Hi.
I was wondering if I could get some clarification on a few things. I need to
rekeys Phase 1 and Phase 2 SAs for both IKEv1 and IKEv2 (using Linux strongSwan
U4.5.2/K3.0.0-12-generic). It's not clear to me what entries I should be using
in the config file to accomplish this. At a high
Hi.
I was wondering if I could get some clarification on a few things. I need to
rekeys Phase 1 and Phase 2 SAs for both IKEv1 and IKEv2 (using Linux strongSwan
U4.5.2/K3.0.0-12-generic). It's not clear to me what entries I should be using
in the config file to accomplish this. At a high
Yes, either update to at least 4.4.1 or apply the patch at [1].
Thanks Tobias. With this patch, it is working fine.
Regards,
Divya
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
Hi Andreas,
My requirement is to pass traffic on a certain port, how can I specify the port
numbers in connection configuration
Regards,
-sanjay
-
Please consider the environment before printing this email.
-Original Message-
From:
Hi,
It seems , dynamic update of the other ends IP address in NAT traversal
is not supported in StrongSwan.
According to rfc4306, it should be supported as part of NAT traversal.
Please find the topology and issue I m facing out of this.
Cisco
VPN client -- Router1
Hi Sanjay,
you can define only a single port per passthrough connection, e.g.
conn p1
also=pass
leftprotoport=tcp/0
rightprotoport=tcp/https
auto=route
conn p2
also=pass
leftprotoport=tcp/0
rightprotoport=tcp/imaps
auto=route
conn pass
Hello,
RFC 4306 defines IKEv2 whereas you are using the obsoleted IKEv1
protocol. IKEv1 does not support the update of NAT ports whereas
our IKEv2 charon daemon does.
Regards
Andreas
On 03/30/2012 03:01 PM, SaRaVanAn wrote:
Hi,
It seems , dynamic update of the other ends IP address in NAT
Hello,
I've been trying to get scepclient to work with CISCO (IOS 15) for a week,
turned all debugging on and still no success.
CISCO fails with unable to open signed data when I request a certificate (get
ca cert works).
This is what I'm doing:
ipsec scepclient --out cert=mycert.der
Hi,
We have encountered some issues while using StrongSwan charon on our Linux
server and would request you to help us out on this.
Setup:
1) We are using StrongSwan charon [Linux strongSwan 4.3.1] on our server
[we call it NODE A] to establish an IKEv2 IPSec tunnel with a Cisco
Hi Anurag,
1) We are using StrongSwan charon [Linux strongSwan 4.3.1]
Just let me tell you that we don't really like to support such old
releases. It would great if you could try if this issue is still
present in 4.6.2.
3) After around 600 sec. from the start, IKE_SA re-keying
I have a situation wherein a floating ipAddress is assigned and removed on the
network interface (ifconfig up/down) during the runtime when various tunnels
are established on my machine.
I observe that ipsec daemon does not establish the tunnels on any ipAddress
provisioned after ipsec was
StrongSwan 4.4.06 on 2 SLES11 SP2 servers. I need a site-to-site how-to (this
link, http://www.strongswan.org/docs/readme4.htm#section_2.1 is outdated and i
do not see a updated site to site how to) and 1 server will have roadwarriors
connecting to it (would like to do this with RSA
-Where is the authlog located?
iirc, strongswan logs to syslog by default. Have a look at
http://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration
if you want to customize logging.
OK, i have configured strongSwan on both servers. Created the certs on both
servers and open 500
OK, i can not get the tunnel to build. Here are my config files:
ipsec.conf:
config setup
# plutodebug=all
crlcheckinterval=600
strictcrlpolicy=yes
# cachecrls=yes
# nat_traversal=yes
# charonstart=no
plutostart=no
# Add connections here.
14 matches
Mail list logo