth ikve1 ... noted:libreswarn-3.26 Sent via Iphone > On 27 Sep 2018, at 21:47, J Kephart wrote: > > >> What is right way to put in config r amore than one subnet? >> On some forums

Re: [Swan] rightsubnets

What is right way to put in config more than one subnet? On some forums i find: rightsubnets={172.16.1.0/24 192.168.3.0/24 } rightsubnets={172.16.1.0/24,192.168.3.0/24 }

Re: [Swan] rightsubnets

In all cases work only last subnet from list. P.S.: libreswan-3.23-5.el7_5.x86_64 On Thu, Sep 27, 2018 at 5:46 PM Nick Howitt wrote: > AFAIK the first and second work. At a guess the third might. Try it and > see if you connections instantiate as expected. > > On 27/09/2018 15:41, Eugeniy

Re: [Swan] rightsubnets

AFAIK the first and second work. At a guess the third might. Try it and see if you connections instantiate as expected. On 27/09/2018 15:41, Eugeniy Khvastunov wrote: Hi all! What is

[Swan-commit] Changes to ref refs/heads/master

New commits: commit 1e306b2a2c5f7edab57b76f3e9637e6a700939cd Author: Andrew Cagney Date: Thu Sep 27 10:23:36 2018 -0400 packet: use RFC term 'next payload' when describing next payloads ___ Swan-commit mailing list

[Swan-dev] New Defects reported by Coverity Scan

Hi, Please find the latest report on new defect(s) introduced to antonyantony/libreswan found with Coverity Scan. 1 new defect(s) introduced to antonyantony/libreswan found with Coverity Scan. 4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by