[strongSwan] Parallel crypto questions on Centos 7

2016-10-31 Thread Eric Germann
Hello all, I’m working through trying to parallelize crypto as found in https://wiki.strongswan.org/projects/strongswan/wiki/Pcrypt Running Centos 7 HVM AMI in AWS supplied by the Centos project. Linux ip-100-125-0-18.ec2.internal 3

Re: [strongSwan] ipsec routes removed when interface down and not reinstated

2016-10-31 Thread Alexander Hill
Hi Tobias, Sounds promising - would assigning the virtual IP to the loopback interface "just work" with no extra configuration? Are there any downsides to doing this? Thanks, Alex On Mon., 31 Oct. 2016 at 9:56 pm, Tobias Brunner wrote: > Hi Alex, > > > But when there's no immediate path, e.g. i

Re: [strongSwan] ipsec routes removed when interface down and not reinstated

2016-10-31 Thread Tobias Brunner
Hi Alex, > But when there's no immediate path, e.g. if the only network adapter has > a cable unplugged or if switching WiFi networks takes too long, the > route is deleted and when an interface comes back up, it isn't re-added. The latter should be the case if an interface that was down is activ

Re: [strongSwan] ipsec routes removed when interface down and not reinstated

2016-10-31 Thread Alexander Hill
Hi Tobias, thanks for taking the time. I do see the relevant log messages in the case of switching interfaces, and when there's another path for the tunnel to take, everything works including MOBIKE. But when there's no immediate path, e.g. if the only network adapter has a cable unplugged or if

[strongSwan] Seeking strongSwan consultant/developer for OpenWRT

2016-10-31 Thread Ehsan Minachi
Hello list, We are seeking consultant/developer familiar with integration of openSwan and OpenWRT. If anyone is interested, please email me at ehsan.mina...@gmail.com Thank you, Ehsan ___ Users mailing list Users@lists.strongswan.org https://lists.str

Re: [strongSwan] StrongSwan not responding to DPD messages when modeconfig=push.

2016-10-31 Thread Tobias Brunner
Hi, > 1. Why does strongswan wait for the response in spite of assigning > the IP requested by client ? You configured `modeconfig=push`, so strongSwan pushed config attributes to the client and waits for a response. If that's not what the client expects change the config to `modeconfig=pull

Re: [strongSwan] ipsec routes removed when interface down and not reinstated

2016-10-31 Thread Tobias Brunner
Hi Alex, > All is working. I then unplug my network cable, wait a few seconds, and > plug it back in. Now table 220 is empty. The tunnel still says it's > connected, and I suppose it is - but because the route isn't there any > more, I get no traffic over the VPN. You should check the log with th

Re: [strongSwan] ipsec routes removed when interface down and not reinstated

2016-10-31 Thread Alexander Hill
Hi Noel, Just a followup to this: charon monitors changes to interfaces and IP addresses and tries to recover from any changes. If for example I unplug my network cable while a wifi connection is active, the route to the virtual subnet is removed by the kernel and re-added by charon on the correc