Hi Guys,
We are using strongswan version 4.2.8.
We are facing an issue in bringing a connection up again after changing the
Encryption Algo. Request your inputs for the same.
Steps that we follow are:
1. Bring a connection named IpSecUCSPlane UP, by executing command ipsec
up IpSecUCSPlane
2.
Hi Andreas/Martin/Tobias,
This is really urgent for us. Would really appreciate your inputs.
Best Regards
Sajal
On Fri, Dec 11, 2009 at 4:55 PM, Sajal Malhotra sajalmalho...@gmail.comwrote:
Hi Guys,
We are using strongswan version 4.2.8.
We are facing an issue in bringing a connection
Hi
This is regarding update of CA certificates in IKEv2 stack.
We are facing issue in update of CA certificates while following the steps
below:
Step 1. Initially we have a configuration with 2 CA certificates mentioned
in ipsec.conf as follows:
ca cert1
cacert=/home/sajal/abc.pem
Hi Andreas/Tobias,
PLease let me know if you need any further inputs
Regards
Sajal
On Mon, May 31, 2010 at 7:50 PM, Sajal Malhotra sajalmalho...@gmail.comwrote:
Hi
This is regarding update of CA certificates in IKEv2 stack.
We are facing issue in update of CA certificates while following
the daemon is restarted?
Would really appreciate if you could guide me through this.
Actually in our system it is somewhat not acceptable if we would have to
close all SAs(due to daemon restart) on certificates getting updated.
Best Regards
Sajal
On Thu, Jun 3, 2010 at 5:37 PM, Sajal Malhotra
Hi Martin,
Thanks for the help
I tried the patch you gave.
After compilation with your patch we followed the steps below:-
1. gave the following ipsec.conf file to IKEv2 stack having two ca
sections:-
*start ipsec.conf*
config setup
cachecrls=no
Hi Martin,
Any update on this issue ? Is there any other way to fix the issue?
BR
Sajal
On Thu, Jun 10, 2010 at 5:21 PM, Sajal Malhotra sajalmalho...@gmail.comwrote:
Hi Martin,
Thanks for the help
I tried the patch you gave.
After compilation with your patch we followed the steps below
Hi All,
I am facing an issue with the ikev2 stack.
Please refer to the ipsec.conf file below:
Here we have 2 connections SA1 and SA2 which are basically 2 IpSec SAs using
same Tunnel (IKE SA).
Problem is that when i change the configuration of connection SA1 and fire
ipsec update then both SA1
Hi Andreas/Martin,
Request you to provide some inputs on the problem below.
BR
Sajal
On Thu, Jul 15, 2010 at 4:11 PM, Sajal Malhotra sajalmalho...@gmail.comwrote:
Hi All,
I am facing an issue with the ikev2 stack.
Please refer to the ipsec.conf file below:
Here we have 2 connections SA1
HI Andreas/Martin/Tobias,
Would be greatfull if any one of you could provide some help on this issue.
BR
Sajal
On Thu, Jul 15, 2010 at 4:11 PM, Sajal Malhotra
sajalmalho...@gmail.comwrote:
Hi All,
I am facing an issue with the ikev2 stack.
Please refer to the ipsec.conf file below
Hi David,
From what i know this issue of Link Status as down and SA status Active
in Juniper comes when VPN monitoring is not configured or working in
Juniper. Please refer to Juniper documentation on configuration/issues in
VPN monitoring.
http://kb.juniper.net/KB9522
Hi Andreas,
Thanks for the prompt response.
We are using a pretty old version 4.2.8 :(
Do you have any patch available for this fix. Or can you just hint us on the
source code files where we can look for the change.
It would be a great help.
Thanks and Regards
Sajal Malhotra
On Mon, Dec 6
Hi,
I have a setup where i have a Linux Box (with Strongswan running on it)
connected to a Juniper Firewall Device. I have configured an IKE Tunnel
with 3 CHILD SAs under it. Now this is what happens:
1. Linux Box has a faster CHILD SA rekey time so it always triggers rekey.
2. All Rekey's are
Hi,
Just wondering if i use DH group in esp cipher suite however keep pfs=no.
Then how does Strongswan charon behave?
We are facing an issue while using strongswan with a Peer Juniper SRX
Device.
- On Juniper PFS is disabled for configured CHILD_SA
- On Strongswan as well we have defined pfs=no.
Hi,
Following is a scenario that we are trying to test.
- Strongswan Node (v4.2.8) is connected to a SEG Node.
- We are trying to use Authentication using X.509 certs
- Both Nodes have their Device certificates issued from a different trust
chain with Root CA different as well.
- On Strongswan
.
Thanks and Regards
Sajal
On Fri, Oct 17, 2014 at 12:13 AM, Sajal Malhotra sajalmalho...@gmail.com
wrote:
Hi,
Following is a scenario that we are trying to test.
- Strongswan Node (v4.2.8) is connected to a SEG Node.
- We are trying to use Authentication using X.509 certs
- Both Nodes have
Hi,
Had a query regarding Certificate Expiration and revocation logic used in
strongswan.
If a IKEv2 tunnel is *already established with a peer, *then is this tunnel
brought down *automatically *by strongswan in case of any of the following
conditions become true:
1. If we provide updated CRL to
Hi,
I am using following Setup in my Lab:
Host ASeGW-(ESP Tunnel)(eth1)Strongswan (Linux PC)
(eth0)---Host B
So there is one Tunnel Established between SeGW and Linux PC which is
running Strongswan Stack v5.2.2.
The Linux is connected to SeGW via its eth1 interface
and Host B is
and then use mark(,_in,_out) to give the kernel information how to handle
the packets.
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 08.05.2015 um 12:53 schrieb Sajal Malhotra:
Hi,
I am using following
Hi,
We are using Strongswan 4.2 and 5.2 version of stack in our Lab and we have
following setup:
Linux Box 1(v4.2)-Linux Box 2(v5.2)
Here is what we are trying:
1. Both Sides are using Device Certificates signed by different Root CA.
2. On both Devices we have provided both the root CA
Got some articles to help me with iptables update. I will try them once and
update.
Thanks and Regards
Sajal
On Tue, May 12, 2015 at 8:40 PM, Sajal Malhotra sajalmalho...@gmail.com
wrote:
Thanks a ton Noel for the clarification!!
And I m Sorry that i missed your suggestion of using 0.0.0.0/0
Thanks Martin for a quick reply.
I was looking at link for patches that you shared however could not
identify which 6 patches include the fix as there are many patches
available on this link:
http://git.strongswan.org/?p=strongswan.git;a=shortlog
BR
Sajal
On May 13, 2015 3:17 PM, Martin
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 09.05.2015 um 15:01 schrieb Sajal Malhotra:
Hi Noel,
We actually want that all traffic from Host A shall be directed via SeGW
towards different Hosts behind Linux Box( which includes Host B as 1 one
Dear Strongswan team,
We are facing similar problem as reported by Shobhit here.
1. We had a CRL say abc.pem that was present in /etc/ipsec.d/crls. This
was loaded correctly by Strongswan stack
2. However before the Nextupdate time expired, we got an updated CRL with
certificate of peer revoked
-
Hash: SHA256
Hello,
Did you try using ipsec stroke rereadcrls?
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 26.05.2015 um 12:39 schrieb Sajal Malhotra:
Dear Strongswan team,
We are facing
Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 26.05.2015 um 17:42 schrieb Sajal Malhotra:
Hi Noel,
Sorry for incorrect update. I think the CRLs are being read into the
cache with the command. However while the SA
26 matches
Mail list logo