Hi Tobias,
Thanks for the reply and suggestion.
I have changed the tunnel config as below
conn %default
ikelifetime=20m
keylife=10m
rekeymargin=3m
But still the problem persists. I can still see lot of redundant SAs when
issued ipsec statusall.
On my environment there is no
Hi Anand,
On my environment there is no support for kernel-netlink interface
for IPsec,
I have to use kernel-pfkey interface only as I have my hooks
registered in PFKEY to XFRM for IPsec.
I have tried latest versions of strongswan (4.5.1 and 4.5.3) both
resulted in kernel panic after
Hi,
I am trying to establish multiple IPsec Tunnels between Linux(strongSwan)
and Cisco Router using Load tester plugin, and I want to generate traffic
on each negotiated load-tester tunnel. Tools like 'iperf' need
configuration on both sides and are of no help since I cant configure it on
Cisco
Hi Tobias,
I have already enabled both kernel-pfkey and kernel-netlink plugins. Both the
plugins are loaded.
This was suggested by Andreas for my earlier query about pfkey plugin usage
for IKEv1.
Since 4.5.3 is causing kernel-panic in my environment for unknown reasons, i
want to resolve
Hi Tobias,
I forgot about this yesterday, but this was actually a bug in 4.5.0.
While charon detects that it is behind a NAT, and properly responds to
requests, it does not update the port internally and still uses port 500
for its own requests and for installing the SA in the kernel.
Dear Tobias,
thank you very much. I thought that charon was signalled by the IPsec
stack's SPD when a new SA was to be negotiated, not that it itself set
the policy.
Your solution didn't work right away though. I found that ipsec
start only started the starter process and nothing more. It was
Hi Tobias,
On Wednesday 21 March 2012 12:44 AM, Vilhelm Jutvik wrote:
Dear Tobias,
thank you very much. I thought that charon was signalled by the IPsec
stack's SPD when a new SA was to be negotiated, not that it itself set
the policy.
Your solution didn't work right away though. I found