Hi Tobias,
I have tried the same steps on centos 6.2, There aren't *unable to copy
replay state from old SAD entry *logs, and ping to right subnets pass after
the pc interface is updated.
Below is the pc information for centos 6.2
*lsb_release -a*
*LSB Version:
:core-4.0-ia32:core-4.0-noarch:gr
Hi Tobias,
Thanks for your reply
My pc is Centos 5.9
*lsb_release -a*
*LSB Version:
:core-4.0-ia32:core-4.0-noarch:graphics-4.0-ia32:graphics-4.0-noarch:printing-4.0-ia32:printing-4.0-noarch*
*Distributor ID: CentOS*
*Description:CentOS release 5.9 (Final)*
*Release:5.9*
*Codename:
Hi Amy,
> Is this error cause ping fail?
> error uninstalling route installed with policy
> 192.168.168.0/24 === 172.16.1.20/32 fwd
That's normal. Because the interface that was referenced in this route
(eth1) disappeared, the route was already removed by the kernel when
charon eventually tries
Hi all,
I'm using strongswan to do IKEv2 Mobike. The ipsec.conf is
*config setup*
*strictcrlpolicy=no*
* # charonstart=yes*
* # plutostart=no*
*conn %default*
*ikelifetime=28800s*
*keylife=28800s*
*rekeymargin=3m*
*keyingtries=3*
*keyexchange=ikev2*
*ike=3des-sha1
Yeah, either the default des plugin or the openssl plugin is required.
The gmp plugin just covers the RSA and Diffie-Hellman public key
algorithms.
Andreas
On 08/21/2014 03:10 PM, Thomas Egerer wrote:
>>> Can anyone please respond to this email? Note that, I am using default
>>> gmp library and l
Hello *,
On 08/21/2014 12:16 PM, Andreas Steffen wrote:
> Hi Chinmaya,
>
> I configured a VPN setup with ike=des-sha1-modp768! using
> strongSwan 5.2.0 but I could not reproduce your problem.
> My IKEv2 connection just came up nicely, even though the chosen
> cipher suite gives me goose bumps.
>
Hi Chinmaya,
I configured a VPN setup with ike=des-sha1-modp768! using
strongSwan 5.2.0 but I could not reproduce your problem.
My IKEv2 connection just came up nicely, even though the chosen
cipher suite gives me goose bumps.
Best regards
Andreas
On 08/21/2014 04:31 AM, Chinmaya Dwibedy wrote:
Hi Noel,
> I use bypass policies and just found out that strongSwan installs those with
> a lower priority than the tunnel policies.
> So bypass policies don't actually work some times.
The Linux kernel actually prefers policies with lower priorities (by
their numeric value).
> In this particul