Hi Daniel,
Finally, I could get this to work. Actually, I had both socket.o as
well as socket-raw.o files in my strongswan build directory. I sensed
there is some problem here.
I did `make clean` and rebuild the strongswan.(without disable pluto option).
And then I had only socket-raw.o file crea
ashish mahalka wrote:
> I checked the config.log in my host-2 machine.
>
> I did observe the following lines:
> USE_PLUTO_FALSE='#'
> USE_PLUTO_TRUE='' "
You said, you built strongSwan by yourself. Please check if you have the
file
strongswan-4.3.5/src/charon/socket-raw.o
You could also try de
Hello Daniel,
I did some more looking into this.
I have found something very strange :-
1. On a ipv4 system, charon always waits for data on raw sockets.(
whether pluto daemon is running or not)
2. On a ipv6 sysytem, charon always waits for data on sockets...which
i presume is UDP socket.(again
Hi Daniel,
I checked the config.log in my host-2 machine.
I did observe the following lines:
USE_PLUTO_FALSE='#'
USE_PLUTO_TRUE='' "
Please let me know if u need any other info.
regards,
Ashish
On 1/14/10, Daniel Mentz wrote:
> ashish mahalka wrote:
>> _Host-2_
>>
>> netstat --raw -a -p
>> A
ashish mahalka wrote:
> _Host-2_
>
> netstat --raw -a -p
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address Foreign
> Address State PID/Program name
>
Hi Ashish,
to me it looks like something is wrong with the charon bin
Hi Daniel,
Here are the logs that I have taken on both the hosts systems.
strings /usr/lib/ipsec/charon | grep "waiting for data on raw socket"
host1 - it printed the string
host2 - no output.
*Host-2*
netstat --raw -a -p
Active Internet connections (servers and established)
Proto Recv-Q Send
ashish mahalka wrote:
> I might further add here that host1 has only ipv4 support whereas host2
> has both ipv4 and ipv6 support. I am not sure whether this information
> does matter in the creation of the sockets for charon.
I remember that there was some kind of problem related to ipv4 and ipv
I might further add here that host1 has only ipv4 support whereas host2 has
both ipv4 and ipv6 support. I am not sure whether this information does
matter in the creation of the sockets for charon.
>
> i haven't specified any option which says that charon is compiled for raw
> sockets.
> May be yo
Hi Daniel,
I have complied strongswan on both the host machines. I have not used
-disable pluto option when running ./configure command.
"Use the following command to find out whether you compiled charon for raw
sockets.
strings /usr/lib/ipsec/charon | grep "waiting for data on raw socket"
i h
Hi Ashish,
I examined the log files. Here's what I think happens:
host2 (10.10.10.5) initiates a connection to host1 (10.10.10.2).
host1 sends a packet back to host2 in response.
For some reason, this response packet does not reach charon on host2.
What you are saying is that the problem does no
Hi Daniel/Andreas,
Can you please have a look at these logs and tell me why ikev2 is not
working with plutostart=yes ?
It is kind of urgent and it will be really nice of you guys to provide
comments on it.
Thanks in advance!
regards,
Ashish.
On Mon, Jan 11, 2010 at 1:56 PM, ashish mahalka wro
ashish mahalka wrote:
> Strongswan runs at the other end. i m not sure whether the packets where
> reaching the other end or not. But one thing is sure, there was no
> response from strongswan on the other end.
I'm afraid you have to find out whether the packets make it to the other
end. Are yo
Hello Daniel,
Strongswan runs at the other end. i m not sure whether the packets where
reaching the other end or not. But one thing is sure, there was no response
from strongswan on the other end.
Let me know if you require some new info.
regards,
Ashish
On Thu, Jan 7, 2010 at 12:12 AM, Daniel
ashish mahalka wrote:
> One more thing I wanted to ask : if I don't know the DN of the peer
> certificate, can i mention my rightid as %any (as I have done here)
I guess the trick is not to include rightid= at all.
In the log file you provided I can see charon retransmitting the initial
message
Hi Daniel/Andreas
Here is the charon log file for the ikev2 case.
This is the ipsec.conf that I am using.
config setup
strictcrlpolicy=no
plutodebug=none
plutostart=yes
charonstart=yes
charondebug="dmn 2, mgr 2, ike 2, chd 2, job 2, cfg 2, knl 2, net 2,
lib
Hi Daniel,
I dont have the logs currently with me. I can send it tomorrow. Is there any
specific charon log that u are looking for ?
Currently in my ipsec.conf this is what I have:
charondebug="dmn 2, mgr 2, ike 2, chd 2, job 2, cfg 2, knl 2, net 2, lib 2"
regards,
Ashish.
On Mon, Jan 4, 2010 a
ashish mahalka wrote:
> Basically the requirement is like there are two conn sections in ipsec.conf.
> One conn uses IKEv1 and the other uses IKEv2.
> Is it possible for the host strongswan to have IKEv1 and IKEv2 SA
> simultaneously with other strongswan peers ?
Yes, that is indeed possible.
Plea
Hello Andreas,
I tried to set up IKEv2 SA with plutostart=yes in the config section of
ipsec.conf. I know to set up IKEv2 only charon daemon is required but with
plutostart=yes, I cannot establish IKEv2.
Basically the requirement is like there are two conn sections in ipsec.conf.
One conn uses IK
18 matches
Mail list logo