Hi Ujjal,
1) Is reauth=no has any effect or i am doing some wrong configuration
The reauth option allows to configure whether an IKE_SA is rekeyed or
reauthenticated once it is about to expire (ikelifetime/margintime). It
has no effect on other circumstances where a reauthentication might
Hi David,
iptables -t mangle -A OUTPUT -p icmp -j DSCP --set-dscp 10
iptables -t mangle -A OUTPUT -p icmp -m dscp --dscp 10 -j MARK --set-mark 10
If you add these rules on both sides. Then you also have to specify
mark=10 in both configs. You seem to have done so on the gateway but
not on
Hi,
Jul 23 12:41:28 lag3 charon: 03[CFG] issuer of fetched CRL 'C=US, ST=CO,
L=Denver, O=igvpn.com, CN=igvpn.com CA, E=i...@igvpn.com' does not match
CRL issuer '9b:00:ad:ef:3d:af:74:3b:72:6e:28:33:f5:33:4a:6a:e8:77:2e:bb'
It seems your CA certificate contains the X509v3 Subject Key
Thanks Tobias,
But how can I add X509v3 Authority Key Identifier extension to my CRLs? Please
help.
my openssl.cnf
--
[ server ]
basicConstraints=CA:FALSE
nsCertType = server
nsComment = Server
Thank you, Tobias.
That is some part of my openssl.cnf, but I use your suggestion to uncomment
this line in my openssl.cnf, everything is ok now.
# crl_extensions = crl_ext
Thank you again.
--
Best Regards
Jacky
-Original Message-
From: Tobias Brunner [mailto:tob...@strongswan.org]
Hi Arnab,
why do you want to have two identical CHILD_SAs? Usually the latest
CHILD_SA is used to transport traffic, the other being becoming idle.
Regards
Andreas
On 07/25/2011 03:28 PM, Arnab Bakshi wrote:
Hi Andreas,
One question regarding the tunnel mode:
I have the
Hello Andre,
IKE info: IKE-CFG: Attribute INTERNAL_IP4_ADDRESS len 0 skipped
I don't know why the LANCOM VPN router doesn't want to assign a
virtual IP address although it gets a request.
Regards
Andreas
On 07/27/2011 03:07 PM, Andre wrote:
Hi,
I'm trying to get a stronswan based vpn
Hi,
I am facing a problem with my VPN connection. When the port speed is
changed from 1000 Mbps to 10 Mbps, the remote systems connected
through VPN are not pinging.
But, if the VPN is restarted, then ping succeeds. I am using
strongswan-4.2.17-1.
I wanted to check if this is an expected
Hello Vinay,
I'm not aware of any known bug. Does the interface go away
during the speed change? Does the strongSwan log show any
warnings that the interface disappeared and reappeared?
BTW - strongSwan 4.2.17 is very ancient.
Regards
Andreas
On 28.07.2011 19:20, Vinay Kalkoti wrote:
Hi,
When I restart the network service, I see the following message. eth2
interface speed is set to 10 Mbps and is causing the network problem.
I couldn't make much from the logs.
11[IKE] checking path 10.xx.xx.197[4500] - 128.221.252.65[4500]
11[NET] sending packet: from 10.xx.xx.197[4500] to
Hello Vinay,
from the logs I see that strongSwan is trying to re-establish
the connection using the IKEv2 MOBIKE protocol after the interface
disappears and reappears but MOBIKE seems to fail. Could you either
disable MOBIKE (mobike=no) or upgrade to strongSwan 4.5.2 which has
a much improved
11 matches
Mail list logo