[strongSwan] Two connections to the same endpoint

to avoid problems. But, I'm not sure, because the second one is included in the first one and may be the problem is the same. Will that work? Regards, Diego -- Diego Woitasen ___ Users mailing list Users@lists.strongswan.org https

[strongSwan] Packet loss on rekeying

-- Diego Woitasen ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] Packet loss on rekeying

On Mon, Sep 17, 2012 at 5:23 PM, Diego Woitasen di...@woitasen.com.ar wrote: Hi, I'm testing my Strongswan installation and I discover that I have packet loss on rekeying. I set this values to reproduce the problem: ikelifetime=60s lifetime=30s rekeymargin=20s rekeyfuzz=0% And every

Re: [strongSwan] Packet loss on rekeying

suggest you try the same test with ikeliftime=10min (lifetime=30s) and verify this is the issue. If you use IKEv2 and reauth=no then you may avoid this problem. On Mon, 2012-09-17 at 17:23 -0300, Diego Woitasen wrote: Hi, I'm testing my Strongswan installation and I discover that I have

[strongSwan] deleting IKE_SA: what's the reason?

enabled but I don't see the message giving up... and I don't see the message received stroke... about the connection lost and I don't see the rekeying messages. Is there an aditional way to discover why Charon is deleting IKE SAs? Regards, Diego -- Diego Woitasen

[strongSwan] leftid in non-default conn ignored

=== 10.12.160.254/32 , dpdaction=clear If I move leftid to %default, statusall is: LabMPLS-site1: local: [site1.example.com] uses public key authentication Is this intentional or is it a bug? I was trying to use differents leftids for each connection. Regards, Diego -- Diego Woitasen

Re: [strongSwan] Charon doesn't set the routes

.  Please update to at least 4.5.0 to fix this. Regards, Tobias Yes, you are right. The bug was fixed in Openswan 4.5.2 from Debian backports. Thanks! -- Diego Woitasen ___ Users mailing list Users@lists.strongswan.org https

Re: [strongSwan] establish secure connection without ike

mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users Yes, it's possible. Not a good idea but possible. Have a look to the ip xfrm command o use ipsec-tools (and the setkey command). Regards, Diego -- Diego Woitasen

Re: [strongSwan] establish secure connection without ike

guidance On Sat, Oct 1, 2011 at 10:33 PM, Diego Woitasen di...@woitasen.com.ar wrote: On Sat, Oct 1, 2011 at 2:30 PM, nima chavooshi nima0...@gmail.com wrote: hi first of all excuse me for dummy question. When I started to reading about IPSsec, i have understand that ike is for generate

Re: [strongSwan] Charon doesn't set the routes

On Fri, Sep 30, 2011 at 8:12 AM, Diego Woitasen di...@woitasen.com.ar wrote: Hi,  I have the configure below. I don't know why Charon doesn't set the routes after SA establishment. It's a net-to-net tunnel and works perfectly for hosts behind the gateway but if I want to connect from one