Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs

, Anand - Original Message - From: Tobias Brunner tob...@strongswan.org To: anand rao anandrao...@yahoo.co.in Cc: gowrishankar gowrishanka...@linux.vnet.ibm.com; users@lists.strongswan.org users@lists.strongswan.org Sent: Tuesday, April 10, 2012 3:57 PM Subject: Re: [strongSwan] Charon

Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs

bytes_i, 0 bytes_o, rekeying in 5 minutes   toevm2-psk{1}:   192.168.1.0/24 === 192.168.2.0/24 Please help me as this is leading to hanging of charon daemon.  Thanks, Anand - Original Message - From: gowrishankar gowrishanka...@linux.vnet.ibm.com To: anand rao anandrao...@yahoo.co.in

Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs

- From: Tobias Brunner tob...@strongswan.org To: anand rao anandrao...@yahoo.co.in Cc: users@lists.strongswan.org users@lists.strongswan.org Sent: Monday, March 19, 2012 9:17 PM Subject: Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs Hi Anand, conn %default

Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs

the redundant child SA issue on 4.3.6. Please suggest me in resolving this issue. Thanks, Anand - Original Message - From: Tobias Brunner tob...@strongswan.org To: anand rao anandrao...@yahoo.co.in Cc: users@lists.strongswan.org users@lists.strongswan.org Sent: Tuesday, March 20, 2012 2:25

[strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs

Hi, I am using strongswan 4.3.6 I have configured two peers to establish tunnel in tunnel mode. Here is configuration in  ipsec.conf  config setup     strictcrlpolicy=no     crlcheckinterval=180     plutostart=yes     charonstart=yes     nat_traversal=yes conn %default     ikelifetime=10m    

Re: [strongSwan] strongswan pki command error

private key failed I have attached caKey.der. Please help. Regards, Anand - Original Message - From: Andreas Steffen andreas.stef...@strongswan.org To: anand rao anandrao...@yahoo.co.in Cc: users@lists.strongswan.org users@lists.strongswan.org Sent: Friday, November 11, 2011 6:29 PM

Re: [strongSwan] strongswan pki command error

):reason(168):NA:0: 8193:error:0D07803A:lib(13):func(120):reason(58):NA:0:Type=RSA 8193:error:0D09A00D:lib(13):func(154):reason(13):NA:0: BR's Anand - Original Message - From: Andreas Steffen andreas.stef...@strongswan.org To: anand rao anandrao...@yahoo.co.in Cc: users@lists.strongswan.org

Re: [strongSwan] strongswan pki command error

Hi Andreas,    Please find the caKey.der attached. It was unreadable using cat command. Regards Anand - Original Message - From: Andreas Steffen andreas.stef...@strongswan.org To: anand rao anandrao...@yahoo.co.in Cc: users@lists.strongswan.org users@lists.strongswan.org Sent: Friday

[strongSwan] strongswan pki command error

Hi, I am using strongswan 4.3.6 I have tried generate certificates using strongswan PKI gen tool to generate RSA certificate. I am getting below errors. root@evm1gw:/etc/cert# ipsec pki --gen caKey.der root@evm1gw:/etc/cert# root@evm1gw:/etc/cert# ipsec pki --self --in caKey.der --dn

[strongSwan] StrongSwan openssl plugin issue

Hi, I have configured StrongSwan with --enable-openssl and --enable-kernel-pfkey. My setup consists of two hosts connected back to back and tunnel configured for transport mode. from one host I am running a script in a loop in which i am doing ipsec up conn-host-host sleep 2 ipsec down

[strongSwan] charon and pluto unresponsive after stress testing with ipsec up and ipsec down in a loop

Hi, I am using strongswan 4.3.6. I have configured two peers to establish tunnel in transport mode. from one peer I am running a script in a loop in which i am doing ipsec up example sleep 5 ipsec down example sleep 5 For some time tunnel up/down happening successfully. After a while I am

[strongSwan] strongswan 4.3.6 IKEv1 not working for 3des-sha1

Hi, I am trying to establish tunnel in transport mode between two hosts. I am using strongswan 4.3.6 on both sides. when I use default configuration or AES algorithm, tunnel establishes successfully. But if I use 3des algorithm (ike=3des-sha1-modp1536) I am getting following errors. Nov

Re: [strongSwan] strongswan 4.3.6 IKEv1 not working for 3des-sha1

I am using openssl plugin for crypto. result of ipsec statusall is 000 Status of IKEv1 pluto daemon (strongSwan 4.3.6): 000 interface eth2/eth2 fec0::ef01:500 000 interface eth0/eth0 fec0::ee01:500 000 interface lo/lo ::1:500 000 interface lo/lo 127.0.0.1:500 000 interface eth0/eth0 1.1.1.1:500

[strongSwan] pluto uses which kernel interface

Hi, From the mailing list I found out that PLUTO doesn't have support for PFKEYv2 kernel interface. Can you please let me know which interface does PLUTO uses to communicate with XFRM (kernel). I am using strongswan 4.3.6 version. Thanks -Anand

[strongSwan] IKEv2 fallback to IKEv1

Hi, Is IKEv2 fallback to IKEv1 supported in strongswan4? Here is my configuration Host1 running both charon and pluto daemons. both has the same connection defined in ipsec.conf, for conn1 keyexchange=ikev2 and conn2 keyexchange=ikev1. Host2 running only pluto deamon and keyexchange=ikev1. In

[strongSwan] unable to allocate SPI's From kernel

Hi, I am trying a host to host IKE v2 setup. I am facing following error whenever i tried to do ipsec up host-host initiating IKE_SA host-host[1] to 192.168.0.2 generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] sending packet: from 192.168.0.1[500] to