[strongSwan] Cisco rejects requests if first esp algo not supported

Hello, We have an IPsec connection between a Cisco 2800 series and a strongSwan Linux box. Everything works fine when the Cisco box initiates the connection, but when the strongSwan box initiates the connection and the first algorithm in the esp= line isn't supported by the Cisco we get

[strongSwan] StrongSwan stops trying to restart a dpd'd connection

Hello all, A little background. I am still trying to get a robust solution for restarting IPsec connections. I asked this a while ago: https://lists.strongswan.org/pipermail/users/2009-January/003058.html Martin helped out by pointing out the keyingtries=%forever configuration parameter. This

[strongSwan] Strongswan - Linux Route Interaction Part 2

Hello, A while ago I asked about Linux Ipsec/Route interactions (https://lists.strongswan.org/pipermail/users/2008-March/002320.html). Andreas's response was very informative and I have put it under my pillow at night and think I understand most of it. One thing really doesn't make sense yet.

[strongSwan] Some possible strongSwan bugs

Hello all, I have been running strongSwan for a while on some of my networks and have been having a few stability issues. I am working on getting to root cause on a few of them and was wondering if other people are having these issues: 1.) DPD'd connections with dpaction=restart sometimes stop

[strongSwan] received netlink error: No such file or directory

Hello, In November of 2008 I had an issue with Strongswan being unable to add SAD entries in my IPv4 only kernel. Martin made me a snazzy patch that fixed all my woes: (https://lists.strongswan.org/pipermail/users/2008-November/002925.html) I just upgraded from Strongswan 4.3.4 to 4.5.1 and my

Re: [strongSwan] received netlink error: No such file or directory

if you have an old Linux kernel then just define  esp=aes128-sha256_96 and everything will be fine. Drat! It worked! Thanks. I do believe I went the long way about diagnosing that issue, but it works now. Thanks Andreas, Barry ___ Users

[strongSwan] Strongswan receive signal 11 on PPC even with mlongcall

Hello, I am having trouble with strongSwan 4.5.2 on the PowerPC platform. Specifically I am getting a signal 11 in openssl_diffie_hellman_create. Googling turned up http://comments.gmane.org/gmane.network.vpn.strongswan.devel/610 which recommended I compile with -mlongcall. I added that to

Re: [strongSwan] Strongswan receive signal 11 on PPC even with mlongcall

Hi Tobias, Thanks for the information. That is an interesting bug. [1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=11d6bc3e I applied the patch (which did apply cleanly) and everything started working. Thanks again for all the help, Barry