i run xl2tpd -D on server side, after i am connected to xl2tpd server, i
can download using vpn for about 2 minutes, but after that , i cannot
download anything using vpn anymore, but the vpn is still connected, why?
and the following is what output by xl2tpd daemon? what it tells? which
staff coul
Hi Jacques,
However, I would need to be able to use the old certificates I have. Is
there still any way to use them ?
Do I have to convert unicode to binary to have something like
leftid=asn1dn:#0a010110101...
Moreover the sharp sign seems to be interpreted as commentary in bash,
how am I s
I have a strange problem, the windows computer errors out fast saying
"Authentication details for IKE is not being accepted" (translated from
Swedish...), but strongswan says (ipsec status) that the connection is
established...
I just don't understand...
ipsec.conf
conn ikev2
left=%default
Indeed, the certificates were not created with the option -utf8 so by
default the fields are interpreted as ASCII.
I tried to create a certificate with this option and it now works well.
However, I would need to be able to use the old certificates I have. Is
there still any way to use them ?
I t
> As per the implementation, an SPD entry would contain the destination
> IP as selector field and uses the same as a key to search the SPD
> table.
I don't think this will work; The remote selector does not have to be
unique per CHILD_SA/policy. Having multiple CHILD_SAs having the same
remote s
Hi Martin,Thank youfor this information. We have modifiedthe strongswan (5.2.2)
code to bypass the strongSwan's IPsec Linux kernelinterface. We do have on our
own SPD and SAD table. As per the implementation,an SPD entry would contain the
destination IP as selector field and uses thesame as a ke
Hello,
I just wondered what statistics are available on bandwidth usage per conn? I
know that I can get information per SA using "ip -s xfrm state" and "ipsec
statusall" but that information appears to be specific to the SA and these
counters are reset when the phase 2 tunnel is rekeyed.
Is
Hi Florin,
We also use Strongswan to connect to our AWS environments. We run it on
CentOS6. Whenever we tried CentOS7 we consistently lost around 3% of the
packets. I've got a case open with AWS and they've been pretty stumped so far
but are continuing to work with me on it and are being prett
Hi,
> all CHILD SAs will have the same traffic selector (i.e., 40.0.0.1/8)
> on responder side, as proposed by initiator. Is there any way to
> specify/configure different initiator_tsr for each initiator?
Currently all initiators use the same subnet as defined with
initiator_tsr. So no, there is