After a few days of testing, I think you're perfectly right Paul.
Indeed, "auto" works as expected. With little exemption of VTI behavior (on
which I'll elaborate a little bit further), Libreswan indeed works like a
charm, PFS being the real culprit.
As a programmer, I understand that we indeed
On Sat, 27 Jan 2018, Alex K. wrote:
After a few days of running debugs, I finally found the culprit, it was PFS
(strangely enough, both sides agreed on
each other proposals and brought SAs up, prior to re-negotiations, but that's
another issue).
There are known interop issues on rekeying if
Hello Paul, pleased to meet you.
I do have "auto=start" configured, but unfortunately, it behaves
differently.
The opposite end is also VTI on a Cisco router, and the VTI on my side does
not comes up, no matter what happens.
I tried to delete SAs on both sides (till there's no SA shown on my
On Thu, 18 Jan 2018, Alex K. wrote:
What are the possible ways to bring a Libreswan VTI up?
Let me elaborate the situation a little bit - I have a Libreswan 3.21 compiled
from sources on Debian Stretch as. Anyhow, I have a
basic VTI setup according to the example on Libreswan website.
Using
Hello everyone,
What are the possible ways to bring a Libreswan VTI up?
Let me elaborate the situation a little bit - I have a Libreswan 3.21
compiled from sources on Debian Stretch as. Anyhow, I have a basic VTI
setup according to the example on Libreswan website.
On system startup, everything
