Hi,
> Can it be said that each strongSwan "conn" definition always results
> in at least one kernel SA pair?
Yes.
> wondering if there is ever a case where strongSwan uses this technique
> of mapping multiple kernel policies to the same kernel SA pair when
> the kernel polices are the result o
Just to followup. I have now uninstalled the installed version of strongswan
that was from apt-get. I have downloaded the latest versio (4.3.5) and compiled
that myself.
This is now the error I am getting on the mobile node:
05[CFG] received stroke: add connection 'mh'05[CFG] left nor right
Hi everyone,
I am currently setting up a mobile ipv6 testbench. I have succesfully
demonstated binding updates and acknowledgements without any IPSec. Currently,
I am trying to get IPSec to work.I am following the configuration here:
http://wiki.strongswan.org/wiki/1/MobileIPv6 and am using s
Thanks Martin.
Can it be said that each strongSwan "conn" definition always results in at
least one kernel SA pair?
I am wondering if there is ever a case where strongSwan uses this technique of
mapping multiple kernel policies to the same kernel SA pair when the kernel
polices are the resul
Hi Christophe,
> If an IKEv2 negotiation fails due to a timeout (typically during the
> IKE_AUTH exchange) after a successful IKE_SA_INIT exchange [...]
> The SA will remain in a zombie state, even a later acquire message will
> not enable to leave this lock up situation.
I agree, this is a cas
Hi Graham,
> Is there any way to configure strongSwan to go straight to using port 4500
> (or, try port 500 and then try port 4500) ?
No, there is currently no such configure option.
> Or is it hack-the-code time ?
Probably yes. Changing the IKEV2_UDP_PORT definition in
src/charon/daemon.h shou
Dear All,
We're happily using strongSwan 4.3.5+, but we've come up against a situation
where the route between us and the Security-Gateway has a firewall which is
configured to open port 4500 only and to NOT open port 500.
Is there any way to configure strongSwan to go straight to using port 4500
strongSwan's ipsec script is usually located either in
/usr/sbin/ipsec
or
/usr/local/sbin/ipsec
Best regards
Andreas
Xia Weizhong wrote:
> Hi Andreas
>
> Thanks for all the support so far.
>
> I am trying to duplicate the uml test in a native environment, then I
> tried to manually star
Hi Andreas
Thanks for all the support so far.
I am trying to duplicate the uml test in a native environment, then I tried
to manually start up ipsec on the road warrior, by
/etc/init.d/ipsec start
/etc/init.d/ipsec up home
then ipsec reports "up" is not supported.
Where am I doing wrong?
thank