Re: [strongSwan] how to create a ACL-like system based on certificates?

2010-05-13 Thread John A. Sullivan III
On Thu, 2010-05-13 at 01:02 +0200, Andreas Schuldei wrote: In order to have fine grained control over the IPsec traffic in our distributed network of host-to-host ipsec connections we would like to create a ACLs-like system. For example all servers should be able to talk to infrastructure

Re: [strongSwan] How to dynamically add and delete tunnels?

2011-10-19 Thread John A. Sullivan III
On Tue, 2011-10-18 at 20:03 +0200, dr. ir. Kees van Reeuwijk wrote: Hi, I need to add and delete StrongSwan tunnels to a machine without user intervention. The solution I have come up with is to create a special directory, let's call it /strongswan, and then put a separate

Re: [strongSwan] ID cert validation required in PSK connections

2013-10-14 Thread John A. Sullivan III
Bump. Thanks - John On Sat, 2013-07-27 at 23:49 -0400, John A. Sullivan III wrote: Hello, all. I'm finding some difficulty transitioning from OpenSWAN to StrongSWAN. Most of my connections are internal and so use certs but I occasionally must establish an outside connection via PSK

Re: [strongSwan] Throughput on high BDP networks

2015-06-03 Thread John A. Sullivan III
On Tue, 2015-06-02 at 22:23 -0400, jsulli...@opensourcedevel.com wrote: On June 1, 2015 at 11:48 AM Martin Willi mar...@strongswan.org wrote: Even at these rates, the CPU did not appear to be very busy. We had one at 85% occupied but that was the one running nuttcp. On the

Re: [strongSwan] Throughput on high BDP networks

2015-06-03 Thread John A. Sullivan III
On Wed, 2015-06-03 at 15:51 -0400, John A. Sullivan III wrote: On Tue, 2015-06-02 at 22:23 -0400, jsulli...@opensourcedevel.com wrote: On June 1, 2015 at 11:48 AM Martin Willi mar...@strongswan.org wrote: Even at these rates, the CPU did not appear to be very busy. We had one

[strongSwan] Contracted StrongSWAN Support

2015-06-11 Thread John A. Sullivan III
Hello, all. I recently sent emails from both my corporate and opensourcedevel.com addresses to Andreas and to info inquiring about contracted support but received no response. I am guessing the emails were lost somewhere along the way. Does the StrongSWAN team still offer contracted support?

[strongSwan] Selector problems with tunnel mode and VRRP addresses and GRE/IPSec

2015-05-30 Thread John A. Sullivan III
Hello, all. I'm working on a fairly complex setup where we are doing ingress traffic shaping with an IFB interface including traffic transported via GRE/IPSec on gateways using keepalived for VRRP. We would normally use IPSec in transport mode for GRE/IPSec but that seems to prevent the tc

Re: [strongSwan] Connecting to Amazon VPC by a Linux-based VPN gateway.

2016-01-14 Thread John A. Sullivan III
On Thursday 14 January 2016 10:56:11 pm Josh wrote: > This http://bleikertz.com/blog/amazon_vpc_with_linux.html guide uses > racoon. Does anyone know how to use strongswan for the same task? > > Josh. We have done this successfully with StrongSWAN. Unfortunately, I do not have my