> I'm sorry to say this but that was unnecessary because you can disable the
> plugins in the configuration. You do not need to recompile anything.
>
Well it was a learning experience for me :)
I looked in the stock EPEL configuration directories created for strongswan.
> The iptables rules/nftables rules, specifically NAT rules also apply to
> traffic that is supposed to be tunneled because the criteria the NAT rules
> ususally have do not take into account if there are XFRM policies for the
> packets or not.
>
I had previously added the postrouting rule
Good morning Noel,
Attached below are the various configurations you requested. At this point my
config is pretty basic as I attempt to get this working.
The IP addresses of my Work and Home Routers are 192.168.126.254 and
192.168.127.254 respectively. Upon establishing a connection I cannot
Thanks for the reply
> Please provide me with the full debug information as shown on the HelpRequests
> [1] page on the wiki.
I can do this later today when I can go back and spend more time on this, at
the moment I have to take care of other priorities.
> Additionally, what distribution is
I am having difficulty getting connected to a Meraki MX100 at a client site. I
do not have administrative control over the Meraki so specifics about how it is
configured I cannot address, although I can answer some questions. My machine
is a CentOS 8.5 machine running strongswan 5.9.4-2
As much as it is usually bad form to follow up on your own post, I wanted to
add this additional bit of info.
if I execute the command:
[root@MyRouter ~]# tcpdump -i ipsec0 -vv -c 5
and "ping 192.168.227.27" from another console, I see:
tcpdump: listening on ipsec0, link-type RAW (Raw IP),
If I try to add 10.128.0.0/16 to the configuration for East <=> Central, I get:
received TS_UNACCEPTABLE notify, no CHILD_SA built
failed to establish CHILD_SA, keeping IKE_SA
when I attempt to bring up the connection.
This seems to be related to the fact there is no interface or route on
I have 3 sites, East, Central, and West
Their subnets are 10.0.0.0/16, 10.64.0.0/16 and 10.128.0.0/16 respectively.
Both East and West connect directly to Central and route traffic between
Central and each of the remote sites. e.g. both 10.0 and 10.128 can both talk
to all machines on 10.64
sorry, that should be removing 10.128.0.0/16 not /24.
Also a cut and paste error on the east file into my browser email window, my
remote_ts=10.64.0.0/16,10.128.0.0/16 not /64
> On January 25, 2022 at 10:07 AM VTwin Farriers wrote:
>
>
> Thank you all for your responses.
>
and paste is flakey.
> On January 25, 2022 at 10:21 AM Michael Schwartzkopff wrote:
>
>
> On 25.01.22 16:07, VTwin Farriers wrote:
> > Thank you all for your responses.
> >
> > I have the same local_ts/remote_ts values on my East and Central
> > swanctl.conf f
Thank you all for your responses.
I have the same local_ts/remote_ts values on my East and Central swanctl.conf
files. I would think this should work but for some reason I get the
TS_UNACCEPTABLE error. Removing "10.128.0.0/24" from the swanctl.conf files on
east and central will then work.
Still not feeling the love, unfortunately.
I never tried to connect from Central to East, I was always trying to go from
East to Central.
When I try to go from Central to East, I get a slightly different error message
when attempting to start the connection.
swanctl.conf (East)
connections
> On July 14, 2022 at 7:18 AM Tobias Brunner wrote:
> You seem to be using kernel-libipsec [1], don't! Just use
> kernel-netlink instead.
thank you! that's EXACTLY what it was!
even though I set load = no in that conf file, apparently when an upgrade came
down from the repo to 5.9.6 the
> On July 14, 2022 at 2:32 AM Michael Schwartzkopff wrote:
> Just Add the site-c subnet to the tunnel of A-B.
I tried that. It doesn't work. I get an error on Site B when attempting to
establish the child SAs
Subnets:
siteA: 192.168.127.254/24
siteB: 192.168.126.254/24
siteC:
Its been a while since I've had time to work on this so I am circling back in
the hopes someone can help me.
I have 3 sites, A B and C. Each has its own subnet, 192.168.A.x/24,
192.168.B.x/24 and 192.168.C.x/24
Site A and Site C both connect to Site B. This is all working well.
Site A needs
4 sites, A B, C and D.
A connects to B and C
B and C connect to D.
A cannot connect directly to D, it must go through B or C.
I tried adding D to the local_ts on B and C for A's configuration.
This works fine, except it seems periodically connections to machines on the D
network will drop.
4 sites, A B, C and D. A B and C are in a "star topology" where they all have
links to one another.
Only B and C can connect to D, A cannot connect directly to D, it must go
through B or C.
/- B -\
/ ^ \
A -<|>- D
\ v /
\- C -/
I added D to the local_ts on B and C for A's
17 matches
Mail list logo
