Hi,
I'm facing the same problem, been resolved by setting rekey=no.
I'm not sure how it works, appreciate if anyone could explain it.
Thank you.
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
Hi,
> Will it require a new kernel ?
No, we usually do not require specific kernel versions, but you'll
benefit from improvements done there.
> it seems some patchs was pushed to kernel dev (already applied ?)
Yes, we have pushed some patches upstream recently. Most of them are
gone to net-next
Hi Martin,
Thanks. We are all waiting 4.2.10 strongswan version. Will it require a new
kernel ?
Related to some discussions here, it seems some patchs was pushed to kernel
dev (already applied ?)
Hope 2.6.27.9 + strongswan 4.2.10 will be really efficient && reliable.
Steve Rigano
Thanks,
2008/
Hi,
> I'll have a look what's the best approach to implement a fix.
A patch is gone into SVN, see [1]. This should fix a potential DoS
attack scenario on the pool.
However, there is still no guarantee for this uniqueness check. A peer
can still set up multiple IKE_SAs at the same time, but subse
Hi,
> I use the split authentication of ikev2 (client with psk, gateway with
> cert)
Keep in mind to use such a setup only with strong secrets. PSK client
authentication is subject to dictionary attacks, don't use it with
simple passwords.
> in the split modus it is for an attacker also possible