Re: [strongSwan] Single physical interface "roadwarrior" responder using DHCP/FARP

2018-04-12 Thread Michael ..
swan-users-ml@thermi.consulting> To: "Michael .." <mi...@usa.com> Cc: "Thor Simon" <thor.si...@twosigma.com>, "users@lists.strongswan.org" <users@lists.strongswan.org> Subject: Re: [strongSwan] Single physical interface "roadwarrior"

Re: [strongSwan] Single physical interface "roadwarrior" responder using DHCP/FARP

2018-04-11 Thread Thor Simon
<noel.kuntze+strongswan-users-ml@thermi.consulting> Sent: Wednesday, April 11, 2018 2:50 PM To: Thor Simon <thor.si...@twosigma.com>; Michael .. <mi...@usa.com>; users@lists.strongswan.org Subject: Re: [strongSwan] Single physical interface "roadwarrior" responder using DH

Re: [strongSwan] Single physical interface "roadwarrior" responder using DHCP/FARP

2018-04-11 Thread Noel Kuntze
to use the packet filter to drop most (but not quite all) ICMP. In a >>> similar configuration to yours, we've ended up passing echo/echorep and >>> needs-frag; which means we drop redirects, ttl exceeded, and most >>> unreachables, all of which, in practice, with our la

Re: [strongSwan] Single physical interface "roadwarrior" responder using DHCP/FARP

2018-04-11 Thread Michael ..
"Thor Simon" <thor.si...@twosigma.com>, "Michael .." <mi...@usa.com>, "users@lists.strongswan.org" <users@lists.strongswan.org> Subject: Re: [strongSwan] Single physical interface "roadwarrior" responder using DHCP/FARP Then don't generate any

Re: [strongSwan] Single physical interface "roadwarrior" responder using DHCP/FARP

2018-04-11 Thread Noel Kuntze
l.kuntze+strongswan-users-ml@thermi.consulting] > Sent: Wednesday, April 11, 2018 1:45 PM > To: Thor Simon <thor.si...@twosigma.com>; Michael .. <mi...@usa.com>; > users@lists.strongswan.org > Subject: Re: [strongSwan] Single physical interface "roadwarrior" r

Re: [strongSwan] Single physical interface "roadwarrior" responder using DHCP/FARP

2018-04-11 Thread Thor Simon
lf Of Noel > Kuntze > Sent: Wednesday, April 11, 2018 1:23 PM > To: Michael .. <mi...@usa.com>; users@lists.strongswan.org > Subject: Re: [strongSwan] Single physical interface "roadwarrior" responder > using DHCP/FARP > > Hello Michael, > > Disable

Re: [strongSwan] Single physical interface "roadwarrior" responder using DHCP/FARP

2018-04-11 Thread Noel Kuntze
.@usa.com>; users@lists.strongswan.org > Subject: Re: [strongSwan] Single physical interface "roadwarrior" responder > using DHCP/FARP > > Hello Michael, > > Disable sending of redirects for traffic on that interface. > The key is "net.ipv4.conf.INTERFACE.sen

Re: [strongSwan] Single physical interface "roadwarrior" responder using DHCP/FARP

2018-04-11 Thread Thor Simon
: Wednesday, April 11, 2018 1:23 PM To: Michael .. <mi...@usa.com>; users@lists.strongswan.org Subject: Re: [strongSwan] Single physical interface "roadwarrior" responder using DHCP/FARP Hello Michael, Disable sending of redirects for traffic on that interface. The

Re: [strongSwan] Single physical interface "roadwarrior" responder using DHCP/FARP

2018-04-11 Thread Noel Kuntze
Hello Michael, Disable sending of redirects for traffic on that interface. The key is "net.ipv4.conf.INTERFACE.send_redirects". Kind regards Noel On 11.04.2018 18:56, Michael .. wrote: > Hi, >   > I'm trying to configure a responder for use in a "roadwarrior" scenario, > albeit