Wow, thanks for the quick response Martin. It sounds a heck of a lot like
what I'm seeing.
I'll try reverting to a 4.9 kernel.
Cheers,
Alex
On Tue, Nov 12, 2019 at 3:45 PM Martin Willi wrote:
> Hi,
>
> > If I have "leftsubnet=172.30.0.0/16,0.0.0.0/0", the server leaks
> > memory - available me
Hi list,
Trying to troubleshoot a weird memory leak on my VPN server.
I have a roadwarrior setup described here -
https://lists.strongswan.org/pipermail/users/2019-October/013878.html
I have nat and mangle iptables rules set up as per the strongswan wiki to
forward internet-bound traffic via NAT
Any ideas?
Thanks,
Alex
On Tue, Oct 1, 2019 at 12:30 PM Alexander Hill wrote:
> Hi,
>
> I have a roadwarrior setup with a server running 5.6.2 on Ubuntu Bionic.
> Clients are a mix of 5.6.2 (Bionic), 5.3.5 (Xenial) and 5.5.1 (Stretch) and
> all work fine.
>
> I'm testin
Hi,
I have a roadwarrior setup with a server running 5.6.2 on Ubuntu Bionic.
Clients are a mix of 5.6.2 (Bionic), 5.3.5 (Xenial) and 5.5.1 (Stretch) and
all work fine.
I'm testing an updated client image on an Asus Tinkerboard S with Armbian
Buster which ships with 5.7.2. On this client, I can co
17 at 13:40 Rene Maurer wrote:
> Hello Alex
>
> Alexander Hill wrote:
>
> > It sounds like an issue with that provider's network configuration
> > rather than with the bandwidth or latency.
>
> This is my opinion as well.
>
> > Try lowering MTU/MSS with
Hi René,
It sounds like an issue with that provider's network configuration rather
than with the bandwidth or latency.
Try lowering MTU/MSS with either the charon.plugins.kernel-netlink.mss/mtu
settings or via iptables.
https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunne
Hi all,
Runnings Strongswan 5.3.5 on Ubuntu 16.04 on clients and server.
My connections with compress=yes don't appear to pass any traffic. What I'm
seeing seems similar to the issue described in this post from 2013:
https://lists.strongswan.org/pipermail/users/2013-May/004689.html
I get connect
Makes sense, thankyou!
On Mon, 6 Feb 2017 at 16:58 Tobias Brunner wrote:
> Hi Alexander,
>
> > My understanding was that the IKE_MOBIKE task was triggered by changes
> > to routes/interfaces.
> >
> > I'm intermittently seeing the IKE_MOBIKE task be queued at 30 second
> > intervals, with no inte
Hello,
My understanding was that the IKE_MOBIKE task was triggered by changes to
routes/interfaces.
I'm intermittently seeing the IKE_MOBIKE task be queued at 30 second
intervals, with no interface changes. There is nothing in the syslog or
kernel log in between most of these events. Is this defi
Hi Tobias, thanks for your advice.
I don't think anything's wrong with my configuration because this worked
fine before and after this incident, and also on many other devices with
the same configuration.
I'll have to wait until next time this happens to do any traffic analysis -
I already restar
I was just troubleshooting a remote device (roadwarrior-style config) that
had stopped talking to our server. Rebooting the device fixed the problem,
but I'd like to get to the bottom of it since these devices are hard to get
to physically.
The device was in a strange state where it would apparent
Hi list,
I have many effectively identical roadwarrior clients being assigned
dynamic virtual IPs. What I'd like is to have clients use the same
certificate/key, but identify themselves differently (e.g. by their
hostname). Essentially I just want each client to be able to give itself an
arbitrary
eat detail.
Thanks,
Alex
On Fri, 28 Oct 2016 at 09:12 Alexander Hill wrote:
> Sure, will do. I started that process yesterday but my account is still
> awaiting approval :)
>
> Alex
>
> On Fri, 28 Oct 2016 at 09:09 Noel Kuntze wrote:
>
> On 28.10.2016 03:00, Alexander Hil
Hi Tobias,
Sounds promising - would assigning the virtual IP to the loopback interface
"just work" with no extra configuration? Are there any downsides to doing
this?
Thanks,
Alex
On Mon., 31 Oct. 2016 at 9:56 pm, Tobias Brunner
wrote:
> Hi Alex,
>
> > But when there's no immediate path, e.g. i
Hi Tobias, thanks for taking the time.
I do see the relevant log messages in the case of switching interfaces, and
when there's another path for the tunnel to take, everything works
including MOBIKE.
But when there's no immediate path, e.g. if the only network adapter has a
cable unplugged or if
correct interface.
The case where no new route is immediately available is a corner case, but
I don't think one that doesn't deserve to be handled in the same way.
What do you think?
Cheers,
Alex
On Fri, 28 Oct 2016 at 23:33 Alexander Hill wrote:
Ok, thanks. That makes sense.
Tr
Ok, thanks. That makes sense.
Triggering a reconnect on if-up should do the trick then.
Cheers, Alex
On Fri., 28 Oct. 2016 at 11:09 pm, Noel Kuntze
wrote:
> On 28.10.2016 07:07, Alexander Hill wrote:
> > What's the thing that removes the route when the network cable is
> un
Hi all,
Trying to get my IPsec tunnels to come back up as reliably as possible.
Say I'm connected to ipsec and my table 220 looks like this:
172.16.0.0/16 via 192.168.1.254 dev eth0 proto static src 172.16.0.2
All is working. I then unplug my network cable, wait a few seconds, and
plug it bac
Sure, will do. I started that process yesterday but my account is still
awaiting approval :)
Alex
On Fri, 28 Oct 2016 at 09:09 Noel Kuntze wrote:
> On 28.10.2016 03:00, Alexander Hill wrote:
> >
> > Server is running 5.3.5, I've tested 5.5.1 on the client end with and
>
18:29, Alexander Hill wrote:
> I get a route with src explicitly set to my interface's real IP, which
has the same effect.
What version of strongSwan are you using?
--
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 2
Hi Noel,
Thanks for the suggestion, I tried that. If I remove the leftsubnet
directive from the client config, I get a route with src explicitly set to
my interface's real IP, which has the same effect. I also tried setting it
to the virtual IP pool, and the current virtual IP under lease, to no
a
Hello,
I'm having what seems to be a similar problem as that described in ticket
#85 (https://wiki.strongswan.org/issues/85) except that my connections are
up, I'm just not routing correctly.
My goal is to have many roadwarrior clients getting virtual dynamic IP
addresses, which I want to remain
22 matches
Mail list logo