bnets and will make the traffic selector different to avoid
problems. But, I'm not sure, because the second one is included in the
first one and may be the problem is the same.
Will that work?
Regards,
Diego
--
Diego Woitasen
___
Users
ou try the same test with ikeliftime=10min (lifetime=30s) and
> verify this is the issue.
>
> If you use IKEv2 and reauth=no then you may avoid this problem.
>
>
> On Mon, 2012-09-17 at 17:23 -0300, Diego Woitasen wrote:
>> Hi,
>> I'm testing my Strongswan install
On Mon, Sep 17, 2012 at 5:23 PM, Diego Woitasen wrote:
> Hi,
> I'm testing my Strongswan installation and I discover that I have
> packet loss on rekeying. I set this values to reproduce the problem:
>
> ikelifetime=60s
> lifetime=30s
> rekeymargin=20s
> rekeyfuzz=
s,
Diego
--
Diego Woitasen
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
I have DPD
enabled but I don't see the message "giving up..." and I don't see the
message "received stroke..." about the connection lost and I don't see
the rekeying messages.
Is there an aditional way to discover why Charon is deleting
MPLS-site1: child: 10.0.0.0/8 === 10.12.160.254/32 , dpdaction=clear
If I move leftid to "%default", statusall is:
LabMPLS-site1: local: [site1.example.com] uses public key authentication
Is this intentional or is it a bug?
I was trying to use differents leftids for each connecti
ile installing the policy
> and later when installing the route and checking the mode it's not the
> original mode that is compared. Please update to at least 4.5.0 to fix this.
>
> Regards,
> Tobias
>
>
Yes, you are right. The bug was fixed in Openswan 4.5.2 from Debi
Thanks for your guidance
> On Sat, Oct 1, 2011 at 10:33 PM, Diego Woitasen
> wrote:
>>
>> On Sat, Oct 1, 2011 at 2:30 PM, nima chavooshi wrote:
>> > hi
>> > first of all excuse me for dummy question.
>> > When I started to reading about IPSsec, i have
___
> Users mailing list
> Users@lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
Yes, it's possible. Not a good idea but possible. Have a look to the
"ip xfrm" command o use ipsec-to
On Fri, Sep 30, 2011 at 1:52 PM, Diego Woitasen wrote:
> On Fri, Sep 30, 2011 at 8:12 AM, Diego Woitasen wrote:
>> Hi,
>> I have the configure below. I don't know why Charon doesn't set the
>> routes after SA establishment. It's a net-to-net tunnel and wor
On Fri, Sep 30, 2011 at 8:12 AM, Diego Woitasen wrote:
> Hi,
> I have the configure below. I don't know why Charon doesn't set the
> routes after SA establishment. It's a net-to-net tunnel and works
> perfectly for hosts behind the gateway but if I want to connect from
:9e:7f:52 brd ff:ff:ff:ff:ff:f
ip route show table 220:
[empty]
Regards,
Diego
--
Diego Woitasen
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
12 matches
Mail list logo