Re: [strongSwan] Common value for DPD timeout

2009-02-26 Thread Andreas Steffen
Hi Youngsang, since IKEv2 uses INFORMATIONAL requests for DPD the regular retransmission scheme for IKEv2 messages with 5 trials applies: See the following sample scenario with dpddelay = 10 seconds: http://www.strongswan.org/uml/testresults42/ikev2/dpd-clear/ Jan 21 01:55:15 moon charon:

[strongSwan] Tunnel dosn't build by itself

2009-02-26 Thread Svend Høst
Hi I've made a router out of a epia sn board, and it really performes well (80 mbit iperf over vpn). But it seems to me that the tunnel dosn't start automaticly ? But if i @work du a ipsec up net-net-svende then the tunnel builds fine, but i can't ping from my lan pc and trigger the tunnel.

Re: [strongSwan] Tunnel dosn't build by itself

2009-02-26 Thread Andreas Steffen
SIf you want to trigger the tunnel setup by payload packets then you must define auto=route Regards Andreas Svend Høst wrote: Hi I've made a router out of a epia sn board, and it really performes well (80 mbit iperf over vpn). But it seems to me that the tunnel dosn't start automaticly ?

[strongSwan] Tunnel dosn't build by itself

2009-02-26 Thread Svend Høst
Hi I've made a router out of a epia sn board, and it really performes well (80 mbit iperf over vpn). But it seems to me that the tunnel dosn't start automaticly ? But if i @work do a ipsec up net-net-svende then the tunnel builds fine, but i can't ping from my lan pc and trigger the tunnel.

Re: [strongSwan] Nokia E-Series vpn client (JFYI)

2009-02-26 Thread Dimitrij Hilt
Hi All, i may be a bug in Nokia VPN with IKEv2. I'v tested wit strongswan client with linux from same DSL Account and it works out of the box. Nokia does not answer this packet: 01:53:11.565493 IP (tos 0x0, ttl 62, id 0, offset 0, flags [DF], proto UDP (17), length 405) 87.106.225.59.500

[strongSwan] Why the first IKE_INIT request message was encrypted?

2009-02-26 Thread 可胜 叶
Hi all, I used pre-shared key to set up the IPsec tunnel. When I used wireshark to capture the IKE messages, I found that the first IKE_INIT request message was encrypted. I feel confused, I think it should be sent in clear text. I found no answer from the IKEv2 RFC. Any comment is

Re: [strongSwan] Why the first IKE_INIT request message was encrypted?

2009-02-26 Thread 可胜 叶
And the interesting thing is that the second message, IKE_INIT response was sent in clear text. Why the IKE_INIT request message was encrypted while the IKE_INIT response was sent in clear? Regards, Alvin From: kesheng...@msn.com To: users@lists.strongswan.org Subject: Why the first

[strongSwan] Tunnel dosn't build by itself

2009-02-26 Thread Svend Høst
Hi I've made a router out of a epia sn board, and it really performes well (80 mbit iperf over vpn). But it seems to me that the tunnel dosn't start automaticly ? But if i @work do a ipsec up net-net-svende then the tunnel builds fine, but i can't ping from my lan pc and trigger the tunnel. A