On 18-11-2015 18:50, Andreas Hofmeister wrote:
You probably need the linux kernel header files (for "linux/if_link.h"
and "linux/neighbour.h"). See
https://wiki.centos.org/HowTos/I_need_the_Kernel_Source
Thanks, but I have the kernel-headers and kernel-xen-devel (as I'm
building inside a Xen
Just to add that I have successfully built all recent strongSwan
versions up to 5.3.2 in the same environment without problems.
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
When buidling strongSwan 5.3.4 on CentOS 5.11 it exits with:
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../../../..
-I../../../../src/include -I../../../../src/libstrongswan
-I../../../../src/libhydra -DROUTING_TABLE=220 -DROUTING_TABLE_PRIO=220
-rdynamic -g -O2 -Wall -Wno-format
I'm getting duplicate SAs:
Routed Connections:
nyc{1}: ROUTED, TUNNEL, reqid 1
nyc{1}: 10.71.4.0/24 === 172.30.98.0/25
Security Associations (1 up, 0 connecting):
nyc[23]: ESTABLISHED 25 minutes ago,
47.11.120.10[par.xyz.com]...32.254.201.10[nyc.xyz.com]
nyc{203}: INSTALLED, TUNNEL,
I'm trying to restrict the traffic selector to GRE/BGP:
rightsubnet=%dynamic[gre/bgp]
auto=route
But GRE-encapsulated BGP traffic doesn't go through.
However, if I change the TS to:
rightsubnet=%dynamic[gre]
auto=route
BGP (and other GRE-encapsulated traffic)
Cheers. It worked beautifully.
Tiago
On 17-04-2015 08:27, Martin Willi wrote:
Hi,
Does %dynamic work in net2net? Or only in road-warrior scenarios?
If any has been negotiated, %dynamic resolves to the virtual IP for that
endpoint. If not, it resolves to the IKE endpoint address. It can
My understanding is that only traffic towards the subnets declared in:
rightsubnet
is tunnelled and, therefore, encrypted. Whereas traffic towards the IP
address of the remote gateway declared in:
right
is routed outside of the tunnel.
Example:
Gateway Sun address (WAN-facing):
strongSwan 5.1.3 peers, I get dpd actions, if
there is no IPsec traffic between the two hosts for the set time frame.
Regards,
Noel Kuntze
GPG Key id: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 23.04.2014 18:24, schrieb Tiago Vasconcelos:
Hi Noel
That's exactly what I
I've enabled dpd by adding the following lines to the conn %default
section of ipsec.conf:
dpdaction=restart
dpddelay=10
Judging from the output of 'ipsec statusall' I presume dpd is set:
ut01: child: 10.12.0.0/15 === 10.14.0.0/15 TUNNEL, dpdaction=restart
But in the logs,
to log level 1.
Regards,
Noel kuntze
GPG Key id: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 23.04.2014 17:12, schrieb Tiago Vasconcelos:
I've enabled dpd by adding the following lines to the conn %default section of
ipsec.conf:
dpdaction=restart
Thank you for the tips, Andreas and Martin. Unfortunately, I'm still
struggling with the same problem. 'reauth=no' didn't help, BTW.
In my ipsec.conf I have currently:
conn win7
ike=aes256-sha1-modp1024!
esp=aes256-sha1!
dpddelay=300s
More accurately, the clients loose connection every 266 minutes.
Tiago
On 26/11/12 17:37, Tiago Vasconcelos wrote:
I have strongSwan 4.6.4 running on a RHEL 5.
Some of the users complain the connection drops after approximately 240
minutes. These users happen to be on Windows 7.
Does
I have strongSwan 4.6.4 running on a RHEL 5.
Some of the users complain the connection drops after approximately 240
minutes. These users happen to be on Windows 7.
Does anyone know why this is happening? Who is forcing the disconnect:
the server or the client?
Tiago
13 matches
Mail list logo