Hello
I trying to setup a site-to-site tunnel using ESP, IKEv2 and
certificates. My side is Oracle Linux 6 (a RHEL6 clone from Oracle),
libreswan 3.20, NETKEY stack as initiator. Other side is strongswan,
don't know exact version (not under my control), as responder.
My configuration:
conn
ill a
problem?
Paul
___
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan
--
Ivan Kuznetsov
SOLVO ltd
___
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.
24.04.2018 16:08, Ivan Kuznetsov пишет:
Customer side equipment is some Cisco router, I don't know details. Our
side is libreswan 3.21
Libreswan 3.21 under Linux (kernel 4.1.12)
The question seems to be about Linux netkey stack, not libreswan. But if
someone shows me the good URL to read I
Hi, Eugeniy
rightsubnets=10.1.208.0/28,10.1.102.0/24,10.1.100.22/32
works at my site.
libreswan-3.21-1.el6_9
27.09.2018 17:49, Eugeniy Khvastunov пишет:
In all cases work only last subnet from list.
P.S.: libreswan-3.23-5.el7_5.x86_64
On Thu, Sep 27, 2018 at 5:46 PM Nick Howitt
Hmm, I remember I had similar problem with earler version of libreswan.
But my current configuration mostly has ikev1 peers. Few ikev2 peers
config has just one left/rightsubnet, so I'm not sure
27.09.2018 17:59, Satavee Junwana пишет:
I also have the same problem for ikev2.,
Libreswan
rekeymargin=5m
keyingtries=3
fragmentation=yes
#BKP's Cisco ASA has nonstadard DPD
#dpddelay=30
#dpdtimeout=120
#dpdaction=restart
Libreswan log is attached
--
Regards, Ivan Kuznetsov
SOLVO ltd
May 13 16:15:12.957820: "bkp/0x2" #92837: dele
ion
is supposed to remain up; schedule EVENT_REVIVE_CONNS
May 14 14:00:01.953334: "bkp/0x2": initiating connection which received
a Delete/Notify but must remain up per local policy
May 14 14:00:01.953376: "bkp/0x2" #94672: initiating IKEv2 IKE SA
May 14 14:00:01.954247: &q
14.05.2021 16:08, Paul Wouters пишет:
On Fri, 14 May 2021, Ivan Kuznetsov wrote:
No, config lines are not ignored. Here is status output, it shows
'ike_life: 86400s' and 'ipsec_life: 28800s' implemented
[root@vpn3 ipsec.d]# ipsec auto --status | grep bkp/0x2
000 "bkp/0x2":
00
Hello Paul
17.05.2021 18:01, Paul Wouters пишет:
On Mon, 17 May 2021, Ivan Kuznetsov wrote:
Yes, all the bkp* has the same life times:
[root@vpn3 ipsec.d]# ipsec auto --status | grep bkp | grep ike_life
000 "bkp/0x1": ike_life: 86400s; ipsec_life: 28800s; replay_window:
32; re
Gzipped log for time 00:42:14 is attached
As I understand, other side (Cisco ASA) sends ISAKMP_v2_INFORMATIONAL
message contains ISAKMP_NEXT_v2D payload asks to delete the #103354 SA
20.05.2021 19:33, Ivan Kuznetsov пишет:
Hello Paul
17.05.2021 18:01, Paul Wouters пишет:
On Mon, 17 May
KMP; idle;
000 #33751: "customer/0x1":500 STATE_V2_IPSEC_R (IPsec SA established);
EVENT_SA_REKEY in 3414s; newest IPSEC; eroute owner; isakmp#33417; idle;
000 #33751: "customer/0x1" esp.9d603d4@E.F.G.H esp.232cb42f@A.B.C.D
tun.0@E.F.G.H tun.0@A.B.C.D ref=0 refhim=0 Traffic: ESPin=0
11 matches
Mail list logo