It is possible MTU issue, usually when you use tunnel with StrongSwan VPN, your MTU for inner packet is less than 1500. When your client device tries to send large MTU package, if your server cannot accept icmp
I had similar type of error and it was kernel-libipsec plugin was conflicting
with selinux. I disabled the kernel-libipsec and issue has been resolved.
Anvar Kuchkartaev
an...@anvartay.com
Original Message
From: Hoggins!
Sent: miércoles, 17 de enero de 2018 21:21
To: users
You can try to remove/comment out lines of ike= and esp= and try to connect to
server (leaving it to use default strongswan ciphers).
Anvar Kuchkartaev
an...@anvartay.com
Original Message
From: Bugakov, Alexander
Sent: lunes, 20 de noviembre de 2017 04:30 p.m.
To: users
I think you are using right=[IP] try to use hostname specified in remote server
certificate.
Anvar Kuchkartaev
an...@anvartay.com
Original Message
From: joa...@verona.se
Sent: viernes, 17 de noviembre de 2017 10:02 p.m.
To: users@lists.strongswan.org
Subject: [strongSwan] Difficulty
not.Anvar Kuchkartaev an...@anvartay.com
).Anvar Kuchkartaev an...@anvartay.com
50 and 51 there are protocol identifiers not port numbers. They are not tcp and not udp they are different transport layer protocols (the same layer resides tcp and udp). Protocol 50 is protocol ESP
.Anvar Kuchkartaev an...@anvartay.com
).Anvar Kuchkartaev an...@anvartay.com
?Anvar Kuchkartaev an...@anvartay.com
You are welcome. In the StrongSwan website they documented a description about
why to not set ikesa_table_size too high (they write hash table size depends
number of cores in machine):
https://wiki.strongswan.org/projects/strongswan/wiki/IkeSaTable
Anvar Kuchkartaev
an...@anvartay.com
). Anvar Kuchkartaev an...@anvartay.com
). Anvar Kuchkartaev an...@anvartay.com
> parallelism by using hashtables[1].
>
> [1] https://wiki.strongswan.org/projects/strongswan/wiki/IkeSaTable
>
> On 04.10.2017 08:55, Anvar Kuchkartaev wrote:
> > TCPMSS parameters in firewall are required proper routing of tcp
> > connections of client within the ipsec tun
bandwith).
Anvar Kuchkartaev
an...@anvartay.com
Original Message
From: Stephen Scheck
Sent: martes, 3 de octubre de 2017 09:18 p.m.
To: Anvar Kuchkartaev
Cc: Jamie Stuart; users@lists.strongswan.org
Subject: Re: [strongSwan] Timeout on poor connection
Thanks for the configs.
I added the dpd
TCPMSS
--clamp-mss-to-pmtu
sysctl.conf
net.ipv4.ip_forward_use_pmtu=1 (I assume you have done rest of the
sysctl configurations like ip_forward, etc.)
On 30/09/17 19:37, Jamie Stuart wrote:
Could you post your (redacted) strongswan config Anvar?
On 30 Sep 2017, at 00:59, Anvar Kuchkartaev
configure it's browser to proxy server to
enhance connection stability).
Anvar Kuchkartaev
an...@anvartay.com
Original Message
From: Jamie Stuart
Sent: viernes, 29 de septiembre de 2017 05:59 p.m.
To: users@lists.strongswan.org
Subject: [strongSwan] Timeout on poor connection
Hi,
We have client
I don't think the windows is able to obtain routes from IKE vpn server. Windows must be using 0.0.0.0/0 route to your VPN server and sending all traffic to it but if you configured left=[IP]/32 from VPN server
Anvar Kuchkartaev an...@anvartay.com
.Anvar Kuchkartaev
?Anvar Kuchkartaev an...@anvartay.com
21 matches
Mail list logo