Hello
I have server 1 (SS 5.0.1rc1) against server 2 (SS 5.0.0) and net2net
kind of configuration.
My goal is to make IKE and Child SA's persistent so, that I don't have
to do anything manually and SA's keep working automatically.
Yesterday I had to reboot server 1 because of power failure and
Hi Kimmo,
The question is, how to improve Server 1 ipsec.conf to be able to keep
SA's up always without manual interaction? I don't have access to
server 2.
For always-up tunnels, I usually prefer to install trap policies that
automatically re-establish the tunnel if it should fail for
Hello All,
I am using strongswan 4.5.2-1.2(charon) and PSK authentication.
The problem I am facing is quite straight forward. I know the remote
IP(192.168.0.2) address to put in the ipsec.conf. But I do not know
the local IP address and want it to be automatically figured out.
Looking at the
08[NET] received packet: from 192.168.0.2[4500] to 192.168.0.1[4500]
08[ENC] parsed IKE_AUTH response 1 [N(AUTH_FAILED) ]
Replacing %any by 192.168.0.1 works fine. But that is not what I want.
If you don't specify a leftid, leftid = left. If left is %any, leftid
should be the IP used during
This works fine with 5.0.1, but I'm not sure if it did with 4.5.2.
It actually didn't, not before 4.6.3.
Does it help if you define leftid to what the responder expects?
You'll have to define leftid statically in this case, or switch to a
newer release.
Regards
Martin
2012/10/2 Martin Willi mar...@strongswan.org:
Hi Martin
For always-up tunnels, I usually prefer to install trap policies that
automatically re-establish the tunnel if it should fail for whatever
reason:
closeaction=close
dpdaction=close
auto=route
You'll have to send some
Maybe you are looking for left=%defaultroute ?
IIRC this causes the left IP address to be the IP address of the
interface which has the default route.
On Tue, 2012-10-02 at 00:17 -0700, Guru Shetty wrote:
Hello All,
I am using strongswan 4.5.2-1.2(charon) and PSK authentication.
The
Hello,
Can be please confirmed that IKEv2 retransmission algorithm based on
charon.retransmit_base
charon.retransmit_timeout
charon.retransmit_tries
applies as well to IKE_SA_INIT request?
Thank you
Mugur
___
Users mailing list
Hi Mugur,
Can be please confirmed that IKEv2 retransmission algorithm based on
charon.retransmit_base
charon.retransmit_timeout
charon.retransmit_tries
applies as well to IKE_SA_INIT request?
Yes, those options apply to IKE_SA_INIT requests as well. However,
IKE_SA_INIT requests
Hi Martin,
Thank you for reply.
Yes, those options apply to IKE_SA_INIT requests as well.
However, IKE_SA_INIT requests are additionally affected
by the keyingtries
Does 'keyingtries' always supersede 'retransmit_tries' or only
when is smaller?
Best Regards
Mugur
Does 'keyingtries' always supersede 'retransmit_tries' or only
when is smaller?
It doesn't. The retransmit_tries option defines the number of
retransmissions in a sequence, while keyingtries defines the number of
sequences. The total number of retransmissions sent is
retransmission_tries *
On 2 October 2012 00:39, Martin Willi mar...@strongswan.org wrote:
This works fine with 5.0.1, but I'm not sure if it did with 4.5.2.
It actually didn't, not before 4.6.3.
Thanks.
I tested this with 4.6.4 and it does work fine.
While I was testing this, I noticed a weird thing. After
On 2 October 2012 00:51, Richard Andrews richard.andr...@symstream.com wrote:
Maybe you are looking for left=%defaultroute ?
IIRC this causes the left IP address to be the IP address of the
interface which has the default route.
I did try this. But when I use %defaultroute, it seems to pick
Hi,
I am using the sample configurations [1] to setup the
ikev2/ip-two-pools-v4v6 and notice one thing related to the routing:
If Carol sets up the connection with Moon using the IPv4 interfaces as the
tunnel endpoints, both IP v4 and v6 VPN addresses are assigned to Carol,
IPv4 routing is
14 matches
Mail list logo
