Hi List,
- strongswan version 5.5.3
- I have to use kernel_libipsec (because of Openssl FIPS validated crypto).
- Must support local traffic selector does not include any local IP addr.
Expand on the last bullet:
- Peer's IP addr is 192.168.0.2, remote traffic selector 172.16.0.0/24
- My node
Hi Tobias,
After customer added roam_events = no in config file,
problem still occurs on most of the tunnels.
It would seems MOBIKE tasks are not caused by interface up/down.
Can you tell what events can trigger activation of MOBIKE task?
I saw these in customer's syslog:
- sending DPD
Greetings,
One of our remote devices was broken and gone offline a month ago. Couple
days ago when we tried to bring up the replacement, failed to setup child
because the subnets were (and still are) in use.
ipsec status shows:
. . .
originalclient[4099]: ESTABLISHED 33 days ago,
http://www.pfoetchenwelt.com/ncoj//berg/uw/dly/mnw/glm/bbwwf/eg/udng
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
Greetings,
My versions:
- Debian 6.0.5
- kernel 3.0.23
- StrongSwan 4.4.1
In a large system test, I have one box serving 1000 road warriors. (Those 1000
road warriors are faked by another Linux box with 1000 leftid's, 1000 traffic
selectors and 1000 ip aliases.)
After running for 2.5 days,
Hi Andreas,
Is AES-GMAC a recent addition to StrongSwan? Is it supported in version 4.4.1?
I searched for GMAC support earlier and found a post from you (back in 2009 I
think) stating aes-gmac is not supported because the kernel does not support it
and AH does not survive NAT-T.
Regards,
Simon
Hi Tobias,
Wow! I just posted the problem yesterday and the fix is ready this morning.
Much appreciate your effort.
Simon
From: Tobias Brunner tob...@strongswan.org
To: Simon Chan simon.ch...@yahoo.ca
Cc: users@lists.strongswan.org users@lists.strongswan.org
Dear list:
Our customer running StrongSwan 4.6.1 want to setup two external interfaces in
their VPN gateway, one for cellular and one for wi-fi.
They reported that the road warriors can only switch once. Subsequent attempts
to switch back to the initially connected interface won't work.
We
Greetings,
Just plowed through RFC 4555 and 4621 for guidance. The spec says put the
currently used address in the IP header
and the rest as additional addresses. Thus excluding me in the
additional_addresses list is correct.
But there is this sentence in rfc4621, section 6.4:
To support
Hi Tobias,
Many thanks for the detailed explanation. Your proposed solution is a good fit
for our system.
Simon
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
right=%any?
Thank you again for your help.
Simon
From: Tobias Brunner tob...@strongswan.org
To: Simon Chan simon.ch...@yahoo.ca
Cc: users@lists.strongswan.org users@lists.strongswan.org
Sent: Wednesday, February 8, 2012 2:35:33 AM
Subject: Re: [strongSwan
Hi all,
I am running StrongSwan 4.6.1 in Debian 6.0.3.
There is one IKEv1 conn and one IKEv2 conn. The IKEv1 cipher suites:
ike=aes128-md5!
esp=aes128-md5!
pfs=yes
The IKEv2 cipher suites are almost identical except IKE has dh-group:
ike=aes128-md5-modp1536!
esp=aes128-md5!
The
Greetings,
I am running tests with User-Mode Linux. I face the problem that if I start
both pluto and charon then charon can never establish connection. Tcpdump at
both
ends indicate the response does come back but charon just can't receive it.
I can also
see in syslog that pluto is receiving
involve logging.
Now if the listeners try to acquire the other mutexes, deadlock.
Perhaps the loggers should be put in a separate linked list, separated from the
dynamic listeners?
Thanks again for your help.
Simon
From: Martin Willi mar...@strongswan.org
To: Simon
Hi all,
I posted this question last month and Martin Willi gave me the following advise:
attach gdb and run thread apply all bt
I got lucky and caught the problem happening in our lab. It is a case 2 threads
in deadlock because they each hold the mutex needed by the other thread. The
backtrace
Greetings,
Appreciate if someone can give me a hand to track down a hard to reproduce
freeze up problem.
When the problem occurs, support staffs can remote login and the system appears
normal in cpu load, disk usage and memory usage. Only charon appears dead. ps
aux shows charon is in 'S'
Greetings,
Seeking advise on how to debug a recurring problem - charon appears to be
frozen.
Symptoms:
-
- Tunnels already established remained operational but no new connection
accepted. We verified with tcpdump that connection requests arrive at the box
(a Vyatta VM) but
Greetings,
I am a newbie in IPSEC. My situation is that charon would crash from time to
time and the tunnels would stay down until manual intervention (either ipsec
restart or ipsec reload). What I want to do is to make a change in the code
to similate the ipsec restart/reload effect.
Brunner tob...@strongswan.org
To: Simon Chan simon.ch...@yahoo.ca
Cc: users@lists.strongswan.org
Sent: Friday, July 29, 2011 3:20 AM
Subject: Re: [strongSwan] unable to install source route if node has two WAN
ports
Hi,
* A minor detail: the route default via 6.6.6.x dev eth2 appears
Greetings everyone,
Back in Dec 2009 Johannes RuBek wrote:
Hello Guys,
I've nailed the problem down to our second wan interface.
We have two interfaces connected to the internet and therefore two
default routes.
eth4 which is connected via SDSL and ppp0 which is connected to ADSL.
eth4 is the
20 matches
Mail list logo
