Hi ,
I am going through the source code of strongswan and finding it difficult to
understand because it uses an object oriented programming style in C. How to
find the data flow in the source code?How to find the relationship between
functions? How to find what functions call a specific
Hi All,
We are using two Multi-Core MIPS 64 bit Processors. (One acts
as an IKE initiator and another as an IKE responder). We are running strongswan
in both systems. Both the systems have 1Gbps Ethernet cards, which are
connected to 1 Gbps L2 switch. The Linux OS runs on all these cores. We have
for your support and help.
Regards,
Chinmaya
From: Martin Willi mar...@strongswan.org
To: Chinmaya Dwibedy ckdwib...@yahoo.com
Cc: users@lists.strongswan.org users@lists.strongswan.org
Sent: Wednesday, August 7, 2013 12:39 PM
Subject: Re: [strongSwan] IPsec
.
Regards,
Chinmaya
From: Martin Willi mar...@strongswan.org
To: Chinmaya Dwibedy ckdwib...@yahoo.com
Cc: users@lists.strongswan.org users@lists.strongswan.org
Sent: Thursday, August 8, 2013 1:47 PM
Subject: Re: [strongSwan] IPsec/IKEv2 tunnels scalability issue
Hi ,
I changed the “/proc/sys/net/core/xfrm_acq_expires” from 165
to 1000 seconds. What I understand, if an IKEv2 negotiation fails due to a
timeout (during the IKE_AUTH exchange) after a successful IKE_SA_INIT exchange,
then after the timeout (165s by default), charon will retry a new negotiation
Hi ,
I am using load-tester plugin to create one thousands of IPsec
connections/tunnels. In our scenario two security gateways A (IKE initiator)
and B (IKE responder) will connect the two subnets X and Y with each other
through a VPN tunnel set up between the two gateways. I found, each IKE
side to subnet 10.* host address range (10.0.0.1 -
10.255.255.254) on the initiator's side using load-tester plugin (strongswan
5.0.4)?.
Regards,
Chinmaya
From: Martin Willi mar...@strongswan.org
To: Chinmaya Dwibedy ckdwib...@yahoo.com
Cc: users
Hi,
I am using Load-tester plug-in (strongswan 5.0.4) to setup
multiple IPSec tunnels. Is there any option available to configure the
different proposal for different IPsec tunnels at the initiator host (in its
strongswan.conf file) and responder host (in its ipsec.conf file)?
In addition, is
Hi All,
What I understand, the libhydra library contains daemon-specific code and
plugins
used by the Charon daemon. The kernel_ipsec_t structure is an interface to the
ipsec subsystem of the kernel. This interface handles the communication with
the kernel for SA and policy management e.g. adds
= no
}
ipsec.secrets
@srv.strongswan.org %any : PSK
strongSwan
Regards,
Chinmaya
From: Martin Willi mar...@strongswan.org
To: Chinmaya Dwibedy ckdwib...@yahoo.com
Cc: users@lists.strongswan.org users@lists.strongswan.org
Sent: Thursday, September 19, 2013 4:56 PM
the real
cause?
Thanks in advance for your help and suggestions.
Regards,
Chinmaya
From: Martin Willi mar...@strongswan.org
To: Chinmaya Dwibedy ckdwib...@yahoo.com
Cc: users@lists.strongswan.org users@lists.strongswan.org
Sent: Wednesday, September 25, 2013 1:10 PM
Hi Martin
I think, my email missed your kind attention. I
am stuck to move forward. Can you please guide me to proceed further? Thanks a
lot in advance for your suggestion.
Regards,
Chinmaya
On Friday, October 4, 2013 12:26 PM, Chinmaya Dwibedy ckdwib...@yahoo.com
wrote:
Hi Martin,
I did
Hi,
As a part of debugging session, I turned on --enable-lock-profiler option to
know the cumulative time waited in each lock during daemon shutdown during
shutdown with 1000 IPsec Security Associations. But I find, the Charon IKEv2
daemon (at IKE initiator end ) is getting crashed. Here goes
Hi,
I am doing scalability/load testing using 5.0.4 strongswan and load-tester
plugin. I am debugging to figure out the potential bottleneck in high loads
(25-30k IPsec connections). I find that, at IKE initiator ends, most of the
threads are blocked forever in pthread_cond_timedwait (). Here
Hi,
We are using two Multi-Core MIPS64 Processors with 16 cnMIPS64 v2 cores (one
acts as an IKE initiator and another as an IKE responder). We are running
strongswan in both systems. Both the systems have 1Gbps Ethernet cards, which
are connected to 1 Gbps L2 switch. The Wind River Linux runs
Thank you Martin for your valuable and prompt response.
On Mon, 11/18/13, Martin Willi mar...@strongswan.org wrote:
Subject: Re: [strongSwan] Query on multiple instances of Charon daemon
To: Chinmaya Dwibedy ckdwib...@yahoo.com
Cc: users
Hi,
I am using the load tester plugin (strongswan 5.0.4) to create 20K IPsec
tunnels (without data traffic). I have disabled the logging and used
pre-shared key authentication mechanism. What I understand, tunnel setup rate
depends on how fast Diffie-Hellman exchange can be done and the group
Hi,
With --enable-lock-profiler option, run with (#ipsec start --nofork) 100 IPsec
tunnels without data traffic. Please note that, I have configured initiators
and iterations to 10 in load-tester section of strongswan.config. I have
disabled the logging and used pre-shared key authentication
Hi,
Does strongswan (5.0.4) support hardware encryption in userland (for IKE)? If
yes, what are the changes to be done to use the same?
Regards,
Chinmaya
___
Users mailing list
Users@lists.strongswan.org
Hi,
The Diffe Hellman
exchange consists of CPU-intensive operations like key-pair generation and
shared-secret generation. Does strongswan (5.0.4) have any options to cache
and reuse the diffie-hellman keys for enhanced IKE setup rate?
Thanks in advance for your support and help.
Regards,
Hi All,
I am using the load tester plugin (strongswan 5.0.4) to create
thousands of IPsec tunnels. I find, the tunnel setup rate is to be 125-130
tunnels per second. To use the ECDH (foe enhanced setup rate), I built the
strongswan with. /configure --prefix /usr --sysconfdir=/etc --enable-openssl
Thanks Martin for your prompt response. Let me follow up your suggestions and
try again.
On Friday, January 17, 2014 3:51 PM, Martin Willi mar...@strongswan.org wrote:
Hi,
Similarly checked the SSL ciphers supported via OpenSSL ciphers
command but did not find the elliptic curve
strongswan(5.0.4)'s load tester plugin. I am using Fedora
Linux (kernel version: 2.6.33.3-85.fc13.i686). Please
suggest if I am wrong or missing something. Thanks in advance for your support
and response.
Regards,
Chinmaya
On Friday, January 17, 2014 3:55 PM, Chinmaya Dwibedy ckdwib...@yahoo.com
Hi,
I am getting the following issue i.e., [LIB] plugin 'openssl' failed to load
/home/ChinmayaD/lib/IPsec/plugins/libstrongswan-openssl.so: cannot restore
segment prot after reloc: Permission denied.
During build, I have used the ./configure --prefix=/usr --sysconfdir=/etc/
Hi,
I am cross-compiling strongswan (5.0.4) for Octeon without any
issue. However the openssl plugin is activated with the following compilation
option
./configure --enable-openssl –disable-gmp
I get the following error in config.log.
Hi Martin,
I build the OpenSSL 1.0.0 with ECDH support and
strongswan(5.0.4) with –enable-openssl and –enable-load-tester plugin support.
I installed both the packages in Wind River
Linux. However still strongwan complains
that configured DH group ECP_224 not supported.
00[CFG] loaded IKE
Hi Martin,
Thanks for your response. I would like to clarify that, I had
cross compiled the strongSwan with openssl plugin against the new OpenSSL
headers. Also I have given the appropriate path (in CFLAGS) to include the
correct opensslconf.h. If I do #ipsec
listalgs | grep MODP, it gives the
Hi,
The Diffe Hellman exchange consists of CPU-intensive
operations like key-pair generation and shared-secret generation. The Octeon
Core Crypto Library provides API's on Octeon for Crypto acceleration. The
following functions (provided by the Cavium) to perform the Diffie-Hellman
Operations,
Hi ,
To use ECDH I did the followings for Multi-Core MIPS64 processor
target
1. Cross-compiled OpenSSL 1.0.0 with ECDH support.
2. Cross-compiled strongswan (5.0.4) with
–enable-openssl,--enable-load-tester --disable-gmp plugins.
Notes:
1. The openssl-1.0.0 with the
clarify whether it is a bug or I have missed something?
Regards,
Chinmaya
On Thursday, January 30, 2014 2:29 PM, Chinmaya Dwibedy ckdwib...@yahoo.com
wrote:
Hi ,
To use ECDH I did the followings for Multi-Core MIPS64 processor
target
1. Cross-compiled OpenSSL 1.0.0 with ECDH
Thank you very much Tobias for your valuable suggestion and prompt response.
On Thursday, January 30, 2014 7:01 PM, Tobias Brunner tob...@strongswan.org
wrote:
Hi Chinmaya,
Program terminated with signal 6, Aborted.
#0 0x00555abfbda0 in raise () from /lib64/libc.so.6
(gdb) bt
Hi,
To use ECDH (for enhanced setup rate), I did the followings
for Multi-Core MIPS64 processor target
1.
Cross-compiled OpenSSL 1.0.0 with ECDH support.
2.
Cross-compiled strongswan (5.0.4) with –enable-openssl,--enable-load-tester
--disable-gmp
plugins.
I installed both
Hi All,
I have modified the strongswan (5.0.4) code so as to use the
Octeon Core Crypto Library for DH operation and leverage the benefit of Crypto
acceleration. I have implemented the
diffie_hellman_t interface for DH backend. Upon running, giving the following
error message in console i.e.,
Hi,
I modified the strongswan (5.0.4) code to write a new DH
backend i.e., implemented the diffie_hellman_t interface so as to use Octeon
Core Crypto Library APIs. Run with 100k IPsec tunnels with DH group 1
(Encryption algo: AES and integrity algorithm: SHA1) and found the tunnel setup
rate
Hi,
Changed the
strongswan (5.0.4) code to implement the diffie_hellman_t interface in order
to use Octeon Core Crypto
Library APIs. Run the IPsec scenario in
high loads with DH group 1 (Encryption algo: AES and integrity algorithm: SHA1)
in Windriver Linux (on Octeon platform) and found
On Wednesday, February 19, 2014 4:42 PM, Chinmaya Dwibedy ckdwib...@yahoo.com
wrote:
Hi Martin,
Hope this email of mine finds you in best of your health and spirit. I request
your goodness to go thru the below email and provide your valuable feedback if
possible.
Thanking you in advance
Hi,
The ref_put()/ref_get() are defined as macros if atomic instructions are
supported. Will it improve the performance over the mutex verstion if gcc
compiler and platform supports __sync_fetch_and_add()/__sync_sub_and_fetch()?
Regards,
Chinmaya
Hi ,
I am using the modpnull Diffie-Hellman gr to avoid the DH calculation overhead
(strongswan-5.0.4). But it is unable to establish the security association.
Here goes the logs at IKE responder end. Can anyone please suggest what is the
wrong?
11[CFG] received stroke: add connection
Hi All,
I modified the strongswan (5.0.4) code to write a new DH using
Octeon Core Crypto Library APIs. Run
with 200k IPsec tunnels with DH group 1 (Encryption algo: AES and integrity
algorithm: SHA1) and found the tunnel setup rate to be 175-180 per second
(approximately).
Note that, with gmp
Hi,
Can anyone please respond to this email ? Thanks in advance for your support
and help.
Regards,
Chinmaya
On Tuesday, March 4, 2014 4:53 PM, Chinmaya Dwibedy ckdwib...@yahoo.com wrote:
Hi All,
I modified the strongswan (5.0.4) code to write a new DH using
Octeon Core Crypto Library
Hi All,
I am using the load
tester plugin of strongswan (5.0.4) and running with 200k IPsec tunnels (DH
group 1, Encryption algo: AES and integrity algorithm: SHA1). I am getting the
following issue i.e. I find the setup rate to be 200+ till 190k IPsec tunnels
but
thereafter it drops to 100. In
Hi All,
I am running with 200k IPsec tunnels. Although it can bring
up all those tunnels successfully, I find, there are lots of retransmissions in
charon.log.
Jan 1 00:10:29 56[IKE] retransmit 1 of request with message
ID 0 (IKE Initiator)
Jan 1 00:10:45 49[IKE] received retransmit of request
Hi All,
I am doing scalability/load test (250k IPsec tunnels) using
load tester plugin strong swan 5.0.4).
I have configured the number of threads to 32 at both the ends
(IKE responder and IKE Initiator). At IKE Initiator end, if I increase the
sender threads (i.e., initiators in load-tester
Hi,
The struct receiver_t receives packets from the socket, performs
light-weight parsing and adds them to the job queue. The receiver starts a
thread, which reads on the blocking socket. A received packet is preparsed and
a process_message_job is queued in the job queue. The processor picks a
Hi Martin,
Thanks a lot Martin for your prompt response and valuable
suggestion as well.
I have configured the number of threads to 32 at both
the ends (IKE responder and IKE Initiator). At IKE Initiator end, if I increase
the sender threads (i.e., initiators in load-tester section) from 5
Hi Martin/All,
I could able to achieve the IKE setup rate 400+ with 250k IPsec tunnels
(Encryption algo: AES, DH group 1 and integrity algorithm: SHA1). There are no
packet losses at both ends (checked via #netstat –s –udp and confirmed). The
below changes were made which enhanced the setup
Hi ,
Can anyone please respond to this email? Thanks in advance for your support.
Regards,
Chinmaya
On Friday, April 4, 2014 4:23 PM, Chinmaya Dwibedy ckdwib...@yahoo.com wrote:
Hi Martin/All,
I could able to achieve the IKE setup rate 400+ with 250k IPsec tunnels
(Encryption algo: AES
Hi All,
I am using the load tester plugin of strongswan (5.0.4) and
running with 250k IPsec tunnels (DH group 1, Encryption algo: AES and integrity
algorithm: SHA1). We are using two
Multi-Core MIPS64 Processors with 16 cnMIPS64 v2 cores (one acts as an IKE
initiator and another as an IKE
: SHA1) per Octeon
chip. But getting the crash issue after sometimes.
Thank you in advance for your help and support.
Regards,
Chinmaya
On Monday, April 7, 2014 4:06 PM, Chinmaya Dwibedy ckdwib...@yahoo.com wrote:
Hi All,
I am using the load tester plugin of strongswan (5.0.4) and
running
Hi,
Under high load, the #ipsec statusall shows the job queue is
empty (0/0/0/0) but scheduled shows more than 4+ always.
The Scheduler schedules jobs for an execution in the future.
The Scheduler has internally a heap in which he stores the scheduled jobs
ordered by the time when they have
Hi Martin,
Can you please respond to this email ? Appreciate your support.
Regards,
Chinmaya
On Friday, April 11, 2014 2:51 PM, Chinmaya Dwibedy ckdwib...@yahoo.com wrote:
Hi,
Under high load, the #ipsec statusall shows the job queue is
empty (0/0/0/0) but scheduled shows more than 4
Hi Martin,
Thank you for the clarification.
Regards,
Chinmaya
On Monday, April 14, 2014 1:24 PM, Martin Willi mar...@strongswan.org wrote:
Hi,
Under high load, the #ipsec statusall shows the job queue is
empty (0/0/0/0) but scheduled shows more than 4+ always.
Does it mean that the
Hi Martin,
Using the pthread_setaffinity_np() API to put threads into
different cores, I find the tunnel setup rate to be 400+ (maximum) without any
packets loss at both ends. Without
setting processor affinity, only once core gets used (100%) and setup rate was
found to be 250 (max). I think,
Thank you Martin for your early response. Let me analyze, optimize, enhance the
setup rate.
On Monday, April 14, 2014 5:09 PM, Martin Willi mar...@strongswan.org wrote:
Chinmaya,
Using the pthread_setaffinity_np() API to put threads into different
cores, I find the tunnel setup rate
Hi,
The log_ function is called for each log generated by Charon. Will this
function be called if I disable
logging? Please clarify. Here is the logger configuration.
filelog {
/var/log/charon.log {
time_format = %b %e %T
append
Hi,
I am running the IPsec scenario under high load (250k IPsec
tunnels with 400+ tunnels per second ) using load tester plugin. I have disabled
the logging and configured 64 threads at both the ends. But I find the vlog
function is called even if there is no log to be generated by Charon. This
Hi Tobias,
Thank you for your fix and prompt response as well. Will apply this fix, test
and measure the increase in performance.
Regards,
Chinmaya
On Friday, May 2, 2014 12:58 PM, Tobias Brunner tob...@strongswan.org wrote:
Hi Chinmaya,
Even if nobody is listening for these logs, vlog
Hi All,
I have modified the strongswan (5.0.4) code to write a new DH
using Octeon Core Crypto Library APIs. Using the load tester plugin of
strongswan (5.0.4), could able to achieve the 250k IPsec tunnels with 850+
tunnels
per second. However I found that, some of the tunnels (approximately
Hi Martin/All,
Thanks for your valuable response. Using the atomic
incrementation to avoid this race condition, I am getting better results. It
means all the 250k IPsec tunnels are getting up (with 850+ TPS) except 10-20.
Debugged
the issue (why the 10-20 IPsec tunnels are not getting
Hi,
Using the
load tester plugin of strongswan (5.0.4), could able to achieve the 250k IPsec
tunnels with 1000 tunnels per second. However I found that, some of the tunnels
(approximately 10-20) were not getting up. Upon debugging found that, at IKE
responder end, the checkout_by_message() of
.
Regards,
Chinmaya
On Tuesday, May 27, 2014 7:42 PM, Chinmaya Dwibedy ckdwib...@yahoo.com wrote:
Hi,
Using the
load tester plugin of strongswan (5.0.4), could able to achieve the 250k IPsec
tunnels with 1000 tunnels per second. However I found that, some of the tunnels
Hi Martin/All,
I think, my email missed your kind attention. Thus I request your goodness to
have a look into this and respond. Your help in this regard will be highly
appreciated.
Regards,
Chinmaya
On Thursday, May 29, 2014 6:39 PM, Chinmaya Dwibedy ckdwib...@yahoo.com wrote:
Hi
:
{
---;
---;
ike_sa
= ike_sa_create(id, FALSE, ike_version);
}
//case
ALREADY_DONE:
}
Regards,
Chinmaya
On Monday, June 2, 2014 1:09 PM, Chinmaya Dwibedy ckdwib
Hi All,
Has anyone done an interoperability test between strongswan (running on Linux
box) and Cisco VPN Client or Cisco’s Anyconnect (running
on iOS in iPAD) using IKEv2 and pre-shared key authentication mechanism? if
yes, please provide me some pointers to configure and test.
Regards,
Hi,
Recently during my scalability testing of charon with strongswan
version 5.0.4 and load tester plugin. I observed that after establishment of
the tunnels (20,000 IPsec
tunnels), if I trigger the #ipsec stop
command, it should suppose to send 20k IKE DELETE INFORMATIONAL request
Hi ,
Can anyone please respond to this email? Note that, I am using default gmp
library and load tester plugin .
Regards,
Chinmaya
On Wednesday, August 13, 2014 6:05 PM, Chinmaya Dwibedy ckdwib...@yahoo.com
wrote:
Hi,
I am using the load
tester plugin (strongswan 5.0.4
Hi,We are using the strongswan-5.0.4.What I understand, the KEv2 Charon
daemon does not s does not implement AH butESP with authentication only is
configurable (i.e., NULL encryption with anydata integrity algorithm). Since
5.1.1 the ah keyword (i.e., auth = esp | ah) canbe used to configure
Hi Martin,
Thank you for your suggestion and reference.
Regards,Chinmaya
On Wednesday, January 28, 2015 4:36 PM, Martin Willi
mar...@strongswan.org wrote:
Hi,
Since I have bypassed the kernel , Can I do the followings in install
function (defined in child_sa.c) for rekeying of
Hi,
Is there any way to measure the Phase 1 or Phase 2 rekeys PerSeconds ? We need
to to see system behavior under stressful conditionswhere large volumes of SA's
are being rekeyed at the same time. Regards,Chinmaya___
Users mailing list
Hi,The charon-cmd is a command-line program forIKE Initiator. Is there CLI
application that acts as an IKE Responder? If no, Iam thinking to design a
stand-alone application (which will act as a Responder)that will communicate
with the IKEv2 Charon daemon. Will it be an issue if Iwill do the
Hi,Iam trying to use the swanctl utility (i.e., a commandline application to
configure and control charon) (strongswan: 5.2.2) . I configuredthe
/etc/swanctl/swanctl.conf file (On IKE Initiator end) and then upon tryingto
initiate the connection thru #swanctl--load-conns, it gives the
Hi,I want toget rid of strongswan.conf file (which is installed /etc
directory). Instead I wantto set the values programmatically. I have removed
the /etc/strongswan.conf ,which is read by libstrongswan during library
initialization. Furthermore Ihave written set_strongswan_conf_options()
Thank you Martin for your valuable response. Let me go thru the charon-xpc
under src/frontends/osx.
On Wednesday, April 22, 2015 7:28 PM, Martin Willi mar...@strongswan.org
wrote:
Hi,
set_strongswan_conf_options(lfile);
system(starter --daemon charon);
You can't set
Hi,I havewritten a C program which uses the VICI to configure and control
the IKE daemonCharon (at IKE Responder end). I have updated the request (of
type vici_req_t)using the vici_add_key_value() and vici_add_key_valuef(),and
send the same via vici_submit(load-conn command). It
Hi,I havewritten a C program which uses the VICI to configure and control the
IKE daemonCharon (at IKE Responder end). I have updated the request (of type
vici_req_t)using the vici_add_key_value() and vici_add_key_valuef(),and send
the same via vici_submit(load-conn command). It says that,
code and the configuration you're loading.
Mit freundlichen Grüßen/Regards,
Noel Kuntze
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 13.04.2015 um 14:02 schrieb Chinmaya Dwibedy:
Hi,
I have written a C program which uses the VICI to configure and control
Hi Martin,Thank youfor this information. We have modifiedthe strongswan (5.2.2)
code to bypass the strongSwan's IPsec Linux kernelinterface. We do have on our
own SPD and SAD table. As per the implementation,an SPD entry would contain the
destination IP as selector field and uses thesame as a
Hi,I am usingthe swanctl (command line interface) tool to configure the
Charon daemon at IKEResponder. I have kept all the entries of ipsec.conf and
ipsec.secret file ( in /etcdirectory) under comment. Here goes
theconfiguration. /etc/ipsec.secrets(IKE Responder end):
Hi,I used thefollowing options during configure i.e., -with-user=cli
--with-group=vpn--with-capabilities=native. I am using the Linux kernel version
2.6. I tried torun strongSwan and it's daemons under a non-root user. I created
anew user and group for strongSwan, e.g.: groupadd vpn and
HiAll,
Iam using strongSwan VPN Client app on anandroid device (VPN Client) and
running strongswan-5.4.0 on Linux device (VPNServer on Virtual Machine).
Trying to establishan IKEv2/IPsec tunnel using Certificate with EAP
authentication based onusername/password on client and pubkey on
Thankyou Tobias for your prompt response. The Gateway configuration for Android
(strongSwanVPN Client) setting "IKEv2 Certificate + EAP (Username/Password)".
Thuswe need to configure rightauth2=eap-md5 which was missing. This configures
asecond authentication round using EAP after doing a first
Hi,
I am usingstrongSwan VPN Client google app in an android device (VPN Client)
and runningstrongswan-5.4.0 on Linux device (VPN Server on Virtual Machine). I
am tryingto establish an IKEv2/IPsec tunnel using EAP authentication based
onusername/password (EAP-MD5) on client and pubkey on
Thank you Andreas for your response.
Sent from Yahoo Mail on Android
On Fri, May 13, 2016 at 1:18 PM, Andreas
Steffen<andreas.stef...@strongswan.org> wrote: Hi Chinmaya
On 13.05.2016 09:37, Chinmaya Dwibedy wrote:
> Hi All,
>
> What I understand, in order to use
Tuesday, January 17, 2017 4:33 PM, Chinmaya Dwibedy
<ckdwib...@yahoo.com> wrote:
Hi,
I am using the following configure options(using strongswan -5.2.2)
./configure --prefix=/opt/chinmaya/--sysconfdir=/opt/ chinmaya /etc
--libdir=/opt/ chinmaya /lib--enable-load-tester --enable-ctr --enable-
Hi,
I am using the following configure options(using strongswan -5.2.2)
./configure --prefix=/opt/chinmaya/--sysconfdir=/opt/ chinmaya /etc
--libdir=/opt/ chinmaya /lib--enable-load-tester --enable-ctr --enable-ccm
--enable-gcm --enable-vici--enable-error-notify --enable-openssl
While
Hi,
We use the VICI to configure and controlthe IKE daemon Charon (at IKE Responder
end) using strongswan-5.2.2. The load-conn() command is used to so as to load a
single connection definition into thedaemon. The remote_addrs is configured to
“any” to accept the IKE connectionrequest from
Hi ,
Can anyone please respond to this email ?
Regards,Chinmaya
On Thursday, June 22, 2017 1:08 PM, Chinmaya Dwibedy <ckdwib...@yahoo.com>
wrote:
Hi,
We use the VICI to configure and controlthe IKE daemon Charon (at IKE Responder
end) using strongswan-5.2.2. The load-conn() c
r ID. No idea about limitations of the
number of pools.
On 23.06.2017 07:32, Chinmaya Dwibedy wrote:
> Hi ,
>
> Can anyone please respond to this email ?
>
> Regards,
> Chinmaya
>
>
> On Thursday, June 22, 2017 1:08 PM, Chinmaya Dwibedy <ckdwib...@yahoo.com>
>
Thank you Tobias for your prompt response.
On Tuesday, June 13, 2017 1:14 PM, Tobias Brunner
wrote:
Hi Chinmaya,
> I am using the strongSwan VPN client app (as an IKEv2 initiator) in my
> android device. How can I disable NAT feature? Because by default, it
>
Hi,
The https://wiki.strongswan.org/projects/strongswan/wiki/FAQsays that, NAT
traversal cannot be disabled in the charon daemon and it can bedisabled (if
there is no NAT device) by setting MOBIKE to no in ipsec.conf.
I am using the strongSwan VPN client app (as an IKEv2 initiator)in my
90 matches
Mail list logo