Hi Tobias,
Thank you for taking the time to reply to my request, How can I get the
same behavior for Per connection via vici.
I believe dropping the connection when global initiator_only is marked as
yes is done in Charon code and not via iptables .
Please guide me on the per-connection option
Hi,
Nope, that's wrong.
You need to enumerate all combinations of subnets so you have a specific
CHILD_SA for each pair.
IKEv1 can only handle one subnet per side in a single CHILD_SA.
Kind regards
Noel
Am 07.04.20 um 16:38 schrieb Makarand Pradhan:
> Good morning All,
>
> Following up on
Good morning All,
Following up on the issue. We need to manually add the route for ikev1.
Would very much appreciate any pointers. Am kind of stuck on ikev1.
Kind rgds,
Makarand Pradhan
Senior Software Engineer.
iS5 Communications Inc.
5895 Ambler Dr,
Mississauga, Ontario
L4W 5B7
Main Line:
Hello,
I'll try to setup net2net connection ip4-in-ip6.
I have already working setup ip4-in-ip6 policy based, without vti interfaces.
And also working setups with vti interface, ipv4-in-ipv4.
But now I need any hints/examples to use vti interface for ipv4-in-ipv6.
I looked at
Hi Matt,
> I've been trying to make a connection between my home PC and the
> Watchguard XTM330 we have at the office.
It seems that box supports IKEv2 (at least the GUI has a version
dropdown field). If possible, switch to that version.
> could anyone shed some light on this one for me ?
Hi Naveen,
> I see that we have a global " *initiator_only = yes/no* " configuration
> in charon.conf, is it possible to configure this for per connection via
> vici, so that the initiator is only responsible for initiating the
> connection.
That option is global because it causes any initial
