[strongSwan] Configuration Payload for IP Address Assignment Error Cases

2012-06-26 Thread Pisano, Stephen G (Stephen)
Hi: Considering use cases where a strongSwan client is talking to a non-strongSwan-based SeGW, I wonder how a strongSwan client responds in the following situations: 1. the SeGW replies with an configuration payload reply containing and empty address (length = 0) 2. the SeGW replies with an

Re: [strongSwan] Configuration Payload for IP Address Assignment Error Cases

2012-06-26 Thread Pisano, Stephen G (Stephen)
, if the SeGW can not fulfill the client's request for an IP address assignment. -Original Message- From: Martin Willi [mailto:mar...@strongswan.org] Sent: Tuesday, June 26, 2012 12:04 PM To: Pisano, Stephen G (Stephen) Cc: users@lists.strongswan.org Subject: Re: [strongSwan

Re: [strongSwan] Acquiring a DNS server address through config payload

2012-06-20 Thread Pisano, Stephen G (Stephen)
on it? Regards, Stephen -Original Message- From: Martin Willi [mailto:mar...@strongswan.org] Sent: Wednesday, June 20, 2012 3:47 AM To: Pisano, Stephen G (Stephen) Cc: users@lists.strongswan.org Subject: Re: [strongSwan] Acquiring a DNS server address through config payload Hello Stephen, so I

[strongSwan] virtual IP request with IPv6 in IPv4 use case

2012-06-19 Thread Pisano, Stephen G (Stephen)
Hi: How can I control the virtual IP version (i.e., v4 vs. v6) requested when using 'leftsourceip=%config'? I am assuming that the code looks at the IP version of the outer tunnel address and requests the same version type (just my guess), but the specific use case of interest is IPv6 traffic

Re: [strongSwan] How to ignore incoming IKE_SA_INIT to StrongSwan system

2011-05-24 Thread Pisano, Stephen G (Stephen)
Any suggestions on ways to configure strongSwan to allow it to be the initiator but not the responder? Thanks, Stephen From: users-bounces+stephen.pisano=alcatel-lucent@lists.strongswan.org

Re: [strongSwan] IKE_SA gets deleted with no recovery after NTP update

2011-03-16 Thread Pisano, Stephen G (Stephen)
Hi Martin: Thanks. It seems like we don't have the version with the monotonic time (4.3.3 vs. 4.3.5). Do you recall if it is a small change (i.e., easy for us to patch into 4.3.3)? If you have a proper rekey configuration and use a monotonic time source, the soft lifetime will rekey the SA

Re: [strongSwan] IKE_SA gets deleted with no recovery after NTP update

2011-03-15 Thread Pisano, Stephen G (Stephen)
...@strongswan.org] Sent: Friday, March 11, 2011 6:29 AM To: Pisano, Stephen G (Stephen) Cc: Torres, Eduardo M (Eduardo); users@lists.strongswan.org Subject: RE: [strongSwan] IKE_SA gets deleted with no recovery after NTP update Further, I assumed regardless of what happens (short of something catastrophic

Re: [strongSwan] IKE_SA gets deleted with no recovery after NTP update

2011-03-11 Thread Pisano, Stephen G (Stephen)
Hi Martin: Thanks. Eduardo will follow-up on the monotonic time source lead you provided, but I have a question regarding your second comment. We thought it was possible (and we think we have it configured this way) to have strongSwan try to establish its connections forever. I assumed