Hi,
I don't have any DPD params set, as the example trap-any doesn't have them
either.
I see a new IKE_SA initiation every 5 seconds!
Thanks
James M
On Wed, 6 Mar 2019, 3:04 pm Felipe Arturo Polanco,
wrote:
> Hi,
>
> Check your DPD settings, I have seen that incorrect setting on t
<>
server port pair ? The traffic on these ports is UDP, so there would be
massive overhead in doing this.
Logs/config/SAs -
https://gist.github.com/james-masson/347bcdab80c93c83dfc68f111a5cb472
Can anybody point out a flaw in or improvements to my config?
To be clear, I'm after a config tha
On Tue, 2018-10-16 at 14:58 +0200, Tobias Brunner wrote:
> Hi James,
> However when I attempt to ping, I see the ping on the ppp0
> interface,and the source isn't 172.16.0.1:2018-07-25
> 18:26:37.085194521 8.0.0.1 → 192.168.1.1 ICMP 100 Echo(ping)
> request id=0x0004, se
Thank you much Tobias...I will be patient and wait for a fix.
James
On Tue, 2018-10-16 at 14:58 +0200, Tobias Brunner wrote:
> Hi James,
> However when I attempt to ping, I see the ping on the ppp0
> interface,and the source isn't 172.16.0.1:2018-07-25
> 18:26:37.085194521
Bumping this one last time before I give up and move on to something
else ☺ Thanks for any insight.
James
On Sun, 2018-07-29 at 08:43 -0600, James Lay wrote:
> On Sun, 2018-07-29 at 08:00 -0600, James Lay wrote:
> On Sun, 2018-07-29 at 07:53 -0600, James Lay wrote:
> On Wed, 2018-07-25
On Sun, 2018-07-29 at 08:00 -0600, James Lay wrote:
> On Sun, 2018-07-29 at 07:53 -0600, James Lay wrote:
> > On Wed, 2018-07-25 at 18:33 -0600, James Lay wrote:
> > > On Wed, 2018-07-25 at 06:53 -0600, James Lay wrote:
> > > > On 2018-07-24 06:51, Tobias Brunner wrot
On Sun, 2018-07-29 at 07:53 -0600, James Lay wrote:
> On Wed, 2018-07-25 at 18:33 -0600, James Lay wrote:
> > On Wed, 2018-07-25 at 06:53 -0600, James Lay wrote:
> > > On 2018-07-24 06:51, Tobias Brunner wrote:Hi James,
> > > So I moved to Strongswan 5.6.2 during a distr
On Wed, 2018-07-25 at 18:33 -0600, James Lay wrote:
> On Wed, 2018-07-25 at 06:53 -0600, James Lay wrote:
> > On 2018-07-24 06:51, Tobias Brunner wrote:Hi James,
> > So I moved to Strongswan 5.6.2 during a distribution upgrade.
> > What distribution? What was the previous v
On Wed, 2018-07-25 at 06:53 -0600, James Lay wrote:
> On 2018-07-24 06:51, Tobias Brunner wrote:Hi James,
> So I moved to Strongswan 5.6.2 during a distribution upgrade.
> What distribution? What was the previous version? Do you still
> havethe same plugins installed and e
On 2018-07-24 06:51, Tobias Brunner wrote:
Hi James,
So I moved to Strongswan 5.6.2 during a distribution upgrade.
What distribution? What was the previous version? Do you still have
the same plugins installed and enabled?
My simple
setup no longer routes back to the client (I can see
to=add
I suspect I have been doing this wrong but it worked anyway. Thanks
for any assistance.
James
Can anyone tell me what the effect of disabling policy and xfrm in
sysctl has? I see that it is done when I create a VTI tunnel or use
0.0.0.0 as a traffic selector, but I can't find any documentation as to
what it actually does.
--
J.D. Smith
Senior Network Engineer
O: +1.703-433-6416
M:
that had
footnotes?) or is this something to do with IPv6?
Thanks!
James
Scanned by CyberHound
(http://cyberhound.com/)
Confidentiality Notice: This email, including any attachments, is confidential
and may be privileged. If you are not the intended recipient please notify the
sender
,
James Birkett
On 13 October 2016 at 00:29, Andreas Steffen <andreas.stef...@strongswan.org
> wrote:
> Hi James,
>
> yes, with systemd and journalctl active you have to remove the
> syslog daemon section from strongswan.conf. If you want to change
> the defaults of the syste
an.org/mailman/listinfo/users
This currently works for me:
conn rw
leftsubnet=192.168.1.0/24
leftcert=StrongSwanHostCert.pem
right=%any
rightsourceip=192.168.1.11
auto=add
James
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
Thanks Noel & Andreas,
Is this what I should be looking at?
https://wiki.strongswan.org/projects/strongswan/wiki/VirtualIp
If I understand this correctly, the leftsourceip and rightsourceip are
the directives that define the virtual IP addresses. Is that correct?
Thank you.
On Sat, Sep 26,
All,
I was hoping someone could set me in the right direction. After using
Tinc[1] for years I was hitting a major bottleneck as the app is tied
to one proc.
Happily switched to strognSwan -- the performance is vastly better.
What I _do_ like about Tinc that seems to be missing from strongSwan
comes up again? There is no problem with
strongswan in this instance I know...clearly the hotel wireless was
muffed somehow, but it did not appear to be something obvious like a
blocked port. Thank you.
James
___
Users mailing list
Users
Hello,
Hoping someone can point me in the right direction.
Running strongSwan 5.1.3 on Ubuntu 14.10. It appears that while my
tunnels will consistently come up via service strongswan restart, the
iptable rules are sporadically _not_ added to the hosts.
As an example, I've automate the
wait until the exclusive lock
can be obtained.
I've used it, it works. If it still fails then you have a different
problem.
-Bryan
On Wed, Apr 1, 2015 at 1:06 AM, James jamesze...@gmail.com wrote:
Hello,
Hoping someone can point me in the right direction.
Running strongSwan 5.1.3
firewall rule
that will drop the traffic. This is critical in ensuring that services
running on these servers and communicating will not unknowingly send
data in plain text.
Thoughts?
On Wed, Apr 1, 2015 at 6:04 PM, James jamesze...@gmail.com wrote:
Thanks Rajiv.
iptables is open between the hosts
All,
Looking for best practices on the most secure settings that can be used.
I've scoured the net and found very little in terms of which settings
are most secure and in which combination.
I saw a recommendation on a site that recommended the following settings:
conn %default
modify /usr/lib/ipsec/_updown with the --wait
flag and then use firewall=yes, my geeky side would much rather
determine why this is breaking. ;)
Any thoughts / ideas would be greatly appreciated!
On Wed, Apr 1, 2015 at 11:34 AM, James jamesze...@gmail.com wrote:
Thanks Bryan -- I appreciate
All,
Hoping for some clarity to a behavior I've become aware of with strongSwan.
I have 5 hosts that connect to each other. The config stanzas on all
the hosts are practically identical (except for ids and IP addresses)
to each other and appear as follows:
conn dev4-dev3
type=transport
think the original default updown script would work for
most scenarios without any issues
4. If i understand correctly each of the leftfirewall/lefthostaccess and the
updown file is locally relevant to the respective GWs
thanks
rajiv
On Wed, Apr 1, 2015 at 9:04 PM, James jamesze
Andreas - this is tremendously useful. Many thanks for the quick reply!
On Wed, Apr 1, 2015 at 6:49 PM, Andreas Steffen
andreas.stef...@strongswan.org wrote:
Hi James,
here are the default proposals for the ike and esp algorithms
if you don't define them explictly:
carol charon: 04[CFG
Users logged in: 1
Memory usage: 87%IP address for eth0: x.x.x.x
Swap usage: 9% IP address for ppp0: x.x.x.x
Graph this data and manage this system at:
https://landscape.canonical.com/
0 packages can be updated.
0 updates are security updates.
James
again.
James
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
On Mon, 2015-03-02 at 10:53 +0100, Martin Willi wrote:
Hi James,
Here's the log with error...
08[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR) SA TSi
TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) ]
08[NET] sending packet: from server.external.ip[4500
On 2015-03-02 02:53 AM, Martin Willi wrote:
Hi James,
Here's the log with error...
08[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR) SA
TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) ]
08[NET] sending packet: from server.external.ip[4500] to
client.external.ip[15546] (2204
Simple setup...shown below:
Server:
conn rw
leftsubnet=192.168.1.0/24
leftcert=StrongSwanHostCert.pem
right=%any
rightsourceip=192.168.1.11
auto=add
Client
conn rw
leftsourceip=192.168.1.11
leftcert=mycert.pem
right=ext.ip
the associations up full time and ensure
that all sockects between central and each satelite use esp?
I'd also like to make the iptables rules permanent. Can that be done
w/o breaking anything?
Thanks. It has been /many/ years since I last did anything with ipsec.
-JimC
--
James Cloos cl
not clear what makes a GeneralName special from any other string. I
tried various strings, including email address, urls, basic strings, but can't
seem to send an IDi of type ID_DER_ASN1_GN. Is this even possible with
strongswan today? I'm running version 5.0.4.
Thank you for your time,
-James
I am trying to integrate strongswan into another open source UTM called
untangle. http://www.untangle.com
Untangle runs on debian lenny, so I was able to aptitude install
strongswan and it installed along with ipsec-tools. The install did not
prompt me with the blue questions page, but rather
34 matches
Mail list logo
