Hi Paul, Just wan't to check is the following messages related to the StronSwan/LibreSwan SA diffrences?
>> Likely because strongswan uses/expects CREATE_CHILD_SA and libreswan is >> using individual IKE SA's #781: rejecting create child SA from 54.247.187.81:4500 -- new KE in DH for PFS is not yet supported #781: sending unencrypted notification v2N_INVALID_KE_PAYLOAD to 54.247.187.81:4500 Thanks Joe -----Original Message----- From: Swan [mailto:[email protected]] On Behalf Of Madden, Joe Sent: 18 May 2017 16:45 To: Paul Wouters <[email protected]> Cc: [email protected] Subject: Re: [Swan] Tunnels coming establishing and dropping quickly [This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing at http://aka.ms/LearnAboutSpoofing] Hi Paul, Thanks for the Info We kind of got it working by changing the configuration so we have three connections which each run their own subnet. This works although on occasion it does tend to open up two tunnels - One for Incoming traffic and one for Outgoing?! Anyways - Its working now - I'll do I might end up moving it to a cisco - Or convincing the Third party to move to LibreSwan! Thanks Joe. -----Original Message----- From: Paul Wouters [mailto:[email protected]] Sent: 18 May 2017 16:30 To: Madden, Joe <[email protected]> Cc: [email protected] Subject: RE: [Swan] Tunnels coming establishing and dropping quickly On Thu, 18 May 2017, Madden, Joe wrote: > We ended up narrowing it down to a configuration where leftsubnets is > used with more than one subnet - Libreswan and Strongswan doesn't like > it Likely because strongswan uses/expects CREATE_CHILD_SA and libreswan is using individual IKE SA's. Your best bet is to wait for 3.21 to be released. Or try one of the release candidates we are trying to get out this/next week. (or git master) Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
