On 8/16/2020 10:16 PM, TomK wrote:
On 8/11/2020 1:16 AM, TomK wrote:
On 8/9/2020 8:10 PM, TomK wrote:
On 6/30/2020 4:41 AM, Tobias Brunner wrote:
Hi Tom,
What I meant to say, is that would confirm all proper kernel modules
were already in place to allow the communication would
Hey All,
I'm interested in finding out how to import routes from StrongSwan IPSec
installed XFRM tables (220) into Quagga (OSPF, 254)?
The XFRM policy based rules are saved in table 220 while Quagga (OSPF)
saves the routes in table 254. I have an IPSec StrongSwan on-prem GW
paired up with
Hey All,
I've configured the VTI's and routing is now fully working between the 9
VLAN's.
XFRM, as far as I can tell, isn't as well documented. I might try this
later on o see if OpenWRT supprots it.
Thx,
On 10/25/2020 9:48 PM, TomK wrote:
Hey Noel,
I have four VLAN's on the Azure side
/?get_doc=20=bird-6.html#ss6.6 :
|kernel table /number/|
Select which kernel table should this particular instance of the
Kernel protocol work with. Available only on systems supporting
multiple routing tables.
On 25.10.2020 20:05, TomK wrote:
Hey All,
I'm interested in finding out
is that with interfaces, you can then talk your
routing protocol over it.
It does not give you information about the subnets though for which IPsec
policies are installed.
What is the goal of this in the end?
Kind regards
Noel
Am 26.10.20 um 01:33 schrieb TomK:
Hey Noel,
Thanks. That would certainly make
if they are required, so those routes in table 220
are not necessarily complete.
A better solution for your use case would be to use route based IPsec by using
dedicated VTIs or XFRM interfaces and running OSPF/BGP/whatever over those
virtual links.
Kind regards
Noel
Am 25.10.20 um 19:05 schrieb TomK:
Hey
On 10/26/2020 2:10 AM, Michael Schwartzkopff wrote:
On 26.10.20 05:47, TomK wrote:
Hey All,
I've configured the VTI's and routing is now fully working between the
9 VLAN's.
XFRM, as far as I can tell, isn't as well documented. I might try
this later on o see if OpenWRT supprots it.
Thx
On 6/30/2020 4:41 AM, Tobias Brunner wrote:
Hi Tom,
What I meant to say, is that would confirm all proper kernel modules
were already in place to allow the communication would it not? Anything
else I could try to, in the least, confirm if the packet was
successfully forwarded to the Azure VPN
On 8/9/2020 8:10 PM, TomK wrote:
On 6/30/2020 4:41 AM, Tobias Brunner wrote:
Hi Tom,
What I meant to say, is that would confirm all proper kernel modules
were already in place to allow the communication would it not? Anything
else I could try to, in the least, confirm if the packet
On 6/24/2020 5:48 AM, Tobias Brunner wrote:
Hi Tom,
This is a DD-WRT router. Uses a pre-built kernel I might not have too
much option in customizing it. But I tried removing it
kernel-libipsec is a userland IPsec implementation (read the wiki page),
it has nothing to do with the kernel
On 6/24/2020 9:19 AM, Tobias Brunner wrote:
Hi Tom,
May I ask which exact line above told you I'm missing sfrm_user? The
ones that start with CUSTOM?
Yes, the first one is logged after the kernel-netlink plugin failed to
open a Netlink/XFRM socket, plus it is obviously missing in the module
On 6/26/2020 10:04 AM, TomK wrote:
On 6/24/2020 10:40 AM, TomK wrote:
On 6/24/2020 9:19 AM, Tobias Brunner wrote:
Hi Tom,
May I ask which exact line above told you I'm missing sfrm_user? The
ones that start with CUSTOM?
Yes, the first one is logged after the kernel-netlink plugin failed
On 6/29/2020 3:31 AM, Tobias Brunner wrote:
Hi Tom,
Is the xfrm_user.ko module used for both traffic going out and coming
back in via StrongSwan / IPSEC ?
It's not used for handling traffic at all. It provides the interface to
configure the IPsec stack (SAs and policies) from userland. It
On 6/29/2020 10:00 AM, TomK wrote:
On 6/29/2020 3:31 AM, Tobias Brunner wrote:
Hi Tom,
Is the xfrm_user.ko module used for both traffic going out and coming
back in via StrongSwan / IPSEC ?
It's not used for handling traffic at all. It provides the interface to
configure the IPsec stack
for viewing
purposes.
Sent from my iPhone
On Jun 19, 2020, at 19:28, TomK wrote:
Jun 19 19:57:11 14[KNL] error installing route with policy 10.3.0.0/24 ===
10.10.0.0/24 out
Thank you. Attached the logs.
https COLON //www DOT microdevsys DOT com/WordPressFiles/charon.log
https COLON //www DOT
TE for ESP CHILD_SA with SPI 28539651
Jun 19 20:37:26 12[IKE] received DELETE for ESP CHILD_SA with SPI e223cf04
Jun 19 20:37:26 12[IKE] CHILD_SA closed
Of interest, are these messages:
charon: 10[ESP] no matching outbound IPsec policy for 100.100.100.100 ==
10.10.0.4 [1]
On 6/19/2020 3:38 AM,
supersized, you won’t want to be going back and
updating networks on every gateway, though you will probably want to do
that from LDAP for road warriors.
On Jun 19, 2020, at 10:53 PM, TomK <mailto:tomk...@mdevsys.com>> wrote:
On 6/19/2020 10:56 PM, Brian Topping wrote:
Sounds like you’
On 6/22/2020 4:08 AM, Tobias Brunner wrote:
Hi Tom,
ipsec0 receives the packet from the ping request but nothing comes back:
Is there any particular reason you are using the kernel-libipsec plugin
(see [1])? You might want to try just using kernel-netlink.
This is a DD-WRT router. Uses a
Hello,
I have an Asus router using DD-WRT. On this router I've enabled ospf.
The router sits on VLAN1: 192.168.0.0/24
There are two more VLAN's within the space:
VLAN2: 10.0.0.0/24
VLAN3: 10.1.0.0/24
VLAN4: 10.2.0.0/24
VLAN5: 10.3.0.0/24
I've installed StrongSwan on top of this router and
Hello,
I have an Asus router using DD-WRT. On this router I've enabled ospf.
The router sits on VLAN1: 192.168.0.0/24
There are two more VLAN's within the space:
VLAN2: 10.0.0.0/24
VLAN3: 10.1.0.0/24
VLAN4: 10.2.0.0/24
VLAN5: 10.3.0.0/24
I've installed StrongSwan on top of this router and
On 6/24/2020 10:40 AM, TomK wrote:
On 6/24/2020 9:19 AM, Tobias Brunner wrote:
Hi Tom,
May I ask which exact line above told you I'm missing sfrm_user? The
ones that start with CUSTOM?
Yes, the first one is logged after the kernel-netlink plugin failed to
open a Netlink/XFRM socket, plus
On 8/11/2020 1:16 AM, TomK wrote:
On 8/9/2020 8:10 PM, TomK wrote:
On 6/30/2020 4:41 AM, Tobias Brunner wrote:
Hi Tom,
What I meant to say, is that would confirm all proper kernel modules
were already in place to allow the communication would it not?
Anything
else I could try
On 10/26/2020 8:42 AM, TomK wrote:
On 10/26/2020 2:10 AM, Michael Schwartzkopff wrote:
On 26.10.20 05:47, TomK wrote:
Hey All,
I've configured the VTI's and routing is now fully working between the
9 VLAN's.
XFRM, as far as I can tell, isn't as well documented. I might try
this later on o
23 matches
Mail list logo