,
Vivek Bairathi
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
On Tue, Nov 2, 2010 at 12:35 PM, vivek bairathi bairathi.vi...@gmail.comwrote:
Hi Andreas,
Thanks for your quick reply.
I have some more queries regarding kernel_netlink interface:
If I use auto=route in ipsec.conf file for a connection:
Q1. Does the stack after reading the ipsec.conf
Hi All,
I want to know that if I set auto=route in ipsec.conf for a connection.
The IKEv2 stack will install kernel traps for that connection and will
initiate an SA only when it gets a packet between the leftsubnet and the
rightsubnet.
For this the IKEv2 stack needs trigger from kernel so
,
Vivek
On Tue, Aug 3, 2010 at 11:33 AM, vivek bairathi bairathi.vi...@gmail.comwrote:
Hi All,
I am facing a problem. The problem is as following:-
When I am initiating an IKE SA from my Computer towards the Security
Gateway (SGW). At the same time, SGW is also initiating an IKE SA for the
same
Hi All,
Can anyone tell me that strongswan IKEv2 stack automatically closes or
not an IKE SA or IPSEC SA on change of its configuration in ipsec.conf ?
Regards,
Vivek
___
Users mailing list
Users@lists.strongswan.org
, vivek bairathi
bairathi.vi...@gmail.com wrote:
Hi All,
Can anyone tell me that strongswan IKEv2 stack automatically closes or
not an IKE SA or IPSEC SA on change of its configuration in ipsec.conf ?
Regards,
Vivek
___
Users mailing list
Hi Andreas/Martin/Tobias,
Request you to please provide your comments for the mail below.
Regards,
Vivek
On Wed, Jul 14, 2010 at 11:55 AM, vivek bairathi
bairathi.vi...@gmail.comwrote:
Hi All,
I have a query regarding a scenario. *The scenario is as following*:-
*My implementation
Hi All,
I have a query regarding a scenario. The scenario is as following:-
My implementation: On changing of a parameter in ipsec.conf I first bring
down the SA, update the configuration and then bring it up again.
So, when I connect to a Security Gateway(SGW), I make an SA and start the
Hi,
Some doubts regarding certificates updation in IKEv2 Stack. Consider
the following scenario:-
CACERT1(old with new) CACERT2 (new with new) are both from same CA.
CERT1 : signed with CACERT1
CERT2: signed with CACERT2
PC1 PC2
1.
Hi,
My configuration creates 3 IKE SAs and 6 IPsec SAs. Configuration file
attached.
Now when I change the esp encryption algorithm for IpSecMPlane then I fire
the following commands in the given below order:-
1. ipsec down IpSecMPlane
2. Write the new esp encryption algorithm for IpSecMPlane in
Hi,
I wanted to create an IPsec SA that would encrypt traffic from any
destination ( rightsubnet= any ). However, the following configuration is
not accepted by strongswan:-
conn IpSecSSEPlane
ikelifetime=24h
keyexchange=ikev2
keyingtries=%forever
keylife=90m
Hi Andreas,
did you find anything?
Regards,
Vivek
On Fri, Mar 26, 2010 at 6:28 PM, Andreas Steffen
andreas.stef...@strongswan.org wrote:
Hi Vivek,
can you send me both the old and new CRL and the issuing CA certificate?
Best regards
Andreas
On 26.03.2010 13:44, vivek bairathi wrote
Hi All,
I am getting a problem with the strongswan-4.2.8, whenever I revoke a peer
certificate and
update the latest crl at my end and then try to make an SA it gets created
as it should not.
When I debug the stack I found that in credential_manager.c there is a
function
get_better_crl, in this
Hi All,
Hi All,
I have a CRL in pem format with me. The CRL file is loaded at startup.
1. If the CRL file is updated in the directory, how can strongswan be
indicated to update it. Does crlCheckInterval timer work with
strongswan IKEv2?
2. Is there an option to load CRL present in Cert
Hi All,
I have some query regarding dpd's:
1. If I give dpddelay value as zero in ipsec.conf then will IKEv2 Stack send
dpd's or not?
2. Is last_use_time is used in case of dpd's only?
Thanks in advance.
Regards,
Vivek
___
Users mailing list
Hi All,
I have a query regarding dpd's:-
1. When does ikev2 stack start sending dpd's?
2. When does it know that its time to close the IPSEC SA or IKE SA?
3. Can you tell me where is the handling for closing the IPSEC SA or
IKE SA in case of no response to the dpd's?
Thanks in advance.
4, 2010 at 11:48 PM, Daniel Mentz
danielml+mailinglists.strongs...@sent.comdanielml%2bmailinglists.strongs...@sent.com
wrote:
vivek bairathi wrote:
Some doubts regarding CERT mode:-
1. Is it necessary to know the CN of peer before establishing an IKE SA?
Generally speaking, no. It depends
Hi All,
Some doubts regarding CERT mode:-
1. Is it necessary to know the CN of peer before establishing an IKE SA?
2. Is the left/rightid is always equal to the CN from the certificate?
Thanks in advance.
Regards,
Vivek
___
Users mailing list
Hi All,
I have a query regarding dpd's.
1. When does ikev2 stack start sending dpd's?
2. When does it know that its time to close the IPSEC SA or IKE SA?
3. Can you tell me where is the handling for closing the IPSEC SA or
IKE SA in case of no response to the dpd's?
Thanks in advance.
Hi All,
I am using strongswan-4.2.8 stack. And I am getting a strange problem
with this stack:-
The steps that I have taken:-
1. I created an IKE SA for IpSecCPlane and two CHILD SA's under it -
IpSecCPlane IpSecUCSPlane.
2. After that I bring down IpSecUCSPlane CHILD SA by using the command
Hi,
We are in a very critical state of our project. Please fin gtime to
respond to the issue below. I would be of great help to us
Thanks in advance,
Ritu
On 9/16/09, vivek bairathi bairathi.vi...@gmail.com wrote:
Hi,
We have the requirement that traffic between same source-destination IPs
Hi,
I had a doubt regarding the support of IP addresses and ports as
traffic selectors.
For example:-
I have following SPD Entry. All the entries are using same security association:
S.No.Source IP Destination IP Src Port Dst
Port SA Ptr
11.1.1.1
Hi,
Thanks for your reply.
I am trying to establish SA between two machines of which one is QNX
machine and the other is Linux machine. I am able to transmit the
IKE_SA_INIT request and response messages from one machine to another
but when IKE_AUTH request is received by any of the machine it
a possible condition because of which this is
happening and ofcourse if possible a solution also?
Thanks Regards,
Vivek
On 9/3/09, vivek bairathi bairathi.vi...@gmail.com wrote:
Hi,
Thanks for your reply.
I am trying to establish SA between two machines of which one is QNX
machine
Hi,
When a CHILD_SA is rekeyed, there is a time when SAD will have two SA
entries corresponding to the CHILD_SA that is rekeyed. In other words
this is the time, when stack has received a correct response to
CREATE_CHILD_SA Request and hence has installed the new SA in SAD,
however it has yet
Hi,
Sorry to bother you. But i have some doubts regarding SAD table:
1. Do the kernel-netlink-ipsec interface send the encryption key and
integrity key to the kernel so that the kernel shall store it in SAD?
2. The source and destination address which the kernel-netlink-ipsec
interface send to
Hi,
Thanks for your reply.
With your help now I am able to create IKE SA and CHILD SA but there
is a problem with updation rekeying of IKE SA:-
1. I am trying to change a/all parameter (for e.g:- rekeytime,
encryption algo, integrity algo, DH group parameter) in ipsec.conf so
that when I do
Hi,
I have some queries:-
1. In case I need to create a tunnel with mutiple child SAs, would
there be different connection for each tunnel ip - virtual IP pair or
there is a single connection containing all the virtual IPs
corresponding to each Child SA?
2. In case there is a single connection
.
Thanks Regards,
Vivek
On 7/27/09, Andreas Steffen andreas.stef...@strongswan.org wrote:
Hi Vivek,
vivek bairathi wrote:
Hi all,
I have a requirement for creating tunnel SAs. After reading
strongswan documentation and code I arrived at the following
conclusion:-
1. left| right
Hi all,
I have a requirement for creating tunnel SAs. After reading
strongswan documentation and code I arrived at the following
conclusion:-
1. left| right source IP in the conn section of ipsec.conf is used to
specify the internal IP in the tunnel( virtual IP). The external
tunnel IP will be
Regards,
Vivek
On 7/27/09, Andreas Steffen andreas.stef...@strongswan.org wrote:
Hi Vivek,
vivek bairathi wrote:
Hi all,
I have a requirement for creating tunnel SAs. After reading
strongswan documentation and code I arrived at the following
conclusion:-
1. left| right source IP in the conn
the IKE_SA creation can be triggered from the
kernel?
I would highly appretiate your help on these issues.
Looking forward for a reply.
Thanks,
Vivek
On 7/6/09, vivek bairathi bairathi.vi...@gmail.com wrote:
Hi,
Thanks for your help.
I still have a doubt that who initiates the IKE SA
knows the local and remote IP addresses?
3. If I have asked the wrong question or have wrongly understood your
stack code then please do explain me how an IKE SA and CHILD SA is
initiated or triggered in your stack?
Thank you.
Regards,
Vivek
On 7/2/09, vivek bairathi bairathi.vi...@gmail.com
Hi Martin,
Thanks for your help. The problem is that we have a propritary
implementaion of the IP stack in micro engine whose development is in
assembly language.
As per what you have suggested, I think it would make sense that we
let the kernel interface remain as is ( just change address
Hi Martin,
Thanks for your help.
For our implementation we need to port the strongswan stack on QNX.
QNX does not have a kernel, but only a microkernel. This we need to
remove any interface with the kernel in the strongswan stack and
replace it with our own interface.
Since Kernel
35 matches
Mail list logo
