ciated.
With Rgds,
Makarand.
Makarand Pradhan
Senior Software Engineer.
iS5 Communications Inc.
#1-1815 Meyerside Drive
Mississauga, Ontario
L5T 1G3
Main Line: +1-844-520-0588 Ext. 129
Direct Line: +1-289-724-2296
Cell: +1-226-501-5666
Fax:+1-289-401-5206
Email: mailto:makarandprad...@is5com
g is set on all the veth interfaces, e.g.:
sh-4.3# cat /proc/sys/net/ipv4/conf/veth0/forwarding
1
sh-4.3# cat /proc/sys/net/ipv4/conf/veth0.80/forwarding
1
I am probably missing something in my routing config. This is probably more of
a routing question.
Thanks for taking the time to read the questi
,
IKE_PHASE1_COMPLETE
*Dec 13 17:14:29.259: ISAKMP:(1008):Old State = IKE_P1_COMPLETE New State =
IKE_P1_COMPLETE
Thanks.
Makarand Pradhan
Senior Software Engineer.
iS5 Communications Inc.
#1-1815 Meyerside Drive
Mississauga, Ontario
L5T 1G3
Main Line: +1-844-520-0588 Ext. 129
Direct Line: +1-289-724-2296
Cell: +1
seems to be some temporary network connectivity loss. Though
this is difficult as the machines are sitting right next to each other and
nothing else was happening over the weekend.
We will re run and monitor connectivity again.
Thanks.
Makarand Pradhan
Senior Software Engineer.
iS5 Communications
the previously seen
issue anymore.
Thanks for your help and suggestions.
With rgds,
Makarand Pradhan
Senior Software Engineer.
iS5 Communications Inc.
#1-1815 Meyerside Drive
Mississauga, Ontario
L5T 1G3
Main Line: +1-844-520-0588 Ext. 129
Direct Line: +1-289-724-2296
Cell: +1-226-501-5666
Fax
ing policy 192.168.1.0/24 ===
192.168.2.0/24 in
Oct 7 22:58:20 t1024rdb charon: 13[KNL] deleting policy 192.168.1.0/24 ===
192.168.2.0/24 fwd
Oct 7 22:58:20 t1024rdb charon: 13[KNL] deleting policy 192.168.55.0/24 ===
192.168.1.0/24 out
Makarand Pradhan
Senior Software Engineer.
iS5 Commu
his issue, your feedback would be very much
appreciated.
Kind rgds,
Makarand Pradhan
Senior Software Engineer.
iS5 Communications Inc.
5895 Ambler Dr,
Mississauga, Ontario
L4W 5B7
Main Line: +1-844-520-0588 Ext. 129
Direct Line: +1-289-724-2296
Cell: +1-226-501-5666
Fax:+1-289-401-5206
Email: mak
Good morning All,
Following up on the issue. We need to manually add the route for ikev1.
Would very much appreciate any pointers. Am kind of stuck on ikev1.
Kind rgds,
Makarand Pradhan
Senior Software Engineer.
iS5 Communications Inc.
5895 Ambler Dr,
Mississauga, Ontario
L4W 5B7
Main Line: +1
Good morning Tobias,
Appreciate your confirmation.
Kind rgds,
Makarand Pradhan
Senior Software Engineer.
iS5 Communications Inc.
5895 Ambler Dr,
Mississauga, Ontario
L4W 5B7
Main Line: +1-844-520-0588 Ext. 129
Direct Line: +1-289-724-2296
Cell: +1-226-501-5666
Fax:+1-289-401-5206
Email
[2]: IKE proposal:
AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_1536
Would highly appreciate your inputs.
Is the system behaving correctly? i.e. the DH group is used only during reneg
after expiry of lifetime?
Kind rgds,
Makarand Pradhan
Senior Software Engineer.
iS5 Communications
CHILD_SA, keeping IKE_SA
Kind rgds,
Makarand Pradhan
Senior Software Engineer.
iS5 Communications Inc.
5895 Ambler Dr,
Mississauga, Ontario
L4W 5B7
Main Line: +1-844-520-0588 Ext. 129
Direct Line: +1-289-724-2296
Cell: +1-226-501-5666
Fax:+1-289-401-5206
Email: makarandprad...@is5com.com
Website
Tx Tobias.
Kind rgds,
Makarand Pradhan
Senior Software Engineer.
iS5 Communications Inc.
5895 Ambler Dr,
Mississauga, Ontario
L4W 5B7
Main Line: +1-844-520-0588 Ext. 129
Direct Line: +1-289-724-2296
Cell: +1-226-501-5666
Fax:+1-289-401-5206
Email: makarandprad...@is5com.com
Website
Hi All,
The wiki gave me a hint. The issue was route. For v1 the remote protected
network route has to be explicitly added:
For me:
ip ro add 10.10.9.0/24 via 91.0.0.3
ip ro add 192.168.9.0/24 via 91.0.0.2
Thanks all for looking at the issue.
Kind rgds,
Makarand Pradhan
Senior Software
highly appreciated.
Kind rgds,
Makarand Pradhan
Senior Software Engineer.
iS5 Communications Inc.
5895 Ambler Dr,
Mississauga, Ontario
L4W 5B7
Main Line: +1-844-520-0588 Ext. 129
Direct Line: +1-289-724-2296
Cell: +1-226-501-5666
Fax:+1-289-401-5206
Email: makarandprad...@is5com.com
Website: www.iS5C
one subnet. Still the same. Tunnel is up traffic does not go thru unless I
add the route. Do I need any iptables configuration to get it to work?
Kind rgds,
Makarand Pradhan
Senior Software Engineer.
iS5 Communications Inc.
5895 Ambler Dr,
Mississauga, Ontario
L4W 5B7
Main Line: +1-844-520-0588
appreciated.
Kind rgds,
Makarand Pradhan
Senior Software Engineer.
iS5 Communications Inc.
5895 Ambler Dr,
Mississauga, Ontario
L4W 5B7
Main Line: +1-844-520-0588 Ext. 129
Direct Line: +1-289-724-2296
Cell: +1-226-501-5666
Fax:+1-289-401-5206
Email: makarandprad...@is5com.com
Website: www.iS5Com.com
.168.9.0/24 via 91.0.0.2" when I am running v1?
With this route, the packets get encrypted.
If this is the desired behaviour then we do not have an issue.
Would appreciate if someone can confirm if v1 needs the route addition. V2 does
work without the explicit route addition.
Kind rgds,
Makara
Tx for the clarification. All information per the wiki is attached.
Kind rgds,
Makarand Pradhan
Senior Software Engineer.
iS5 Communications Inc.
5895 Ambler Dr,
Mississauga, Ontario
L4W 5B7
Main Line: +1-844-520-0588 Ext. 129
Direct Line: +1-289-724-2296
Cell: +1-226-501-5666
Fax:+1-289-401-5206
c05ee772 (FAILED)
13[IKE] unable to install inbound and outbound IPsec SA (SAD) in kernel
13[IKE] failed to establish CHILD_SA, keeping IKE_SA
Kind rgds,
Makarand Pradhan
Senior Software Engineer.
iS5 Communications Inc.
5895 Ambler Dr,
Mississauga, Ontario
L4W 5B7
Main Line: +1-844-520-0588 Ext. 129
Thanks Tobias for your response.
I recompiled the kernel with:
+CONFIG_CRYPTO_XCBC=y
And it worked for me.
Kind rgds,
Makarand Pradhan
Senior Software Engineer.
iS5 Communications Inc.
5895 Ambler Dr,
Mississauga, Ontario
L4W 5B7
Main Line: +1-844-520-0588 Ext. 129
Direct Line: +1-289-724-2296
configuration?
Thanks.
Kind rgds,
Makarand Pradhan
Senior Software Engineer.
iS5 Communications Inc.
5895 Ambler Dr,
Mississauga, Ontario
L4W 5B7
Main Line: +1-844-520-0588 Ext. 129
Direct Line: +1-289-724-2296
Cell: +1-226-501-5666
Fax:+1-289-401-5206
Email: makarandprad...@is5com.com
Website: www.iS5Com.com
Hello All,
I am having trouble while connecting a Windows VPN client to Strongswan using
Machine certificates. I am following the wiki:
https://wiki.strongswan.org/projects/strongswan/wiki/WindowsClients
Would appreciate any pointers to resolve the issue.
Issue: Windows client is not connecting
c.d/cacert, ipsec.d/cert and
the server private key is installed in ipsec.d/private
Will recheck and get back.
Thanks again.
Makarand.
-Original Message-
From: Tobias Brunner
Sent: October 12, 2020 10:59 AM
To: Makarand Pradhan ; users@lists.strongswan.org
Subject: Re: [strongSwan] Windows
Thanks Tobias for your quick response.
Am trying the make-before-break approach and so far the results are good. Will
run traffic for some more time to confirm the resolution.
Kind rgds,
Makarand Pradhan
Senior Software Engineer.
iS5 Communications Inc.
5895 Ambler Dr,
Mississauga, Ontario
L4W
on how to avoid the multiple CHILD_SAs after reauth?
Kind rgds,
Makarand Pradhan
Senior Software Engineer.
iS5 Communications Inc.
5895 Ambler Dr,
Mississauga, Ontario
L4W 5B7
Main Line: +1-844-520-0588 Ext. 129
Direct Line: +1-289-724-2296
Cell: +1-226-501-5666
Fax:+1-289-401-5206
Email: makarandprad
status:
...
m1[18]: IKEv2 SPIs: 1b652ce7683f67fa_i 269af6263b48d37e_r*,
pre-shared key reauthentication in 45 minutes
m1[18]: IKE proposal:
BLOWFISH_CBC_128/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_1536
Kind rgds,
Makarand Pradhan
Senior Software Engineer.
iS5 Communications Inc
, rekeying in 5847s, expires in 6838s
in c5538838, 0 bytes, 0 packets
out c69ab573, 0 bytes, 0 packets
local 192.168.10.0/24 192.168.52.0/24
remote 10.10.10.0/24 192.168.62.0/24
Thanks.
Kind rgds,
Makarand Pradhan
Senior Software
Thanks Thomas.
Will use 5. That makes sense.
Kind rgds,
Makarand Pradhan
Senior Software Engineer.
iS5 Communications Inc.
5895 Ambler Dr,
Mississauga, Ontario
L4W 5B7
Main Line: +1-844-520-0588 Ext. 129
Direct Line: +1-289-724-2296
Cell: +1-226-501-5666
Fax:+1-289-401-5206
Email: makarandprad
after 1 retransmits
11[IKE] retransmit 1 of request with message ID 2
11[NET] sending packet: from 172.16.31.100[500] to 172.16.21.100[500] (76 bytes)
06[IKE] giving up after 1 retransmits
Kind rgds,
Makarand Pradhan
Senior Software Engineer.
iS5 Communications Inc.
5895 Ambler Dr,
Mississauga
for looking at my qery.
Kind rgds,
Makarand Pradhan
Senior Software Engineer.
iS5 Communications Inc.
5895 Ambler Dr,
Mississauga, Ontario
L4W 5B7
Main Line: +1-844-520-0588 Ext. 129
Direct Line: +1-289-724-2296
Cell: +1-226-501-5666
Fax:+1-289-401-5206
Email: makarandprad...@is5com.com
Website
in the absence of
traffic.
"dpddelay = 30s |
defines the period time interval with which R_U_THERE messages/INFORMATIONAL
exchanges are sent to the peer.
These are only sent if no other traffic is received."
Can anyone comment if this is the expected behaviour?
Kind rgds,
Makarand Pradhan
Senio
seconds ago,
172.16.31.1[172.16.31.1]...172.16.31.2[172.16.31.2]
m1{1}: INSTALLED, TRANSPORT, reqid 1, ESP SPIs: cdd622d2_i cfe1297d_o
m1{1}: 172.16.31.1/32 === 172.16.31.2/32
Thanks for looking at my post.
Kind rgds,
Makarand Pradhan
Senior Software Engineer.
iS5
: Users On Behalf Of Makarand Pradhan
Sent: January 28, 2021 12:33 PM
To: users@lists.strongswan.org
Subject: [strongSwan] Subnet selector question
GM Everyone,
Am trying to selectively push icmp traffic into the tunnel. Am missing
something, would appreciate any pointers.
Scenario:
(PC1 10.10.9.31/2
10.10.9.0/24[icmp] 192.168.61.0/24 === 192.168.9.0/24[icmp]
192.168.51.0/24
I notice that the ARP request is not answered.
When I do not specify icmp, everything works. I think strongswan responds to
the ARP. Don't see it with icmp filter.
Thanks for looking.
Kind rgds,
Makarand Pradhan
Senior Soft
peer 172.16.100.1
inet 10.10.1.2/24 scope global tunnel1
valid_lft forever preferred_lft forever
Thanks.
Kind rgds,
Makarand Pradhan
Senior Software Engineer.
iS5 Communications Inc.
5895 Ambler Dr,
Mississauga, Ontario
L4W 5B7
Main Line: +1-844-520-0588 Ext. 129
Direct Line: +1-289
appreciate if anyone can suggest if I have missed a config in
charon.conf. Have tried but am not seeing any improvement.
Hoping to hear comments/suggestions on the issue.
Thanks and Regards,
Makarand Pradhan
Senior Software Engineer.
iS5 Communications Inc.
5895 Ambler Dr,
Mississauga, Ontario
L4W
GM Rajiv,
Appreciate your suggestions. Will test for 24 hours and get back.
With regards,
Makarand.
From: Rajiv Kulkarni
Sent: May 25, 2022 3:35 PM
To: Makarand Pradhan
Cc: Users@lists.strongswan.org
Subject: Re: [strongSwan] Multiple SAs after rekey with traffic.
Hi
1. why have you changed
/MODP_1536
policy1{12}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: c5fabaf0_i c5dad3ed_o
policy1{12}: AES_CBC_256/HMAC_SHA2_256_128/MODP_2048, 0 bytes_i, 0
bytes_o, rekeying in 18 minutes
policy1{12}: 192.168.101.0/24 === 10.10.101.0/24
Kind rgds,
Makarand Pradhan
Senior Software
38 matches
Mail list logo