Hi Andreas Schuldei,
Andreas Schuldei wrote:
On Sat, Dec 26, 2009 at 5:11 PM, Daniel Mentz
danielml+mailinglists.strongs...@sent.com wrote:
Hi Andreas Schuldei,
I guess that IKE traffic on port 500 is never protected by ESP because it
has its own protection which is the IKE SA. So don't
Daniel, thank you VERY much!
when would be a good time to run those commands? are there hooks in
strongswan to call a script containing those commands? or are there
scripts on the system already where i can add these commands?
On Mon, Dec 28, 2009 at 3:05 PM, Daniel Mentz
On Mon, Dec 28, 2009 at 11:16 PM, Andreas Schuldei
schuldei+strongs...@spotify.com wrote:
Daniel, thank you VERY much!
when would be a good time to run those commands? are there hooks in
strongswan to call a script containing those commands? or are there
scripts on the system already where i
ABULIUS, MUGUR (MUGUR) wrote:
Andreas, Thank you again for responding.
Indeed, the explanation concerning asymmetry for leftprotoport= and
rightprotoportin= is quite simple.
Do you confirm that calling: ipsec up net-net on the 'net-net'
connection from your example will create IPsec SAs
, Stephen G (Stephen); ROSSI, MICHEL MR
(MICHEL); SCARAZZINI, FABRICE (FABRICE)
Subject: Re: [strongSwan] Several TS on a same connection
ABULIUS, MUGUR (MUGUR) wrote:
Andreas, Thank you again for responding.
Indeed, the explanation concerning asymmetry for leftprotoport
(FABRICE)
Subject: Re: [strongSwan] Several TS on a same connection
Hello Mugur,
currently the Linux kernel copies the TOS field from the encapsulated IP
packets into the IP header of the ESP packet.
Thus routers can treat the QoS classes differently. Problems may arise in the
presence
@lists.strongswan.org; Pisano, Stephen G (Stephen); ROSSI, MICHEL
MR (MICHEL); SCARAZZINI, FABRICE (FABRICE)
Subject: Re: [strongSwan] Several TS on a same connection
Hello Mugur,
currently the Linux kernel copies the TOS field from the encapsulated IP
packets into the IP header of the ESP
Hello,
I looked to strongSwan connection parameters
(http://wiki.strongswan.org/wiki/1/ConnSection) and I am not sure how to define
several tunnels between the same endpoints, each tunnel with several traffic
selectors.
In my understanding an independent tunnel is defined by a conn name
Hello Mugur,
it does not matter if you define each tunnel between two
peers independently or if you use conn %default or an also=
construct to save typing work. All tunnels, i.e. a definition
of traffic selectors are grouped under the same IKE_SA
which is going to be established between the two
@lists.strongswan.org
Subject: Re: [strongSwan] Several TS on a same connection
Hello Mugur,
it does not matter if you define each tunnel between two peers independently or
if you use conn %default or an also= construct to save typing work. All
tunnels, i.e. a definition of traffic selectors are grouped under
Hi Andreas Schuldei,
I guess that IKE traffic on port 500 is never protected by ESP because
it has its own protection which is the IKE SA. So don't worry about IKE
traffic.
Regarding ssh I do understand the problem. What you might want to try
out is a passthrough setup like the one described
-Original Message- From: Andreas Steffen
[mailto:andreas.stef...@strongswan.org] Sent: samedi 26 décembre 2009
14:48 To: ABULIUS, MUGUR (MUGUR) Cc: users@lists.strongswan.org
Subject: Re: [strongSwan] Several TS on a same connection
Hello Mugur,
it does not matter if you define each
); ABULIUS, MUGUR (MUGUR)
Subject: RE: [strongSwan] Several TS on a same connection
Andreas, Thank you again for responding.
Indeed, the explanation concerning asymmetry for leftprotoport= and
rightprotoportin= is quite simple.
Do you confirm that calling: ipsec up net-net on the 'net-net' connection
Hello Mugur,
currently the Linux kernel copies the TOS field from the
encapsulated IP packets into the IP header of the ESP packet.
Thus routers can treat the QoS classes differently. Problems
may arise in the presence of large congestion where ESP packets
with low QoS priority are delayed more
, MUGUR (MUGUR)
Cc: users@lists.strongswan.org; Pisano, Stephen G (Stephen); ROSSI, MICHEL MR
(MICHEL); SCARAZZINI, FABRICE (FABRICE)
Subject: Re: [strongSwan] Several TS on a same connection
Hello Mugur,
currently the Linux kernel copies the TOS field from the encapsulated IP
packets into the IP
15 matches
Mail list logo
