[strongSwan] Using Strongswan as an IKEv2 daemon

2012-03-21 Thread Deepika Agarwal
Hello All, I'm trying to use Strongswan as a IKEv2 daemon (i.e charon) and add the policies via setkey at runtime. Is that allowed with Strongswan? As per my test results, though I'm able to flush the policies added by Strongswan using setkey, but strongswan doesn't takes into account the

[strongSwan] reconnect with dpd on strongswan 4.6.1

2012-03-21 Thread Andreas Muerdter
Hi list I connect to strongswan 4.6.1 with a mobile vpn client and if the internet connection is sudden broken, I can not reconnect until strongswan declair the connection as dead. In this case I need to wait 180 seconds. I configured the connection with ModeCfg and rightsourceip. When I

Re: [strongSwan] Using Strongswan as an IKEv2 daemon

2012-03-21 Thread Andreas Steffen
Hello Deepika, please have a look at our Mobile IPv6 scenario http://wiki.strongswan.org/projects/strongswan/wiki/MobileNodeSetup where the MIPv6 daemon installs the policy. With the ipsec.conf option installpolicy=no you can prevent the charon daemon from installing and deleting IPsec

Re: [strongSwan] charon: [15]CFG trap not found, unable to acquire reqid 0

2012-03-21 Thread Vilhelm Jutvik
Hello Gowri, this seems to be the same problem (however I cannot confirm that SIGSEGV is the culprit in my case). I saw that you hadn't been able to reproduce the error on x86. My error occurred on x86 while running on virtualized hardware (virtual box). Sincerely, Vilhelm Jutvik 2012/3/21

Re: [strongSwan] charon: [15]CFG trap not found, unable to acquire reqid 0

2012-03-21 Thread Tobias Brunner
Hi Vilhelm, It works though if you limit the debugging level and / or the number of debugging options. I've reproduced this several times just to be sure. Why is this? The problem line was (in full): charondebug=asn 3,knl 3,mgr 3,ike 3,chd 3,net 3,enc 3 It works if you change it so (e.g.)

Re: [strongSwan] charon: [15]CFG trap not found, unable to acquire reqid 0

2012-03-21 Thread Vilhelm Jutvik
No, there was no such message in my logs. Furthermore, the starter process didn't die. You had to kill it manually, remove the PID file and then type ipsec start again. I think I suffered from the same problem as experienced by Gowri. Regards, Ville 2012/3/21 Tobias Brunner

Re: [strongSwan] charon: [15]CFG trap not found, unable to acquire reqid 0

2012-03-21 Thread gowrishankar
Hi Vilhelm, On Wednesday 21 March 2012 03:24 PM, Vilhelm Jutvik wrote: Hello Gowri, this seems to be the same problem (however I cannot confirm that SIGSEGV is the culprit in my case). So, can you check/paste what is happening while ENC parsing IKE_SA_INIT response for SA payload. You can

[strongSwan] reccomendation for linux kernel currently on 2.6.18-274.el5

2012-03-21 Thread Shukla, Sanjay
Planning to run Strongswan on RHEL 5.7 2.6.18-274.el5. Do you recommend any necessary or critical updates to the kernel for running Strongswan for a simple X.509 cert authentication based Charon configuration. Regards, -sanjay [cid:tree5ea6.png]Please consider the environment before printing