Dear Strongswan List,
I've installed strongswan with Homebrew and it seems to be working fine
with IPv4, however I receive a coredump when I try to set up an IPv6
session. Is this a known issue ?
IKE_SA restena6[2] established between 2001:a18:1:10::3[C=LU,
L=Esch-sur-Alzette, O=Fondation
Hi Victor,
> I'd like to understand why.
Then read the log. What's definitely missing from your config is
`keyingtries=%forever`. And there could have been a fatal error, after
which no further attempts will be made at all. Also, using `auto=route`
(with `dpdaction=clear`) would also recreate
Hi Claude,
> Is this a known issue ?
Yes, see [1].
Regards,
Tobias
[1] https://wiki.strongswan.org/issues/974
Hi Tobias,
Sorry, I missed that one. Thanks for the info.
kind regards,
Claude
On 06/03/2020 11:21, Tobias Brunner wrote:
> Hi Claude,
>
>> Is this a known issue ?
> Yes, see [1].
>
> Regards,
> Tobias
>
> [1] https://wiki.strongswan.org/issues/974
--
Claude Tompers
Network and systems
Hi Victor,
> That could be the case, thanks for the hint. Strongswan could have made 3
> attempts after detecing a dead peer and given up, is that what you
> imply?
Yes.
> What's the timeout between keyingtries?
No timeout between them, regular retransmission timeouts apply for each
attempt.
Tobias Brunner wrote:
>
> > That could be the case, thanks for the hint. Strongswan could have made 3
> > attempts after detecing a dead peer and given up, is that what you
> > imply?
>
> Yes.
>
> > What's the timeout between keyingtries?
>
> No timeout between them, regular retransmission
Tobias Brunner wrote:
>
> > I'd like to understand why.
>
> Then read the log. What's definitely missing from your config is
> `keyingtries=%forever`.
That could be the case, thanks for the hint. Strongswan could have made 3
attempts after detecing a dead peer and given up, is that what you
Hello,
I'm trying to implement password based VPN for multiple users. The idea is
to provide users with server address, remote id, (probably) local id, and
username and password. So server will have list of users auth data. I use
MacOS's default client from System Preferences.
If left side is my
I use the following with the OS X client :
keyexchange=ikev2
# left - server configuration
left=%any
leftsubnet=0.0.0.0/0 # all client traffic is redirected through vpn
gateway
leftauth=pubkey
leftcert=cert.pem
leftsendcert=always
Hi Felipe,
> I see that the first packet in matching
> traffic is always lost: in a ping session, packet with seq=1 never makes
> it to the other side, only from seq=2 onwards.
>
> Why does this happen?
It's a known property of the Linux kernel. Packets, in particular the
triggering one, are
On 06.03.20 15:58, Tobias Brunner wrote:
> Hi Felipe,
>
>> I see that the first packet in matching
>> traffic is always lost: in a ping session, packet with seq=1 never makes
>> it to the other side, only from seq=2 onwards.
>>
>> Why does this happen?
> It's a known property of the Linux kernel.
Hi,
I have a related question with that.
with auto=route and action=trap I see that the first packet in matching
traffic is always lost: in a ping session, packet with seq=1 never makes it
to the other side, only from seq=2 onwards.
Why does this happen? and is there a way to avoid it? I'm
Hello,
I managed to establish BGP connection from Strongswan box to AWS VPC. I can
ping internal interfaces from AWS to that Linux box, even the traffic
passes through that box successfully encrypted/decrypted. The only thing i
can't make work right now is the ping from Strongswan box to Amazon
Hi,
I have noticed a strange problem and has no idea what's going on. Here is
the problem: lets say I connect to a strongswan-based vpn server from my
android phone before bedtime, and then in the morning my phone shows that
vpn is still connected but all my apps say there is no network
14 matches
Mail list logo