Hello Fabrice,
On 04.03.2011 08:43, CETIAD - Fabrice Barconnière wrote:
In the past usually two IKE_SAs and corresponding CHILD_SAs were
established and maintained over all subsequent rekeyings. This is
not harmful per se but creates twice the number of tunnels. I have
to check if the the
All,
Warning - probable noob question coming up ...
We've been using strongSwan quite happily for a couple of years now, with
the IPsec clients connecting to a SeGW and talking to hosts on the secure
side.
Now, however, we have a requirement for one IPsec client to talk to another
IPsec client
Andreas,
Thanks for that. Unfortunately, all of these abstract labels are making my
head hurt. Let's try some real numbers.
Host A and Host B have local IP addresses in the 192.16.50.xxx subnet.
The SeGW has an unsecure IP address (i.e. on eth0) in the 172.16.xxx.xxx
subnet and a secure IP
Andreas,
We've solved the problem here. Actually, there never was a problem.
When first chatting to the people here, NO secure communication was
happening.
After your last message, I did a little digging and, as so often happens in
these cases, reality was a little different.
It seems that
Ping
-Original Message-
From: users-bounces+gary.smith=holdstead@lists.strongswan.org
[mailto:users-bounces+gary.smith=holdstead@lists.strongswan.org] On Behalf
Of Gary Smith
Sent: Wednesday, March 02, 2011 11:14 AM
To: 'strongSwan user list'
Subject: [strongSwan] Dynamic