On 8/16/2020 10:16 PM, TomK wrote:
On 8/11/2020 1:16 AM, TomK wrote:
On 8/9/2020 8:10 PM, TomK wrote:
On 6/30/2020 4:41 AM, Tobias Brunner wrote:
Hi Tom,
What I meant to say, is that would confirm all proper kernel modules
were already in place to allow the communication would it not?
On 8/11/2020 1:16 AM, TomK wrote:
On 8/9/2020 8:10 PM, TomK wrote:
On 6/30/2020 4:41 AM, Tobias Brunner wrote:
Hi Tom,
What I meant to say, is that would confirm all proper kernel modules
were already in place to allow the communication would it not?
Anything
else I could try to, in the
On 8/9/2020 8:10 PM, TomK wrote:
On 6/30/2020 4:41 AM, Tobias Brunner wrote:
Hi Tom,
What I meant to say, is that would confirm all proper kernel modules
were already in place to allow the communication would it not? Anything
else I could try to, in the least, confirm if the packet was
On 6/30/2020 4:41 AM, Tobias Brunner wrote:
Hi Tom,
What I meant to say, is that would confirm all proper kernel modules
were already in place to allow the communication would it not? Anything
else I could try to, in the least, confirm if the packet was
successfully forwarded to the Azure VPN
Hi Tom,
> What I meant to say, is that would confirm all proper kernel modules
> were already in place to allow the communication would it not? Anything
> else I could try to, in the least, confirm if the packet was
> successfully forwarded to the Azure VPN Gateway end?
>
> I know the packet
On 6/29/2020 10:00 AM, TomK wrote:
On 6/29/2020 3:31 AM, Tobias Brunner wrote:
Hi Tom,
Is the xfrm_user.ko module used for both traffic going out and coming
back in via StrongSwan / IPSEC ?
It's not used for handling traffic at all. It provides the interface to
configure the IPsec stack
On 6/29/2020 3:31 AM, Tobias Brunner wrote:
Hi Tom,
Is the xfrm_user.ko module used for both traffic going out and coming
back in via StrongSwan / IPSEC ?
It's not used for handling traffic at all. It provides the interface to
configure the IPsec stack (SAs and policies) from userland. It
Hi Tom,
> Is the xfrm_user.ko module used for both traffic going out and coming
> back in via StrongSwan / IPSEC ?
It's not used for handling traffic at all. It provides the interface to
configure the IPsec stack (SAs and policies) from userland. It does
rely on general Netlink
On 6/26/2020 10:04 AM, TomK wrote:
On 6/24/2020 10:40 AM, TomK wrote:
On 6/24/2020 9:19 AM, Tobias Brunner wrote:
Hi Tom,
May I ask which exact line above told you I'm missing sfrm_user? The
ones that start with CUSTOM?
Yes, the first one is logged after the kernel-netlink plugin failed
On 6/24/2020 10:40 AM, TomK wrote:
On 6/24/2020 9:19 AM, Tobias Brunner wrote:
Hi Tom,
May I ask which exact line above told you I'm missing sfrm_user? The
ones that start with CUSTOM?
Yes, the first one is logged after the kernel-netlink plugin failed to
open a Netlink/XFRM socket, plus
On 6/24/2020 9:19 AM, Tobias Brunner wrote:
Hi Tom,
May I ask which exact line above told you I'm missing sfrm_user? The
ones that start with CUSTOM?
Yes, the first one is logged after the kernel-netlink plugin failed to
open a Netlink/XFRM socket, plus it is obviously missing in the module
Hi Tom,
> May I ask which exact line above told you I'm missing sfrm_user? The
> ones that start with CUSTOM?
Yes, the first one is logged after the kernel-netlink plugin failed to
open a Netlink/XFRM socket, plus it is obviously missing in the module
lists you posted after that.
> This is
On 6/24/2020 5:48 AM, Tobias Brunner wrote:
Hi Tom,
This is a DD-WRT router. Uses a pre-built kernel I might not have too
much option in customizing it. But I tried removing it
kernel-libipsec is a userland IPsec implementation (read the wiki page),
it has nothing to do with the kernel
Hi Tom,
> This is a DD-WRT router. Uses a pre-built kernel I might not have too
> much option in customizing it. But I tried removing it
kernel-libipsec is a userland IPsec implementation (read the wiki page),
it has nothing to do with the kernel (except that it has to be able to
create TUN
On 6/22/2020 4:08 AM, Tobias Brunner wrote:
Hi Tom,
ipsec0 receives the packet from the ping request but nothing comes back:
Is there any particular reason you are using the kernel-libipsec plugin
(see [1])? You might want to try just using kernel-netlink.
This is a DD-WRT router. Uses a
Hi Tom,
> ipsec0 receives the packet from the ping request but nothing comes back:
Is there any particular reason you are using the kernel-libipsec plugin
(see [1])? You might want to try just using kernel-netlink.
> Jun 19 19:57:07 10[KNL] error installing route with policy 10.3.0.0/24
> ===
> On Jun 20, 2020, at 12:08 AM, TomK wrote:
>
> However, I'll have to read it more thoroughly later on to be sure of that.
> If you can shed more light on this, that will help. Shouldn't ipsec
> configure the interfaces correctly? It does create ipsec01 so thought that
> would suffice.
Hi Brian,
Thank you. You're right, I'm not using the script you provided. Seems
like the instructions are aimed at a standalone Linux box however so I'm
not sure at this point if it will negatively interfere with anything
else I have configured here. I'm running DD-WRT so things are more
I do the same thing with OSPF (with BIRD 2).
I’m going to take a guess that StrongSWAN is working fine and your router is
not sensing the transition of it, so it doesn’t know when (or where) to route.
But I can’t exactly tell if you are setting up interfaces with an updown
script, I don’t see
On 6/19/2020 10:56 PM, Brian Topping wrote:
Sounds like you’re unable to look at traffic on both sides. Unless you’re
looking closely at the logs and know what’s happening, it’s hard to debug. It
also looks as if you’ve rather heavily sanitized the console logs, for instance
the ping
Sounds like you’re unable to look at traffic on both sides. Unless you’re
looking closely at the logs and know what’s happening, it’s hard to debug. It
also looks as if you’ve rather heavily sanitized the console logs, for instance
the ping destination.
This line concerns me:
> Jun 19
ipsec0 receives the packet from the ping request but nothing comes back:
# tcpdump -i ipsec0 -s 0 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ipsec0, link-type RAW (Raw IP), snapshot length 262144 bytes
21:21:55.601249 IP 100.100.100.100 >
Hello,
I have an Asus router using DD-WRT. On this router I've enabled ospf.
The router sits on VLAN1: 192.168.0.0/24
There are two more VLAN's within the space:
VLAN2: 10.0.0.0/24
VLAN3: 10.1.0.0/24
VLAN4: 10.2.0.0/24
VLAN5: 10.3.0.0/24
I've installed StrongSwan on top of this router and
Hello,
I have an Asus router using DD-WRT. On this router I've enabled ospf.
The router sits on VLAN1: 192.168.0.0/24
There are two more VLAN's within the space:
VLAN2: 10.0.0.0/24
VLAN3: 10.1.0.0/24
VLAN4: 10.2.0.0/24
VLAN5: 10.3.0.0/24
I've installed StrongSwan on top of this router and
24 matches
Mail list logo
