Noel
Thanks it works like a charm
Sent from Mobile
On 2014年12月19日, at 08:49, Eric Y. Zhang debian...@gmail.com wrote:
hi Noel
Thanks for responding.based on my understanding, 0.0.0.0/0--0.0.0.0 will pass
all traffic to ipsec tunnel.
there is no more steps after setting mark for those
I have a clue. If I add the following iptables rule :
bob@hostB:~# sudo iptables -t mangle -A PREROUTING -p esp -s
192.168.42.32 -d 192.168.42.12 -j MARK --set-mark 15
I can see the ICMP packet but no answer from the loopback...
root@hostB:~# tcpdump -nni eth0 esp or icmp
tcpdump: verbose
Dear All,
Please let us know if Strongswan Android play store app uses which of the
following plugins
for socket writing.
socket_default_plugin or socket_dynamic_plugin.
I was trying to understand the data path and ran into this issue where
there were two plugins to write information out.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello Zesen,
You do not need a virtual IP. Route 10.0.0.0/0 == 0.0.0.0/0 throught the tunnel
and use a passthrough policy of 10.0.0.0/0 == 10.0.0.0/0 to allow local traffic.
Make the hosts in the LAN use your old notebook as gateway for the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello MK,
Please enable CISCO UNITY and ommit leftsubnet. If you use virtual IPs, those
should be
included in the traffic selector. leftsubnet defaults to %dynamic.
%dynamic is replaced dynamically by either the received virtual IP or the
the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello Xin,
You need to configure your firewall to allow UDP ports 500 and 4500 through, as
well as the esp and ah protocols.
StrongSwan does not send such ICMP messages to initiators.
Mit freundlichen Grüßen/Regards,
Noel Kuntze
GPG Key ID:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello Ravi
The socket-dynamic plugin enables strongSwan to listen on an arbitrary port and
not on udp ports 500 and 4500.
That enables you to avoid having to use SNAT to masquerade IPsec traffic in
cases the ports 500 and 4500 are blocked
on a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello Jeremie,
Please read the thread at [1].
VTI tunnels have been discussed in great detail just a couple of days ago and
made working.
[1] https://lists.strongswan.org/pipermail/users/2014-December/007108.html
Mit freundlichen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello Vey,
That is a known issue. As work around, I advise to use auto=route and dpd to
restart connections. Use dpdaction=restart on one side and dpdaction=clear on
the other side.
Having dpdaction=restart on both sides will break the tunnel and
How can I use RSA authentication with X.509 certificates to setup ip tunnel
between my PPPoE to VPS (which has fix IP)?
Thanks
Eric
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
Hello.
I have Strongswan running on a Debian 3.2.0-4.
Server setup:
eth0 with a local IP (192.168.1.12) and router gateway 192.168.1.1
(different Internet from eth1)
eth1 is connected directly to the outside (not the .1.1 router) with a
static public ip (for example, 63.12.1.34 – different
11 matches
Mail list logo