I'm using 5.5.2; my configs are here:
https://gist.github.com/sayotte/1fd19aba0043cb20821cde42535486d7
On startup, swanctl seems to load and then immediately unload the
private key associated with the "local" cert:
10[CFG] loaded RSA private key
10[CFG] unloaded private key with id
Hello Christian,
> Then I simulate a *varying delay* in the network cards and this seems to be
> the problem because when I make a ping between the two networks over vpn and
> internet latency is around*70ms (30ms deviation)*. The two servers have ping
> times around 32ms (3ms deviations).
On Thu, May 11, 2017 at 04:00:17PM +0200, Christian Hanster wrote:
> Hi all,
>
> at the moment I’m trying to optimize the network performance in a site-to-site
> setup (see config below). The connection is structured as follows
>
> <—> VPN-Router A <—> Internet (WAN) <—> VPN-Router B <—> b>
>
Hi Stephen,
On 11.05.2017 20:32, Stephen Ayotte wrote:
> The "Usable Examples"[1] page contains no swanctl examples at all; at
> the time I was looking at that I probably lacked sufficient
> understanding to see that the ipsec example (probably) represented
> what I needed, and I kept looking.
>
Thanks very much for the response / support here guys, I appreciate it.
@Noel, I'll give the host-to-host example you linked a try, that looks
right on the money.
On Thu, May 11, 2017 at 1:47 PM, Noel Kuntze
wrote:
>
> > In my defense regarding
Hi everyone,
Someone care to explain why this tunnel always fail after rekey?
It works again when I down and up the tunnel manually.
May 11 08:37:04 10[IKE] authentication of '137.135.x.x' with
pre-shared key successful
May 11 08:37:04 10[IKE] authentication of '85.24.x.x'
Hi Stephen,
On 11.05.2017 18:39, Stephen Ayotte wrote:
> Thanks Tobias!! That did the trick. Specifically I added this to the config
> flags:
> --disable-gmp --enable-openssl
>
> In my defense regarding that load statement, I was working from this example:
>
Thanks Tobias!! That did the trick. Specifically I added this to the config
flags:
--disable-gmp --enable-openssl
In my defense regarding that load statement, I was working from this
example: https://www.strongswan.org/testing/testresults/swanctl/frags-ipv4/
Everything's loading successfully
Hi Tobias,
Yes you are right. I was using version1. As soon as I switched to version 2
is began to work correctly.
Tested multiple subnet for both local_ts and remote_ts. Works as expected.
Thanks,
Guylain
On Thu, May 11, 2017 at 1:57 AM, Tobias Brunner
wrote:
> Hi
Hi all,
at the moment I’m trying to optimize the network performance in a site-to-site
setup (see config below). The connection is structured as follows
<—> VPN-Router A <—> Internet (WAN) <—> VPN-Router B <—>
The problem is that the network performance between networks a and b is only
Hi Stephen,
> but the local_addrs/remote_addrs/local_ts/remote_ts +
> start_action=trap in swanctl.conf looks like it should get the job done.
You can do the same thing with ipsec.conf.
> I was having trouble
> understanding how to ensure that swanctl.conf was being used and
> ipsec.conf being
First, please check my reasoning for using swanctl: I want ad-hoc
host-to-host transport level connections between all hosts which are A) in
the same subnet and B) have an X509 cert signed by the same CA. I don't see
a syntax that expresses this in ipsec.conf (only specific, known
endpoints), but
12 matches
Mail list logo