, and use policy
based routing on the hub to handle them in a special way.
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 28.03.2015 um 16:12 schrieb unite:
Hi guys!
Is there a way to configure strongswan
Hi guys!
Is there a way to configure strongswan in a site-to-site hub-and-spoke
topology, so for me to have for example strongswan hub in central office
and having multiple spokes whose traffic between each other should be
routed through the central office? I haven't found a guide on the net,
Hi guys!
Are ipsec update and sending HUP to charon the same actions?
I'm now setting up logging into filelog on strongswan 5.2.1 and noticed
that ipsec update won't rotate file and update logging config and
sending HUP via pkill effectively does.
Have I missed something?
Thanks in
On 2015-03-18 13:21, Tobias Brunner wrote:
Hi,
Are ipsec update and sending HUP to charon the same actions?
No, they are not. `ipsec update` sends a SIGHUP to starter, but
starter
does currently not forward the signal to charon. So as you noticed,
the
latter has to be done manually.
On 2015-03-11 10:35, Martin Willi wrote:
Hi,
Is it essential for both nodes to receive all the ESP packets?
Yes.
Cannot be ESP sequence numbers synchronized through the HA plugin?
No, this is not how the HA plugin works. ESP sequence numbers move very
fast, making a synchronization in
On 2015-03-11 11:21, Fred wrote:
On 10/03/2015 22:49, Aaron Roquena wrote:
My point to point VPN suddenly stopped pushing packets through the VPN
from other servers on the LAN. I can telnet to the other side from the
strongswan server, but the web servers can't.
A diagram would help but if
Hi guys!
I'm trying to make HA setup work but face some problems during testing
(both HA nodes - I'll call them local side - run strongswan 5.2.1
install from wheezy-backports on debian 7.8). I'm using HA in
active/standby mode. IPs from which the tunnel is initiated are bound to
virtual
On 2015-02-26 12:43, unite wrote:
On 2015-02-23 22:37, Noel Kuntze wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello Aleksey,
Check if you have the ha module by looking at the contents of the
/usr/lib/ipsec/plugins/ directory.
A file called libstrongswan-ha.so must
Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 23.02.2015 um 15:21 schrieb unite:
So, i still can't get HA plugin working. It doesn't seem to appear in
the list of loaded plugins and it doesn't synchronize SA state between
the nodes. I haven't
On 2015-02-23 09:43, unite wrote:
On 2015-02-22 15:29, Noel Kuntze wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello Michael,
I know that.
However, even with statically setting the MAC address to the ports the
hosts are on,
it did not forward the ethernet frames to those ports
unite:
Hi guys!
I have a couple of questions regarding stronswan HA configuration.
I have the following topology:
I have two debain wheezy nodes running the 5.2.1 strongswan installed
from backports and 3.16 kernel also installed from wheezy backports.
Here is the part of ipsec statusall ouput
On 2015-02-22 15:29, Noel Kuntze wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello Michael,
I know that.
However, even with statically setting the MAC address to the ports the
hosts are on,
it did not forward the ethernet frames to those ports.
Mit freundlichen Grüßen/Regards,
Noel
Hi guys!
I have a couple of questions regarding stronswan HA configuration.
I have the following topology:
I have two debain wheezy nodes running the 5.2.1 strongswan installed
from backports and 3.16 kernel also installed from wheezy backports.
Here is the part of ipsec statusall ouput:
13 matches
Mail list logo