Hi,
I have some queries:-
1. In case I need to create a tunnel with mutiple child SAs, would
there be different connection for each tunnel ip - virtual IP pair or
there is a single connection containing all the virtual IPs
corresponding to each Child SA?
2. In case there is a single connection f
Thanks Andreas for your very fast answer.
I did what you said but I got the same error.
dave:/etc/ipsec.d# ipsec up home
initiating IKE_SA 'home' to 192.168.0.216
IKE_SA 'home' state change: CREATED => CONNECTING
generating IKE_SA_INIT reque
Hi Adam,
dave has a certificate issued by CA
"C=CH, ST=TI, L=Stabio, O=Gerosa CA Services, CN=moon"
whereas moon has a certificate issued by CA
"C=CH, ST=TI, L=Stabio, O=Gerosa CA Services, CN=Gerosa CA server"
Therefore moon cannot verify dave's certificate because it doesn't
has the moon C
Hi All,
I am try to build a VPN but when I give the command (on dave) ipsec up home
I get the error:
dave:/etc# ipsec up home
initiating IKE_SA 'home' to 192.168.0.216
IKE_SA 'home' state change: CREATED => CONNECTING
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sendin
On Wednesday 29 July 2009 16:11:42 Andreas Steffen wrote:
> Usually split-tunneling is not allowed in remote access. Therefore
> I suggest to try
>
> rightsubnet=0.0.0.0/0
Thanks again for the reply!
Unfortunately it makes no difference :( Turning up the debug level
to "all" now confirms that th
Usually split-tunneling is not allowed in remote access. Therefore
I suggest to try
rightsubnet=0.0.0.0/0
Regards
Andreas
Andreas Ntaflos wrote:
> On Tuesday 28 July 2009 22:43:58 Andreas Steffen wrote:
>> Hi Andreas,
>>
>> you probably want to reach a subnet behind the VPN router via
>> IPSec.
On Tuesday 28 July 2009 22:43:58 Andreas Steffen wrote:
> Hi Andreas,
>
> you probably want to reach a subnet behind the VPN router via
> IPSec. Therefore you should define
>
> rightsubnet=
Hi Andreas as well :)
Thank you for your quick reply!
I indeed want to reach a subnet, more specifically
Hi All,
I have encountered the following problem. Can you support me and give me a
good solution or clue for this problem? Thanks in advance!
Version of strongswan used for testing: 4.3.3
Problem is:
In the scene of host-host case, whether or not one peer can request one
virtual IP from other
Hi ,
Please give me the following info.
how is the window size configured in ikev2 strongswan ? what is the
default window size.
Regards,
Kalyani
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo
Hi Iris,
strongSwan is able to set up multiple concurrent IPsec SAs between
two hosts, the Linux netfilter kernel module is able to filter traffic
according to DSCP marking but the Linux kernel currently unfortunately
is not able to assign plaintext traffic according to their DSCP marking
to indiv
10 matches
Mail list logo
