Hello Noel ? can the gateway IP address be added to the list of variables, to be passed to the _updown script
-----Original Message----- From: Noel Kuntze [mailto:noel.kuntze+strongswan-users-ml@thermi.consulting] Sent: Thursday, May 04, 2017 8:59 AM To: Modster, Anthony <anthony.mods...@teledyne.com>; users@lists.strongswan.org Subject: [SUSPECT EMAIL: No Reputation] Re: [SUSPECT EMAIL: No Reputation] Re: [SUSPECT EMAIL: No Reputation] Re: [SUSPECT EMAIL: No Reputation] Re: [SUSPECT EMAIL: No Reputation] Re: [SUSPECT EMAIL: No Reputation] multiple tunnels Look for the list of variables in the large comments in the beginning of the updown script On 04.05.2017 17:48, Modster, Anthony wrote: > Hello Noel > ? can you provide the parameters I need to parse for up and down > > -----Original Message----- > From: Modster, Anthony > Sent: Thursday, May 04, 2017 8:47 AM > To: 'Noel Kuntze' <noel.kuntze+strongswan-users-ml@thermi.consulting>; > users@lists.strongswan.org > Subject: RE: [SUSPECT EMAIL: No Reputation] Re: [SUSPECT EMAIL: No > Reputation] Re: [SUSPECT EMAIL: No Reputation] Re: [SUSPECT EMAIL: No > Reputation] Re: [SUSPECT EMAIL: No Reputation] multiple tunnels > > ok > > -----Original Message----- > From: Noel Kuntze > [mailto:noel.kuntze+strongswan-users-ml@thermi.consulting] > Sent: Thursday, May 04, 2017 8:46 AM > To: Modster, Anthony <anthony.mods...@teledyne.com>; > users@lists.strongswan.org > Subject: [SUSPECT EMAIL: No Reputation] Re: [SUSPECT EMAIL: No > Reputation] Re: [SUSPECT EMAIL: No Reputation] Re: [SUSPECT EMAIL: No > Reputation] Re: [SUSPECT EMAIL: No Reputation] multiple tunnels > > 2. But you should check what event is it. And you obviously should tear down > the routes when the CHILD_SAs go down. > > On 04.05.2017 17:44, Modster, Anthony wrote: >> Hello Noel >> Just to be clear >> >> If using VICI, (1) do I attach the script during VICI config, or (2) >> run the script on the "event monitor" callback (when its called) >> >> -----Original Message----- >> From: Noel Kuntze >> [mailto:noel.kuntze+strongswan-users-ml@thermi.consulting] >> Sent: Thursday, May 04, 2017 8:40 AM >> To: Modster, Anthony <anthony.mods...@teledyne.com>; >> users@lists.strongswan.org >> Subject: [SUSPECT EMAIL: No Reputation] Re: [SUSPECT EMAIL: No >> Reputation] Re: [SUSPECT EMAIL: No Reputation] Re: [SUSPECT EMAIL: No >> Reputation] multiple tunnels >> >> >> >> On 04.05.2017 17:27, Modster, Anthony wrote: >>> Hello Noel >>> >>> If I disable route installation. >>> >>> ? can a custom _updown script be used to set the route for each >>> tunnel >> Phew. I think you can, but you have to take care not to install duplicate >> routes. The hook you need to put your commands into, is called with each >> combination of subnets. >> >>> ? or can the "event monitor" callback be used to set the route for >>> each tunnel >> Yes, if you use VICI. You can script something with Python using the vici >> egg. >> >>> -----Original Message----- >>> From: Noel Kuntze >>> [mailto:noel.kuntze+strongswan-users-ml@thermi.consulting] >>> Sent: Thursday, May 04, 2017 8:22 AM >>> To: Modster, Anthony <anthony.mods...@teledyne.com>; >>> users@lists.strongswan.org >>> Subject: [SUSPECT EMAIL: No Reputation] Re: [SUSPECT EMAIL: No >>> Reputation] Re: [SUSPECT EMAIL: No Reputation] multiple tunnels >>> >>> Nope. But you can disable the route installation from charon by setting >>> charon.install_routes to no. >>> You can't use the _updown script to manage routes. >>> >>> On 04.05.2017 17:17, Modster, Anthony wrote: >>>> Hello Noel >>>> >>>> ? is there a way to use _updown to set both routes (disabling >>>> Charon from setting the current route) >>>> >>>> -----Original Message----- >>>> From: Noel Kuntze >>>> [mailto:noel.kuntze+strongswan-users-ml@thermi.consulting] >>>> Sent: Thursday, May 04, 2017 4:12 AM >>>> To: Modster, Anthony <anthony.mods...@teledyne.com>; >>>> users@lists.strongswan.org >>>> Subject: [SUSPECT EMAIL: No Reputation] Re: [SUSPECT EMAIL: No >>>> Reputation] multiple tunnels >>>> >>>> Hello Anthony, >>>> >>>> I don't understand what you mean with that, but you could add a route to >>>> the remote peer with a higher MTU, if you can actually communicate over >>>> the other link with the IP on the other interface (the IP of another >>>> provider). If you can't do that, then this is not solvable. >>>> >>>> On 04.05.2017 02:02, Modster, Anthony wrote: >>>>> Hello Noel >>>>> We were thinking of changing the created via for eth1.13 (adding matric >>>>> info). >>>>> Then when ppp0 tunnel comes up, create another via for it. >>>>> >>>>> I think Charon does try to create a via for ppp0, but can't. >>>>> >>>>> -----Original Message----- >>>>> From: Noel Kuntze >>>>> [mailto:noel.kuntze+strongswan-users-ml@thermi.consulting] >>>>> Sent: Wednesday, May 03, 2017 4:45 PM >>>>> To: Modster, Anthony <anthony.mods...@teledyne.com>; >>>>> users@lists.strongswan.org >>>>> Subject: [SUSPECT EMAIL: No Reputation] Re: [SUSPECT EMAIL: No >>>>> Reputation] Re: [strongSwan] [SUSPECT EMAIL: No Reputation] Re: >>>>> [SUSPECT EMAIL: No Reputation] multiple tunnels >>>>> >>>>> Hello Anthony, >>>>> >>>>> As predicted, charon can't find an alternative network path: >>>>> >>>>> 2017 May 3 21:50:28+00:00 wglng-6 charon [info] 12[KNL] interface >>>>> eth1.13 deactivated >>>>> 2017 May 3 21:50:28+00:00 wglng-6 charon [info] 05[KNL] >>>>> 192.168.1.134 disappeared from eth1.13 >>>>> 2017 May 3 21:50:28+00:00 wglng-6 charon [info] 15[IKE] old path >>>>> is not available anymore, try to find another >>>>> 2017 May 3 21:50:28+00:00 wglng-6 charon [info] 15[IKE] looking for a >>>>> route to 76.232.248.210 ... >>>>> 2017 May 3 21:50:28+00:00 wglng-6 charon [info] 15[IKE] >>>>> reauthenticating IKE_SA due to address change >>>>> 2017 May 3 21:50:28+00:00 wglng-6 charon [info] 15[IKE] >>>>> reauthenticating IKE_SA sgateway1-gldl[1] >>>>> 2017 May 3 21:50:28+00:00 wglng-6 charon [info] 15[IKE] >>>>> reauthenticating IKE_SA sgateway1-gldl[1] >>>>> 2017 May 3 21:50:29+00:00 wglng-6 charon [info] 05[IKE] sending >>>>> DPD request >>>>> 2017 May 3 21:50:29+00:00 wglng-6 charon [info] 05[ENC] >>>>> generating INFORMATIONAL request 23 [ ] >>>>> 2017 May 3 21:50:29+00:00 wglng-6 charon [info] 05[NET] sending >>>>> packet: from 166.204.98.165[4500] to 76.232.248.210[4500] (96 >>>>> bytes) >>>>> 2017 May 3 21:50:29+00:00 wglng-6 charon [info] 13[NET] received >>>>> packet: from 76.232.248.210[4500] to 166.204.98.165[4500] (96 >>>>> bytes) >>>>> 2017 May 3 21:50:29+00:00 wglng-6 charon [info] 13[ENC] parsed >>>>> INFORMATIONAL response 23 [ ] >>>>> 2017 May 3 21:50:31+00:00 wglng-6 charon [info] 15[IKE] >>>>> retransmit >>>>> 1 of request with message ID 95 >>>>> 2017 May 3 21:50:31+00:00 wglng-6 charon [info] 15[NET] sending >>>>> packet: from 192.168.1.134[500] to 76.232.248.210[500] (96 bytes) >>>>> 2017 May 3 21:50:31+00:00 wglng-6 charon [info] 04[NET] error >>>>> writing to socket: Invalid argument >>>>> >>>>> It can't send any packets though, because the address 192.168.1.134 isn't >>>>> bound to any active interface. >>>>> >>>>> That ends with this: >>>>> >>>>> 2017 May 3 21:50:50+00:00 wglng-6 charon [info] 07[ENC] parsed >>>>> INFORMATIONAL response 33 [ ] >>>>> 2017 May 3 21:50:51+00:00 wglng-6 charon [info] 12[IKE] giving up >>>>> after 5 retransmits >>>>> 2017 May 3 21:50:51+00:00 wglng-6 charon [info] 12[IKE] looking >>>>> up interface for virtual IP 20.20.20.6 failed >>>>> 2017 May 3 21:50:51+00:00 wglng-6 charon [info] 12[IKE] >>>>> restarting CHILD_SA sgateway1-gldl >>>>> 2017 May 3 21:50:51+00:00 wglng-6 charon [info] 12[IKE] >>>>> initiating IKE_SA sgateway1-gldl[3] to 76.232.248.210 >>>>> 2017 May 3 21:50:51+00:00 wglng-6 charon [info] 12[IKE] >>>>> initiating IKE_SA sgateway1-gldl[3] to 76.232.248.210 >>>>> 2017 May 3 21:50:51+00:00 wglng-6 charon [info] 13[IKE] sending >>>>> DPD request >>>>> >>>>> This continues until the end of the log. The interface eth1.13 doesn't >>>>> come up in the logs after it was deactivated. >>>>> >>>>> The PCAPs are pretty useless, because they don't show the problem. But >>>>> ESP traffic indeed flows through the different network interfaces. >>>>> Hmh. Curious! I wonder why that is. >>>>> >>>>> On 04.05.2017 01:25, Modster, Anthony wrote: >>>>>> Hello Noel >>>>>> >>>>>> I am resending the message and for files are compressed. >>>>>> >>>>>> -----Original Message----- >>>>>> From: Modster, Anthony >>>>>> Sent: Wednesday, May 03, 2017 2:55 PM >>>>>> To: 'Noel Kuntze' >>>>>> <noel.kuntze+strongswan-users-ml@thermi.consulting>; >>>>>> users@lists.strongswan.org >>>>>> Subject: RE: [SUSPECT EMAIL: No Reputation] Re: [strongSwan] >>>>>> [SUSPECT >>>>>> EMAIL: No Reputation] Re: [SUSPECT EMAIL: No Reputation] multiple >>>>>> tunnels >>>>>> >>>>>> Hello Noel >>>>>> >>>>>> 1. let me know if any of the files are missing (s/b 3) 2. let me >>>>>> know if the log levels are ok (our settings were more than >>>>>> support >>>>>> required) >>>>>> >>>>>> The following test and its results will be sent to strongswan for >>>>>> eveluation. >>>>>> >>>>>> bring up ethernet eth1.13 >>>>>> when interface comes up start, tcpdump -i eth1.13 -w >>>>>> test_restart_eth113.dat >>>>>> note: ipsec tunnel will start >>>>>> wait for tunnel >>>>>> bring up ppp0 >>>>>> when interface comes up start, tcpdump -i ppp0 -w >>>>>> test_restart_ppp0.dat wait for tunnel disconnect ethernet >>>>>> note: ppp0 will stop communicating wait for ppp0 to recover >>>>>> (about >>>>>> 9 mins) >>>>>> >>>>>> log files: >>>>>> test_restart_eth113.dat >>>>>> test_restart_ppp0.dat >>>>>> test_restart_security_edit.log >>>>>> >>>>>> >>>>>> -----Original Message----- >>>>>> From: Noel Kuntze >>>>>> [mailto:noel.kuntze+strongswan-users-ml@thermi.consulting] >>>>>> Sent: Wednesday, May 03, 2017 1:37 PM >>>>>> To: Modster, Anthony <anthony.mods...@teledyne.com>; >>>>>> users@lists.strongswan.org >>>>>> Subject: [SUSPECT EMAIL: No Reputation] Re: [strongSwan] [SUSPECT >>>>>> EMAIL: No Reputation] Re: [SUSPECT EMAIL: No Reputation] multiple >>>>>> tunnels >>>>>> >>>>>> For each interface. >>>>>> >>>>>> On 03.05.2017 22:24, Modster, Anthony wrote: >>>>>>> Hello Noel >>>>>>> >>>>>>> Quick question, do you want the tcpdump capture for each interface, or >>>>>>> capture at the secure gateway side. >>>>>>> >>>>>>> -----Original Message----- >>>>>>> From: Noel Kuntze >>>>>>> [mailto:noel.kuntze+strongswan-users-ml@thermi.consulting] >>>>>>> Sent: Wednesday, May 03, 2017 12:08 PM >>>>>>> To: Modster, Anthony <anthony.mods...@teledyne.com>; >>>>>>> users@lists.strongswan.org >>>>>>> Subject: [SUSPECT EMAIL: No Reputation] Re: [SUSPECT EMAIL: No >>>>>>> Reputation] multiple tunnels >>>>>>> >>>>>>> Hello Anthony, >>>>>>> >>>>>>> On 03.05.2017 20:36, Modster, Anthony wrote: >>>>>>>> Each tunnel would be bound to a separate interface (eth1.13 and ppp0). >>>>>>>> Our application would open a socket for each tunnel end point, and >>>>>>>> bind to it (so there is no routing needed). >>>>>>> What kind of socket? Raw IP? >>>>>>> >>>>>>>> We verified that ESP packets are being sent from each application >>>>>>>> socket to the assigned interface. >>>>>>> Huh? Don't you mean "We verified that ESP packets are sent for each >>>>>>> packet that is emitted from the application socket to the assigned >>>>>>> interface"? >>>>>>> >>>>>>>> We verified that IKE packets are being sent to each interface from >>>>>>>> Charon. >>>>>>> This is very curious. Please verify that they are indeed sent out from >>>>>>> two different interfaces. >>>>>>> As I previously mentioned, routing decisions are made based on the >>>>>>> destination address, not the source address, so IKE packets for either >>>>>>> IKE_SA would traverse the same interface and use the same route, except >>>>>>> if you used policy based routing. >>>>>>> >>>>>>> Anyway, I require logs to figure out what happens exactly. Please >>>>>>> create them using the file logger definition from the HelpRequests[1] >>>>>>> page. >>>>>>> >>>>>>> Kind regards, >>>>>>> Noel >>>>>>> >>>>>>> [1] >>>>>>> https://secure-web.cisco.com/1j3GkDWiMC47CUy7JEZrTMFVOcm1wcAG1qj >>>>>>> U >>>>>>> D >>>>>>> 4 >>>>>>> e >>>>>>> j >>>>>>> w >>>>>>> TAGcl7Ie8pH_oYW3ermSmwJCHgfvbtGVlYFEBP8roXNFVxQH5MyW5aLMsU9pDAUS >>>>>>> x >>>>>>> y >>>>>>> z >>>>>>> C >>>>>>> A >>>>>>> s >>>>>>> lioVIyuREQoLk_-CP9Gus-3GQRkuDUOYzov0N5ZPq6tsv_2mW9NGMkRK-O3WZpWy >>>>>>> e >>>>>>> u >>>>>>> W >>>>>>> - >>>>>>> W >>>>>>> H >>>>>>> B5bGM1JBQu1w0xtwPy7ehB2hEZcy-cCyXQ/https%3A%2F%2Fwiki.strongswan. >>>>>>> o >>>>>>> r >>>>>>> g >>>>>>> % >>>>>>> 2 Fprojects%2Fstrongswan%2Fwiki%2FHelpRequests >>>>>>> >>>>>>>> ? does this sound ok >>>>>>>> I will send more after your response. >>>>>>>> >>>>>>>> -----Original Message----- >>>>>>>> From: Noel Kuntze >>>>>>>> [mailto:noel.kuntze+strongswan-users-ml@thermi.consulting] >>>>>>>> Sent: Wednesday, May 03, 2017 10:38 AM >>>>>>>> To: Modster, Anthony <anthony.mods...@teledyne.com>; >>>>>>>> users@lists.strongswan.org >>>>>>>> Subject: [SUSPECT EMAIL: No Reputation] Re: [strongSwan] >>>>>>>> [SUSPECT >>>>>>>> EMAIL: No Reputation] Re: multiple tunnels >>>>>>>> >>>>>>>> Hello Anthony, >>>>>>>> >>>>>>>> On 03.05.2017 19:24, Modster, Anthony wrote: >>>>>>>>> We are using two interfaces at once from same host to the same secure >>>>>>>>> gateway. >>>>>>>> Why? >>>>>>>> Why even two IKE_SAs? Just use one IKE_SA and have the two CHILD_SAs >>>>>>>> be managed under one. >>>>>>>> >>>>>>>>> root@wglng-6:~# ip route show >>>>>>>>> 10.64.64.64 dev ppp0 proto kernel scope link src >>>>>>>>> 166.204.4.61 >>>>>>>>> 192.168.1.0/24 dev eth1.13 proto kernel scope link src >>>>>>>>> 192.168.1.134 >>>>>>>>> Note: I did not show interfaces that are not applicable >>>>>>>>> >>>>>>>>> Both tunnels are up and were able to ping and send data thru the >>>>>>>>> tunnels. >>>>>>>>> root@wglng-6:~# swanctl --list-sas >>>>>>>>> sgateway1-radio0: #2, ESTABLISHED, IKEv2, 08173d8797a410eb_i* >>>>>>>>> 5fa1f29dce075fd4_r >>>>>>>>> local 'ra00...@teledyne.com' @ 166.204.4.61[4500] [20.20.20.9] >>>>>>>>> remote 'C=CA, O=Carillon Information Security Inc., OU=TEST, >>>>>>>>> OU=Devices, OU=Aircraft Operator Ground Stations, OU=Teledyne >>>>>>>>> Controls, CN=ELS-VPAPP-WGL08 - ID' @ 76.232.248.210[4500] >>>>>>>>> AES_CBC-256/HMAC_SHA2_512_256/PRF_HMAC_SHA1/ECP_256 >>>>>>>>> established 922s ago, rekeying in 43s, reauth in 2455s >>>>>>>>> sgateway1-radio0: #4, reqid 2, INSTALLED, TUNNEL-in-UDP, >>>>>>>>> ESP:AES_CBC-256/HMAC_SHA1_96 >>>>>>>>> installed 336s ago, rekeying in 211s, expires in 325s >>>>>>>>> in c2e01069, 1320 bytes, 33 packets, 6s ago >>>>>>>>> out e1c27d5f, 1452 bytes, 33 packets, 6s ago >>>>>>>>> local 20.20.20.9/32 >>>>>>>>> remote 10.100.20.15/32 >>>>>>>>> sgateway1-gldl: #1, ESTABLISHED, IKEv2, 00989cc440834937_i* >>>>>>>>> 5e3c5e4b5c1ec4cf_r >>>>>>>>> local 'ra00...@teledyne.com' @ 192.168.1.134[4500] [20.20.20.8] >>>>>>>>> remote 'C=CA, O=Carillon Information Security Inc., OU=TEST, >>>>>>>>> OU=Devices, OU=Aircraft Operator Ground Stations, OU=Teledyne >>>>>>>>> Controls, CN=ELS-VPAPP-WGL08 - ID' @ 76.232.248.210[4500] >>>>>>>>> AES_CBC-256/HMAC_SHA2_512_256/PRF_HMAC_SHA1/ECP_256 >>>>>>>>> established 1049s ago, rekeying in 150s, reauth in 2257s >>>>>>>>> sgateway1-gldl: #3, reqid 1, INSTALLED, TUNNEL-in-UDP, >>>>>>>>> ESP:AES_CBC-256/HMAC_SHA1_96 >>>>>>>>> installed 469s ago, rekeying in 104s, expires in 191s >>>>>>>>> in c45db512, 1880 bytes, 47 packets, 6s ago >>>>>>>>> out 77309eef, 2068 bytes, 47 packets, 6s ago >>>>>>>>> local 20.20.20.8/32 >>>>>>>>> remote 10.100.20.15/32 >>>>>>>>> >>>>>>>>> strongswan creates the following in table 220 root@wglng-6:~# >>>>>>>>> ip route show table 220 >>>>>>>>> 10.100.20.15 via 192.168.1.1 dev eth1.13 proto static src >>>>>>>>> 20.20.20.8 >>>>>>>>> >>>>>>>>> When we bring down eth1.13, the tunnel for ppp0 becomes unusable. >>>>>>>> What do you mean with "the tunnel for ppp0"? The interface is >>>>>>>> irrelevant. >>>>>>>> Packets are routed based on their destination. Charon does not pick >>>>>>>> two different paths for two different IKE_SAs to the same peer. >>>>>>>> >>>>>>>> Are you aware that charon uses one path for all the IKE_SAs to one >>>>>>>> peer? >>>>>>>> Charon should choose another path to the remote peer, if there is one >>>>>>>> (and the "src" parameter of the corresponding route allows that). I >>>>>>>> guess your routing table doesn't allow that. >>>>>>>> >>>>>>>> Please provide logs that show the problem. >>>>>>>> >>>>>>>>> We think the problem is that ppp0 does not have a via in table 220. >>>>>>>> Irrelevant. See above. >>>>>>>> >>>>>>>>> If you need more information, let me know. >>>>>>>>> >>>>>>>>> Thanks >>>>>>>>> >>>>>>>>> -----Original Message----- >>>>>>>>> From: Noel Kuntze >>>>>>>>> [mailto:noel.kuntze+strongswan-users-ml@thermi.consulting] >>>>>>>>> Sent: Wednesday, May 03, 2017 7:33 AM >>>>>>>>> To: Modster, Anthony <anthony.mods...@teledyne.com>; >>>>>>>>> users@lists.strongswan.org >>>>>>>>> Subject: [SUSPECT EMAIL: No Reputation] Re: [strongSwan] >>>>>>>>> multiple tunnels >>>>>>>>> >>>>>>>>> Hello Anthony, >>>>>>>>> >>>>>>>>> On 03.05.2017 06:57, Modster, Anthony wrote: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ? how to setup ipsec policy >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> We want to use multiple tunnels on separate interfaces on the same >>>>>>>>>> host to one secure gateway. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> The secure gateway only has one external IP address. >>>>>>>>>> >>>>>>>>> Depends on your exact requirements. You need to elaborate on this. >>>>>>>>> >>>>>>>>> Kind regards, >>>>>>>>> Noel >>>>>>>>> >>>>>>>>> -- Noel Kuntze IT security consultant GPG Key ID: 0x0739AD6C >>>>>>>>> Fingerprint: 3524 93BE B5F7 8E63 1372 AF2D F54E E40B 0739 AD6C >>>>>>>>> _______________________________________________ Users mailing >>>>>>>>> list Users@lists.strongswan.org >>>>>>>>> https://secure-web.cisco.com/1umLFBujqnWj6QpzkmjOs5N9U3Ek-8bie >>>>>>>>> 0 >>>>>>>>> M >>>>>>>>> X >>>>>>>>> p >>>>>>>>> B >>>>>>>>> 6 >>>>>>>>> w >>>>>>>>> Z >>>>>>>>> 9ss1vhilBrSfF13tKoWL6NTRe0CPd1SRvuy2CT2LgFRD1gjLQ21atsRzKU836Z >>>>>>>>> b >>>>>>>>> h >>>>>>>>> i >>>>>>>>> g >>>>>>>>> A >>>>>>>>> z >>>>>>>>> 4 >>>>>>>>> k >>>>>>>>> 14W-T9yeoOC4t2-xDiwbecTeWHYlRtlO1w7TQmXEEzPLgNH25aPblOjUYxnVk3 >>>>>>>>> l >>>>>>>>> l >>>>>>>>> k >>>>>>>>> Y >>>>>>>>> q >>>>>>>>> 0 >>>>>>>>> W >>>>>>>>> l >>>>>>>>> d7pEH7cKab9tMboT6476CmpbjuM8HztzzA/https%3A%2F%2Flists.strongswan. >>>>>>>>> o >>>>>>>>> r >>>>>>>>> g >>>>>>>>> % >>>>>>>>> 2Fmailman%2Flistinfo%2Fusers >>>>>>>>> >>>>>>> _______________________________________________ >>>>>>> Users mailing list >>>>>>> Users@lists.strongswan.org >>>>>>> https://secure-web.cisco.com/1ZUqhowo0_mv9V5kD25oaNH8gLBZLx66slK >>>>>>> 6 >>>>>>> F >>>>>>> f >>>>>>> 2 >>>>>>> 1 >>>>>>> L >>>>>>> c9NCBKfl3Gs-GcDc9rITZdgrJ-gm4T7JliTiQ8tSyQ00Yvr4q_dP85oAHK-y6amf >>>>>>> 1 >>>>>>> l >>>>>>> w >>>>>>> g >>>>>>> W >>>>>>> 4 >>>>>>> AgyJ5jvH2M04bEqEFcCxg6lss3F2tKV0s2k6RGOVF2-XjR0apCbvx4RxQkwAj2uG >>>>>>> q >>>>>>> S >>>>>>> X >>>>>>> z >>>>>>> j >>>>>>> f >>>>>>> ZJzz0AqTsW6cseBSHwc-jMy4lczBfcy-Zg/https%3A%2F%2Flists.strongswan. >>>>>>> o >>>>>>> r >>>>>>> g >>>>>>> % >>>>>>> 2Fmailman%2Flistinfo%2Fusers >>>>>>> _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users