> Hi Emeric,
>
>> To be more specific:
>> - what happens exactly if it is enabled only on one side?
>
> It only has an effect on the peer that initiates the reauthentication.
> Enabling it on a host that's always responder has no effect at all.
What happens on strongSwan>=5.3.0 if the peer that
Hi,
I have some issues with a site to site tunnel with two dynamic
endpoints. One side almost never changes IP-adress (it is DHCP however),
the other side changes more frequently. Both endpoints IP-adresses are
using dynamic DNS and have a corresponding domain name associated at all
times.
Hi everyone,
I have a problem and can not find a solution for it.
Following configuration is set up:
host a
ipsec.conf:
_config setup_
_ uniqueids=yes_
_ cachecrls=yes_
_conn proxy_
_ ikelifetime=7800_
_ keylife=7800_
_ rekeymargin=30m_
_ keyingtries=5_
_ keyexchange=ike_
_ authby=secr
hi fellas
a novice here, whois reading up but was hoping someone
knowsalready and can shed some light on..
how to, if possible at all, have a client that calls out to
a server(site) and that client would route(nat) other nodes
on it's local lan to the site(server)?
I'd only hope that if pos
On 20/07/17 21:57, Karl Denninger wrote:
That can be made to work provided you do not need inbound
connections to things on the client side.
exactly like that.
How to even phrase a query to find docs/howtos on such a setup?
Or, tips on setup/config much appreciated - I have a working
cli
On 7/20/2017 16:46, peljasz wrote:
>
>
> On 20/07/17 21:57, Karl Denninger wrote:
>>
>> That can be made to work provided you do not need inbound connections
>> to things on the client side.
>>
>>
> exactly like that.
> How to even phrase a query to find docs/howtos on such a setup?
> Or, tips on
how to, if possible at all, have a client that calls out to a
server(site) and that client would route(nat) other nodes on it's
local lan to the site(server)?
>> How to even phrase a query to find docs/howtos on such a setup?
>> Or, tips on setup/config much appreciated - I have a w
Okey, so I just did a forced release/renew on the same endpoint, dynamic
DNS updated shortly the new IP (ttl 5 min) and after like 10 min or so
another endpoint reconnected again (a fortigate, I have two endpoints),
however the troubling endpoint (also strongswan) havent connected yet.
When lo
On 20/07/17 22:57, Karl Denninger wrote:
On 7/20/2017 16:46, peljasz wrote:
On 20/07/17 21:57, Karl Denninger wrote:
That can be made to work provided you do not need
inbound connections to things on the client side.
exactly like that.
How to even phrase a query to find docs/howtos o
On 7/20/2017 17:30, peljasz wrote:
>
>
> On 20/07/17 22:57, Karl Denninger wrote:
>>
>> On 7/20/2017 16:46, peljasz wrote:
>>>
>>>
>>> On 20/07/17 21:57, Karl Denninger wrote:
That can be made to work provided you do not need inbound
connections to things on the client side.
>
Actually I just need the interfaces so OSPF is happy.
After wasting some more hours of time with VTIs, I decided to try GRE
and well... it just works. :)
Though I have heard and read that GRE is considered quite a dirty protocol.
I also heard that Libreswan provides better support for VTIs than
On 20/07/17 23:37, Karl Denninger wrote:
On 7/20/2017 17:30, peljasz wrote:
On 20/07/17 22:57, Karl Denninger wrote:
On 7/20/2017 16:46, peljasz wrote:
On 20/07/17 21:57, Karl Denninger wrote:
That can be made to work provided you do not need
inbound connections to things on the c
12 matches
Mail list logo
