Nice! Thanks Tuomo.
Regards,
Erik
On 2018-05-07 17:27, Tuomo Soini wrote:
On Wed, 14 Mar 2018 10:50:13 +0100
Erik Andersson <e...@ingate.com> wrote:
Hi all,
I've set up a simple scenario (following the example described in
https://libreswan.org/wiki/Subnet_to_subnet_VPN_wi
Hi all,
I'm running libreswan 3.23 (using netkey/xfrm) on fedora 26.
Trying to connect clients via xauth and modecfg where the address pool
for clients is a subset of the network "behind the ipsec gateway".
Using the following configuration:
conn remote
auto=start
authby=secret
Great! Thanks.
/Erik
On 2018-04-26 05:10, Paul Wouters wrote:
On Tue, 24 Apr 2018, Erik Andersson wrote:
(have also tried rightsubnets={192.168.110.0/24 50.50.50.0/24})
Yields the following error in the pluto.log file:
Apr 23 12:42:48.546899: address family inconsistency
On 2018-04-24 00:29, Paul Wouters wrote:
On Mon, 23 Apr 2018, Erik Andersson wrote:
conn remote
...
...
right=10.48.28.81
rightid=10.48.28.81
rightsubnets=192.168.110.0/24,50.50.50.0/24
left=%any
...
...
(have also tried rightsubnets
Hi!
I'm running libreswan 3.23 and trying to connect road warriors via XAUTH
and modecfg.
It works fine when the clients are able to connect to a single subnet:
conn remote
...
...
right=10.48.28.81
rightid=10.48.28.81
rightsubnet=192.168.110.0/24
On 2018-03-14 15:18, Paul Wouters wrote:
On Wed, 14 Mar 2018, Erik Andersson wrote:
I've set up a simple scenario (following the example described in
https://libreswan.org/wiki/Subnet_to_subnet_VPN_with_PSK).
The tunnels are established successfully.
ping: sendto: Network is unreachable
Hi all,
I've set up a simple scenario (following the example described in
https://libreswan.org/wiki/Subnet_to_subnet_VPN_with_PSK).
The tunnels are established successfully.
But when I issue this command on the "west" gateway:
$ ping -n -c 4 -I 192.0.1.254 192.0.2.254
I get the following
On 03/07/2018 10:26 AM, Paul Wouters wrote:
On Mon, 5 Mar 2018, Tuomo Soini wrote:
I'm running Fedora 26 with libreswan 3.23 and trying to setup a
host-to-host tunnel using the VTI functionality.
Is this setup/configuration even possible? Maybe I'm missing some
fundamentals here :)
On 03/05/2018 10:06 PM, Tuomo Soini wrote:
On Mon, 5 Mar 2018 18:34:17 +0100
Erik Andersson <e...@ingate.com> wrote:
Hi,
I'm running Fedora 26 with libreswan 3.23 and trying to setup a
host-to-host tunnel using the VTI functionality.
Is this setup/configuration even possible? May
Hi,
Ok. Thanks for the information and feedback!
Regards,
Erik
On 2017-03-17 18:04, Andrew Cagney wrote:
Yes, the below look suspect.
On 17 March 2017 at 08:52, Erik Andersson <e...@ingate.com> wrote:
14)
==2991== 42,656 bytes in 5,332 blocks are definitely lost in loss record 795
p (server.c:663)
==2991==by 0x165568: call_server (server.c:798)
Same as 14?
Thanks and regards,
Erik
On 2017-03-03 03:12, Erik Andersson wrote:
Thanks Andrew!
I've re-built with your recent commits and it seems that your efforts
have solved the issue.
I've run for a few hours and the memory co
Thanks Andrew!
I've re-built with your recent commits and it seems that your efforts
have solved the issue.
I've run for a few hours and the memory consumption doesn't rise :)
Regards,
Erik
On 2017-03-02 22:30, Andrew Cagney wrote:
I didn't do any archaeology
I think two things were at
tunnels faster then we let them
linger. Run "ipsec status" and I bet you are seeing thousands of tunnels
waiting to get expired.
I do think we are keeping those around for far too long (an hour or so instead
of like 20s or so)
Paul
Sent from my iPhone
On Feb 28, 2017, at 09:2
Hi,
The commit e10b0481065428c377024da4c9c680659e3573d3 added support for
the Linux 4.4.x kernel.
It seems that the same commit introduce an issue when running KLIPS on
kernel 3.10.101 (haven't tried any other version).
Running cat /proc/net/pf_key yields the following kernel error:
[
On 23/02/16 23:03, Paul Wouters wrote:
On Mon, 22 Feb 2016, Erik Andersson wrote:
Subject: [Swan] klips_error:ipsec_xmit_encap_init
right=10.48.28.60
left=10.48.28.70
rightsubnet=2001:470:dc8c:5000::/64
leftsubnet=2001:470:dc8c:4000::/64
Hi all,
I'm running libreswan 3.15 on centos 7. I'm trying to setup a
IPv6-in-IPv4 tunnel according to the following configuration:
version 2.0
config setup
protostack=klips
interfaces="ipsec0=eth0"
conn mytunnel
authby=secret
right=10.48.28.60
16 matches
Mail list logo