Re: [strongSwan] charon: [15]CFG trap not found, unable to acquire reqid 0

Hi Tobias, On Wednesday 21 March 2012 12:44 AM, Vilhelm Jutvik wrote: > Dear Tobias, > > thank you very much. I thought that charon was signalled by the IPsec > stack's SPD when a new SA was to be negotiated, not that it itself set > the policy. > > Your solution didn't work right away though. I f

Re: [strongSwan] charon: [15]CFG trap not found, unable to acquire reqid 0

Dear Tobias, thank you very much. I thought that charon was signalled by the IPsec stack's SPD when a new SA was to be negotiated, not that it itself set the policy. Your solution didn't work right away though. I found that "ipsec start" only started the starter process and nothing more. It was n

Re: [strongSwan] Header verification failed and NAT mapping changed

Hi Tobias, > > I forgot about this yesterday, but this was actually a bug in 4.5.0. > While charon detects that it is behind a NAT, and properly responds to > requests, it does not update the port internally and still uses port 500 > for its own requests and for installing the SA in the kernel. >

Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs

Hi Tobias,   I have already enabled both kernel-pfkey and kernel-netlink plugins. Both the plugins are loaded.  This was suggested by Andreas for my earlier query about pfkey plugin usage for IKEv1. Since 4.5.3 is causing kernel-panic in my environment for unknown reasons, i want to resolve th

[strongSwan] To Generate Traffic on Load-Tester Tunnels to Cisco Router.

Hi, I am trying to establish multiple IPsec Tunnels between Linux(strongSwan) and Cisco Router using Load tester plugin, and I want to generate traffic on each negotiated load-tester tunnel. Tools like 'iperf' need configuration on both sides and are of no help since I cant configure it on Cisco R

Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs

Hi Anand, > On my environment there is no support for kernel-netlink interface > for IPsec, > > I have to use kernel-pfkey interface only as I have my hooks > registered in PFKEY to XFRM for IPsec. > > I have tried latest versions of strongswan (4.5.1 and 4.5.3) both > resulted in kernel panic a

Re: [strongSwan] Header verification failed and NAT mapping changed

Hi Kim, > Here are excerpts of the two log files. I tried to get similar time > slot. I also added some further 'bits' where the behaviour seems a bit > strange. Hope it helps. Thanks for the logs. > -- moon ipsec.log -- > Mar 19 16:12:07 moon charon: 14[NET] sending packet: from > 192.168.2.17[

Re: [strongSwan] Charon hangs after failing to delete Rekeyed IPsec SAs

Hi Tobias,   Thanks for the reply and suggestion.   I have changed the tunnel config as below conn %default     ikelifetime=20m     keylife=10m     rekeymargin=3m But still the problem persists. I can still see lot of redundant SAs when issued "ipsec statusall". On my environment there is no