[strongSwan] Issuse with VTI packet forwarding .

2017-11-28 Thread Naveen Neelakanta
Hi All, Need some guidance and help in getting the traffic routed via VTI ( ipsec0 ) interface.I am using the VTI interface to just mark the traffic and forward. I am not able to get the traffic forwarding via VTI( ipsec0) interface and getting the traffic marked, so that it gets protected. i

[strongSwan] Fwd: Possibility to remove some vendor ID payload in MM IKEv1?

2017-11-28 Thread 曹昊阳
-- Forwarded message -- From: 曹昊阳 Date: 2017-11-28 10:49 GMT+08:00 Subject: Possibility to remove some vendor ID payload in MM IKEv1? To: users-requ...@lists.strongswan.org Hi, There is some request that ask IPSec client to remove some payload like: XAUTH

[strongSwan] swanctl.conf EAP credential information

2017-11-28 Thread bls s
I’m switching over from using IPsec.conf to charon-systemd. Everything is working for the first user, but I have run into a strange issue (or a dumb user error!) with the ‘secrets’ section when trying to implement multiple eap passwords. If my secrets section has only one eap id/password in

Re: [strongSwan] Lots of reconnections for a rekey/reauth, and packet drops

2017-11-28 Thread Noel Kuntze
Hi, > Nov 28 16:52:29 yomama charon: 06[KNL] creating delete job for > CHILD_SA ESP/0xc4bd0735/192.168.1.72 > Nov 28 16:52:29 yomama charon: 06[JOB] CHILD_SA > ESP/0xc4bd0735/192.168.1.72 not found for delete Whatever causes these problems is your root cause and needs to be

[strongSwan] Isolate clients and force local network traffic to an interface

2017-11-28 Thread Loc Nguyen
Hi, I create an IPsec network 10.11.0.0/16 and using dnsmasq to assign IP addresses. I able to route all 10.11.0.0/16 network traffic to an interface. I would like also route local network 10.11.0.0/16 between client to client to that interface too. I can use iptables FORWARD to block client

[strongSwan] Lots of reconnections for a rekey/reauth, and packet drops

2017-11-28 Thread Hoggins!
Hello, We're experiencing something new on our installation, and we can't figure out why. Here's the thing : we have NODE 1 and NODE 2 establishing tunnels (ipsec.conf follows), all working well. Except every rekeying/reauth, we now lose packets. Why now ? Well, we have restarted NODE 1, changing