On Sat, Nov 10, 2018 at 11:17:36AM +, Houman wrote:
> I have attempted to limit the VPN speed to 10Mbit per user. But when I do a
> DSL speed test with two devices simultaneously, it seems that the total
> traffic
> is limited to 10Mbit/s instead rather than each device having 10Mbit/s on
>
On Thu, Nov 08, 2018 at 10:47:18AM +0530, Yogesh Purohit wrote:
> I was trying to decrypt IKEv1 packets using wireshark 2.6.
> For decryption of Ikev1 one needs Initiator cookie and encryption key. I have
> enabled log level for ike = 4 in strongswan.conf.
>
> I can see complete dump in log
On Fri, May 12, 2017 at 11:52:52AM +0200, Christian Hanster wrote:
> I measured connection speed without VPN and it is nearly 92 MBit/s Down and
> 10MBit/s upstream from the limiting side. So the connection between the two
> routers does not seem to be a problem.
Please check if your 10MBit/s
On Thu, May 11, 2017 at 04:00:17PM +0200, Christian Hanster wrote:
> Hi all,
>
> at the moment I’m trying to optimize the network performance in a site-to-site
> setup (see config below). The connection is structured as follows
>
> <—> VPN-Router A <—> Internet (WAN) <—> VPN-Router B <—> b>
>
On Mon, Jan 16, 2017 at 01:51:00AM +1100, Yudi V wrote:
> Got strongswan VPN on an openwrt gateway acting as the server. Openwrt router
> has two VLANS (say 192.168.1.0/24, 192.168.2.0/24), I used rightsourceip=%dhcp
> and let the remote peer get IP from 192.168.1.0/24.
>
> This works fine and I
Am Donnerstag, 24.11.16, 13:23 +0100 schrieb p...@daniel-pomrehn.de:
> I'm trying to connect a FritzBox to a Strongswan Linux Server.
> But I get the following error: no IKE config found for
> 138.201.84.186...77.11.69.219, sending NO_PROPOSAL_CHOSE
Please check the server's logfile for "received
On Tue, Jul 26, 2016 at 12:18:03PM +0530, Sarat Vajrapu wrote:
> [Sarat]: This is only a lab setup.
Yes, good idea to try this in the lab first.
> When a host on LAN1 communicates with the public internet in cleartext,
> is this traffic guaranteed to go through Gateway A?
>
> [Sarat]:
On Mon, Jul 25, 2016 at 03:25:24PM +0530, Sarat Vajrapu wrote:
> Hi Mirko,
>
> Thanks for the reply.
> I created loopback interface on each gateway and below is the required info:
> [...]
Hi Sarat,
Thank you for posting your configuration.
Please take a look at this example:
On Tue, Jul 05, 2016 at 05:40:43PM +0530, Sarat Vajrapu wrote:
> I am new to strongswan and trying to protect host-host traffic using ipsec
> tunnel mode. However I observe that only the traffic between endpoints are
> protected and not complete traffic.
>
> Topology:
>
> >>> --- GW_A
On Sun, Dec 13, 2015 at 10:55:46PM +0100, Jan Palus wrote:
> With kernel-netlink however I can achieve higher throughput with less
> CPU being used, but in that case SNAT seems to fail sometimes
> (connections are initiated correctly but "hang" after a while). Main
> difference is the lack of
On Mon, Apr 06, 2015 at 07:01:42PM +0200, Noel Kuntze wrote:
There is a graph[1] that describes the path of the traffic in the kernel.
Did you mean this one?
[1] http://inai.de/images/nf-packet-flow.svg
Regards
Mirko
___
Users mailing list
On Mon, Nov 25, 2013 at 04:24:45PM +, Will Wykeham wrote:
Using a packet sniffer on the gateway itself can give misleading results.
I'd recommend to either use a box separate from the gateway to monitor
the traffic, or read xfrm packet counters on the gateway with ipsec
statusall.
On Fri, Nov 22, 2013 at 05:52:21PM +, Will Wykeham wrote:
I've got a local subnet with statically assigned address - 10.65.112.0/22. One
of the devices is a linux box acting as a gateway with a PPP connection, it
has
a normal ethernet controller with address 10.65.112.69, and when the PPP
On Fri, Aug 30, 2013 at 01:26:42PM +0100, Kevin Palmer wrote:
However, it all looked great until I tried to actually communicate between
spokes.. I seem to be able to do pings and make connections to ports but when
I
try to put some traffic across the VPN I get problems. i.e. I can
On Wed, May 22, 2013 at 10:54:44AM -0400, Jonathan Zuilkowski wrote:
Hi folks. I'm trying to set up a vpn server for our customers and I'm kind of
flooded by a ton of disconnected info.
This is what I'm looking to do:
server centos 6.x
serve ikev2
pre shared secret password
clients
On Wed, Oct 17, 2012 at 02:17:27PM -0400, CJ Fearnley wrote:
On the netgear, I see
1970 Jan 2 22:33:25 [FVS336GV2] [IKE] Phase 1 negotiation failed due to time
up
^^
Looks like the system time is wrong.
Mirko
___
Users mailing
On Wed, Oct 03, 2012 at 04:37:31PM +0200, Tobias Brunner wrote:
* Both peers initiated an IKE SA and CHILD SAs based on these.
Why wasn't one of them deleted as a duplicate?
This issue showed up in about 50% of my experiments.
If both peers initiate the same IKE_SA within a small
On Sat, Jul 21, 2012 at 10:14:55AM -0700, Mark M wrote:
I got my strongSwan gateway up and running. It is sitting behind my FIOS
router
and acting as VPN gateway for roadwarrior/mobile clients. I thought everything
was working great until i noticed that some websites do not load. The first
On Thu, Nov 10, 2011 at 06:13:59PM +0100, Tobias Brunner wrote:
At 18:49:25, the route to 192.168.0.2 does exist,
but charon hasn't noticed it.
Well, charon does notice that the interface comes up again. But the
issue here is that the IP address doesn't change. What happens is that
Hello,
I can confirm that my previously reported bug was fixed
(route disappears on IP address change).
However, I found another problem, possibly related, which can be
reproduced as follows with Strongswan 4.6.0:
- setup the test scenario as in ikev2/net2net-cert (ignoring winnetou)
- replace
On Wed, Nov 09, 2011 at 06:14:05PM +0100, Tobias Brunner wrote:
Hi Mirko,
However, I found another problem, possibly related, which can be
reproduced as follows with Strongswan 4.6.0:
- setup the test scenario as in ikev2/net2net-cert (ignoring winnetou)
- replace the ethernet link
Hi,
using strongSwan 4.6.0rc2 with a test setup derived from ikev2/net2net-cert,
I tried to change the IP address of moon's external interface:
# ip addr del 192.168.0.1/24 dev eth0
# ip addr add 192.168.0.11/24 broadcast 192.168.0.255 dev eth0
Charon updated the policy and security associations
22 matches
Mail list logo