On 25/02/2015 09:07, Brian Candler wrote:
How does one prevent the plugin being loaded? I found these:
/etc/pfSense_md5.txt:MD5
(/usr/local/lib/ipsec/plugins/libstrongswan-unity.so) =
66080ad3f0fd624958e8307492f6488b
/etc/installed_filesystem.mtree:libstrongswan-unity.so \
but I can't
On 24/02/2015 21:44, Brian Candler wrote:
Many thanks. I've made that change now and I'll see over the next few
days if it stays up.
Unfortunately it didn't :-(
2015 Feb 25 06:07:30 Group = X.X.X.219, IP = X.X.X.219, Error: dynamic
map SYSTEM_DEFAULT_CRYPTO_MAP: * to any not permitted.
2015
if i had such rekeying issues one or more of the following was may be not
in the right shape:
Key times to live, different TTL on both sides for the resp. Component
(DH,AH ... )
Key lenghts/Algorithms (rare)
Timing issues due to Packet-Flow (very often, due to policy based routing
in the net)
On Tue, Feb 24, 2015 at 8:02 AM, Brian Candler b.cand...@pobox.com wrote:
We appear to have the same problem here after upgrading a box from pfSense
2.1.5 to 2.2. The other side is a Cisco ASA5505.
X.X.X.219 = pfSense, internal subnet 10.19.0.0/16
Y.Y.Y.155 = Cisco, internal subnet
On 24/02/2015 20:33, Chris Buechler wrote:
That's this:
https://redmine.pfsense.org/issues/4178
disabling Unity on the Advanced tab, followed by a manual stop and
start (not just restart) of strongswan may resolve that. There was one
person reporting that wasn't adequate, the plugin had to be
Excellent clue!
On 02/24/2015 08:15 AM, Brian Candler wrote:
However based on Nagios logs, after the tunnel has been up for pretty
much exactly one hour, it drops out again. This would coincide with
the P2 SA expiring and being re-negotiated.
It would be *really* helpful if the debug message
Interestingly, if we kick the tunnel from the pfSense GUI, it negotiates
both P1 and P2 successfully.
pfSense log:
Feb 24 14:06:42charon: 07[ENC] generating QUICK_MODE request
1807616002 [ HASH ]
Feb 24 14:06:42charon: 07[IKE] CHILD_SA con1000{1} established with
SPIs _i
We appear to have the same problem here after upgrading a box from
pfSense 2.1.5 to 2.2. The other side is a Cisco ASA5505.
X.X.X.219 = pfSense, internal subnet 10.19.0.0/16
Y.Y.Y.155 = Cisco, internal subnet 10.26.0.0/16
Here is the log we get from the Cisco:
2015 Feb 24 13:20:03 Group =
Hi all,
We are experiencing a number of issues with IPSEC tunnels rekeying. We see the
following in the IPSEC log :
Feb 15 17:30:45 4slgbmernfw01 charon: 13[IKE] con1000|1080 received
INVALID_ID_INFORMATION error notify
Feb 15 17:30:50 4slgbmernfw01 charon: 14[IKE] con1000|1080 received
On Sun, Feb 15, 2015 at 12:37 PM, Mark Relf mark.r...@4slgroup.com wrote:
Hi all,
We are experiencing a number of issues with IPSEC tunnels rekeying. We
see the following in the IPSEC log :
Feb 15 17:30:45 4slgbmernfw01 charon: 13[IKE] con1000|1080 received
INVALID_ID_INFORMATION
10 matches
Mail list logo