Hi All, got a bit of an issue - I've removed a user's certificate from my
ipsec gw (ikev2 rw setup), revoked their cert, updated the crl (put in
/etc/ipsec.d/crls/) and restarted ipsec but they are still able to connect
to my gateway.
Does anyone have any suggestions, this is pretty urgent!
Let m
1.0/24
$IPTABLES -t nat -A PREROUTING -s 172.16.0.0/24 -d 172.16.1.0/24 -j NETMAP
--to 192.168.6.0/24
$IPTABLES -t nat -A POSTROUTING -s 172.16.0.0/24 -d 192.168.6.0/24 -j NETMAP
--to 192.168.0.0/24
-------
On 24 March 2011 09:56, Russ Cox wrote:
> I've just done a few t
posed to get ESP-encrypted.
> Where do they end up?
>
> Andreas
>
> On 23.03.2011 17:52, Russ Cox wrote:
> > Hi Andreas,
> >
> > Thanks for the quick reply!
> >
> > I don't block anything at all outbound on either machine, plus the
> > OUTPUT c
firewall rules inserted with
> firewall=yes. Do you get any hits on the outbound rules?
>
> Regards
>
> Andreas
>
> On 03/23/2011 04:36 PM, Russ Cox wrote:
> > Hi All,
> >
> > I'm having a bit of a strange issue with a net-net vpn setup wher
Hi All,
I'm having a bit of a strange issue with a net-net vpn setup where packets
bound for the remote subnet don't appear to be getting encapsulated on
either gateway, I see no ESP packets other than those attributed with
existing functional tunnels.
I've tried tcpdumping on both endpoints, and
2010 08:53, Daniel Mentz
wrote:
> Russ Cox wrote:
>>
>> The tunnel has come up ok, but no traffic appears to be getting routed
>> through the tunnel.
>
> Hi Ross,
>
> could you please post the output of the following commands:
>
> ip -4 a s
> ip -4 r s t 0
2.0/24
dir in priority 2344
tmpl src YY.YY.YY.218 dst XX.XX.XX.248
proto esp reqid 16385 mode tunnel
src 172.16.102.0/24 dst 192.168.102.0/24
dir fwd priority 2344
tmpl src YY.YY.YY.218 dst XX.XX.XX.248
proto esp reqid 16385 mode tunnel
src
ultroute or to a static IP address for the IKEv1 case.
> left=%any is ok with IKEv2.
>
> Best regards
>
> Andreas
>
> Russ Cox wrote:
>
>> Hi all - I've managed to get a roadwarrior setup working using ikev2 and
>> x509 certs, which is great for Linux
I'll get there eventually! - in the meantime, if anyone can shed some
light on the DNS issue, I'd be most grateful.
Cheers!
Russ
Russ Cox wrote:
> Hi all,
> I'm trying to set up a strongswan gateway, behind a NAT router for
> roadwarrior use.
> I can initiate the connect
AC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
edba-nat{1}: INSTALLED, TUNNEL, ESP in UDP SPIs: cb98be4d_i c79a6ff9_o
edba-nat{1}: AES_CBC_128/HMAC_SHA1_96, rekeying in 11 minutes, last
use: no_i no_o
edba-nat{1}: 192.168.0.0/24 === 192.168.0.19/32
lister:/var/cache/apt/archives# ip r show tab
10 matches
Mail list logo
