Re: [Swan] Basic netkey routing issue

2018-05-08 Thread Erik Andersson
Nice! Thanks Tuomo. Regards, Erik On 2018-05-07 17:27, Tuomo Soini wrote: On Wed, 14 Mar 2018 10:50:13 +0100 Erik Andersson wrote: Hi all, I've set up a simple scenario (following the example described in https://libreswan.org/wiki/Subnet_to_subnet_VPN_with_PSK). Please note t

Re: [Swan] xauth+modecfg and arp issues

2018-05-03 Thread Erik Andersson
On 2018-05-03 07:36, Tuomo Soini wrote: On Wed, 2 May 2018 22:54:43 +0300 Tuomo Soini wrote: On Wed, 2 May 2018 20:08:59 +0200 Erik Andersson wrote: Hi all, I'm running libreswan 3.23 (using netkey/xfrm) on fedora 26. Trying to connect clients via xauth and modecfg where the ad

[Swan] xauth+modecfg and arp issues

2018-05-02 Thread Erik Andersson
Hi all, I'm running libreswan 3.23 (using netkey/xfrm) on fedora 26. Trying to connect clients via xauth and modecfg where the address pool for clients is a subset of the network "behind the ipsec gateway". Using the following configuration: conn remote auto=start authby=secret r

Re: [Swan] left/rightsubnets option

2018-04-26 Thread Erik Andersson
Great! Thanks. /Erik On 2018-04-26 05:10, Paul Wouters wrote: On Tue, 24 Apr 2018, Erik Andersson wrote:  (have also tried rightsubnets={192.168.110.0/24 50.50.50.0/24})  Yields the following error in the pluto.log file:  Apr 23 12:42:48.546899: address family inconsistency in this/that

Re: [Swan] left/rightsubnets option

2018-04-24 Thread Erik Andersson
On 2018-04-24 00:29, Paul Wouters wrote: On Mon, 23 Apr 2018, Erik Andersson wrote: conn remote ... ...     right=10.48.28.81     rightid=10.48.28.81 rightsubnets=192.168.110.0/24,50.50.50.0/24   left=%any ... ... (have also tried rightsubnets

[Swan] left/rightsubnets option

2018-04-23 Thread Erik Andersson
Hi! I'm running libreswan 3.23 and trying to connect road warriors via XAUTH and modecfg. It works fine when the clients are able to connect to a single subnet: conn remote ... ... right=10.48.28.81 rightid=10.48.28.81 rightsubnet=192.168.110.0/24

Re: [Swan] Basic netkey routing issue

2018-03-15 Thread Erik Andersson
On 2018-03-14 15:18, Paul Wouters wrote: On Wed, 14 Mar 2018, Erik Andersson wrote: I've set up a simple scenario (following the example described in https://libreswan.org/wiki/Subnet_to_subnet_VPN_with_PSK). The tunnels are established successfully. ping: sendto: Network is unreac

[Swan] Basic netkey routing issue

2018-03-14 Thread Erik Andersson
Hi all, I've set up a simple scenario (following the example described in https://libreswan.org/wiki/Subnet_to_subnet_VPN_with_PSK). The tunnels are established successfully. But when I issue this command on the "west" gateway: $ ping -n -c 4 -I 192.0.1.254 192.0.2.254 I get the following e

Re: [Swan] Host-to-host tunnel and VTI

2018-03-13 Thread Erik Andersson
On 03/07/2018 10:26 AM, Paul Wouters wrote: On Mon, 5 Mar 2018, Tuomo Soini wrote: I'm running Fedora 26 with libreswan 3.23 and trying to setup a host-to-host tunnel using the VTI functionality. Is this setup/configuration even possible? Maybe I'm missing some fundamentals here :) Host-

Re: [Swan] Host-to-host tunnel and VTI

2018-03-06 Thread Erik Andersson
On 03/05/2018 10:06 PM, Tuomo Soini wrote: On Mon, 5 Mar 2018 18:34:17 +0100 Erik Andersson wrote: Hi, I'm running Fedora 26 with libreswan 3.23 and trying to setup a host-to-host tunnel using the VTI functionality. Is this setup/configuration even possible? Maybe I'm mi

[Swan] Host-to-host tunnel and VTI

2018-03-05 Thread Erik Andersson
Hi, I'm running Fedora 26 with libreswan 3.23 and trying to setup a host-to-host tunnel using the VTI functionality. Host A 10.48.28.81 ipsec.conf config setup logfile=/var/log/pluto.log conn myvpn left=10.48.28.81 right=10.48.28.82 authby=secret auto

Re: [Swan] klips_error:ipsec_xmit_encap_init

2016-02-25 Thread Erik Andersson
On 23/02/16 23:03, Paul Wouters wrote: On Mon, 22 Feb 2016, Erik Andersson wrote: Subject: [Swan] klips_error:ipsec_xmit_encap_init right=10.48.28.60 left=10.48.28.70 rightsubnet=2001:470:dc8c:5000::/64 leftsubnet=2001:470:dc8c:4000::/64

[Swan] klips_error:ipsec_xmit_encap_init

2016-02-22 Thread Erik Andersson
Hi all, I'm running libreswan 3.15 on centos 7. I'm trying to setup a IPv6-in-IPv4 tunnel according to the following configuration: version 2.0 config setup protostack=klips interfaces="ipsec0=eth0" conn mytunnel authby=secret right=10.48.28.60 left=10.

Re: [Swan] IPv6 host-to-host using klips

2015-10-13 Thread Erik Andersson
Hi Wolfgang, Thanks for the help! The kernel patch solved my host-2-host ipv6 tunnel issues. Cheers, /Erik On 10/12/2015 05:10 PM, Wolfgang Nothdurft wrote: Hi Erik, it seems that you hit the same problem that I had. This is a kernel bug, described here: https://bugs.libreswan.org/show_bu

Re: [Swan] IPv6 host-to-host using klips

2015-10-12 Thread Erik Andersson
Hi Paul, Thanks for the quick reply. On 10/09/2015 08:31 PM, Paul Wouters wrote: On Fri, 9 Oct 2015, Erik Andersson wrote: conn mytunnel left=2001:470:dc8c:1000::28:60 right=2001:470:dc8c:1000::28:70 connaddrfamily=ipv6 authby=secret auto=add When I try to bring up the

[Swan] IPv6 host-to-host using klips

2015-10-09 Thread Erik Andersson
Hi, Running libreswan 3.15 on Centos 7. I'm trying to setup a host-host tunnel between two IPv6 endpoints on the same subnet. Using the following configuration: config setup protostack=klips interfaces="ipsec0=eth0" conn mytunnel left=2001:470:dc8c:1000::28:60 right=2001:470: