Hi Tobias,
On Wednesday 21 March 2012 12:44 AM, Vilhelm Jutvik wrote:
> Dear Tobias,
>
> thank you very much. I thought that charon was signalled by the IPsec
> stack's SPD when a new SA was to be negotiated, not that it itself set
> the policy.
>
> Your solution didn't work right away though. I f
Dear Tobias,
thank you very much. I thought that charon was signalled by the IPsec
stack's SPD when a new SA was to be negotiated, not that it itself set
the policy.
Your solution didn't work right away though. I found that "ipsec
start" only started the starter process and nothing more. It was n
Hi Tobias,
>
> I forgot about this yesterday, but this was actually a bug in 4.5.0.
> While charon detects that it is behind a NAT, and properly responds to
> requests, it does not update the port internally and still uses port 500
> for its own requests and for installing the SA in the kernel.
>
Hi Tobias,
I have already enabled both kernel-pfkey and kernel-netlink plugins. Both the
plugins are loaded.
This was suggested by Andreas for my earlier query about pfkey plugin usage
for IKEv1.
Since 4.5.3 is causing kernel-panic in my environment for unknown reasons, i
want to resolve
th
Hi,
I am trying to establish multiple IPsec Tunnels between Linux(strongSwan)
and Cisco Router using Load tester plugin, and I want to generate traffic
on each negotiated load-tester tunnel. Tools like 'iperf' need
configuration on both sides and are of no help since I cant configure it on
Cisco R
Hi Anand,
> On my environment there is no support for kernel-netlink interface
> for IPsec,
>
> I have to use kernel-pfkey interface only as I have my hooks
> registered in PFKEY to XFRM for IPsec.
>
> I have tried latest versions of strongswan (4.5.1 and 4.5.3) both
> resulted in kernel panic a
Hi Kim,
> Here are excerpts of the two log files. I tried to get similar time
> slot. I also added some further 'bits' where the behaviour seems a bit
> strange. Hope it helps.
Thanks for the logs.
> -- moon ipsec.log --
> Mar 19 16:12:07 moon charon: 14[NET] sending packet: from
> 192.168.2.17[
Hi Tobias,
Thanks for the reply and suggestion.
I have changed the tunnel config as below
conn %default
ikelifetime=20m
keylife=10m
rekeymargin=3m
But still the problem persists. I can still see lot of redundant SAs when
issued "ipsec statusall".
On my environment there is no