Hi Nick, what do you mean, can you please explain..
is this finally so difficult to be done?? crazy!! what i need to do just to have the route UP after connection ? many thanks On Fri, Jan 11, 2019 at 3:00 PM <[email protected]> wrote: > Send Swan mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.libreswan.org/mailman/listinfo/swan > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Swan digest..." > > > Today's Topics: > > 1. Re: Help!! (Paul Wouters) > 2. Re: Help!! (Antonios Katsouros) > 3. Re: Help!! (Nick Howitt) > 4. Re: Libreswan 3.27 segfault (csszep) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 10 Jan 2019 10:09:54 -0500 (EST) > From: Paul Wouters <[email protected]> > To: Antonios Katsouros <[email protected]> > Cc: [email protected] > Subject: Re: [Swan] Help!! > Message-ID: <[email protected]> > Content-Type: text/plain; charset=US-ASCII; format=flowed > > On Thu, 10 Jan 2019, Antonios Katsouros wrote: > > Another solution people use is to add: > > leftupdown="ipsec _updown.netkey --route yes" > > (if left is your server side) > > That forces updown to automatically add the route. > > Paul > > > > ------------------------------ > > Message: 2 > Date: Thu, 10 Jan 2019 19:31:42 +0300 > From: Antonios Katsouros <[email protected]> > To: [email protected] > Subject: Re: [Swan] Help!! > Message-ID: > < > capozperv9anp1dfupwntiafesr3fnqwz6efydqg8+baw1eo...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > yes its there!!! > > this is > > root@srv1:~# cat /etc/ipsec.conf > version 2.0 > > config setup > virtual-private=%v4: > > 10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.50.0.0/24,%v4:!10.50.1.0/24 > protostack=netkey > interfaces=%defaultroute > uniqueids=no > > conn shared > left=%defaultroute > leftid=195.95.65.10 > right=%any > encapsulation=yes > authby=secret > pfs=no > rekey=no > keyingtries=5 > dpddelay=30 > dpdtimeout=120 > dpdaction=clear > > > ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024 > > > phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2 > sha2-truncbug=yes > > conn l2tp-psk > auto=add > leftprotoport=17/1701 > rightprotoport=17/%any > type=transport > phase2=esp > also=shared > > conn xauth-psk > auto=add > leftsubnet=0.0.0.0/0 > *rightaddresspool=10.50.1.2-10.50.1.3 (by the way is there a way to > give a static in the other side??? i dont want pool)..* > modecfgdns="8.8.8.8 8.8.4.4" > leftxauthserver=yes > rightxauthclient=yes > leftmodecfgserver=yes > rightmodecfgclient=yes > modecfgpull=yes > xauthby=file > ike-frag=yes > ikev2=never > cisco-unity=yes > also=shared > root@srv1:~# > > > Many thanks!!! > > > > On Thu, Jan 10, 2019 at 7:23 PM Paul Wouters <[email protected]> wrote: > > > On Thu, 10 Jan 2019, Antonios Katsouros wrote: > > > > > root@srv1:/etc/ipsec.d# ls > > > cert9.db key4.db passwd pkcs11.txt policies > > > > check /etc/ipsec.conf > > > > Paul > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > https://lists.libreswan.org/pipermail/swan/attachments/20190110/8952eed1/attachment-0001.html > > > > ------------------------------ > > Message: 3 > Date: Thu, 10 Jan 2019 16:34:36 +0000 > From: Nick Howitt <[email protected]> > To: [email protected] > Subject: Re: [Swan] Help!! > Message-ID: <[email protected]> > Content-Type: text/plain; charset=utf-8; format=flowed > > Are you trying to do a LAN-LAN connection? If so you don't want anything > to do with l2tp or xauth. Have a look at the examples I linked you to > earlier on the libreswan web site. What you have here is for roadwarriors. > > NIck > > On 10/01/2019 16:31, Antonios Katsouros wrote: > > yes its there!!! > > > > this is > > > > root@srv1:~# cat /etc/ipsec.conf > > version 2.0 > > > > config setup > > ? > > virtual-private=%v4: > 10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.50.0.0/24,%v4:!10.50.1.0/24 > > < > http://10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.50.0.0/24,%v4:!10.50.1.0/24 > > > > ? protostack=netkey > > ? interfaces=%defaultroute > > ? uniqueids=no > > > > conn shared > > ? left=%defaultroute > > ? leftid=195.95.65.10 > > ? right=%any > > ? encapsulation=yes > > ? authby=secret > > ? pfs=no > > ? rekey=no > > ? keyingtries=5 > > ? dpddelay=30 > > ? dpdtimeout=120 > > ? dpdaction=clear > > > ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024 > > > phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2 > > ? sha2-truncbug=yes > > > > conn l2tp-psk > > ? auto=add > > ? leftprotoport=17/1701 > > ? rightprotoport=17/%any > > ? type=transport > > ? phase2=esp > > ? also=shared > > > > conn xauth-psk > > ? auto=add > > ? leftsubnet=0.0.0.0/0 <http://0.0.0.0/0> > > *rightaddresspool=10.50.1.2-10.50.1.3? ?(by the way is there a way to > > give a static in the other side??? i dont want pool)..* > > ? modecfgdns="8.8.8.8 8.8.4.4" > > ? leftxauthserver=yes > > ? rightxauthclient=yes > > ? leftmodecfgserver=yes > > ? rightmodecfgclient=yes > > ? modecfgpull=yes > > ? xauthby=file > > ? ike-frag=yes > > ? ikev2=never > > ? cisco-unity=yes > > ? also=shared > > root@srv1:~# > > > > > > Many thanks!!! > > > > > > > > On Thu, Jan 10, 2019 at 7:23 PM Paul Wouters <[email protected] > > <mailto:[email protected]>> wrote: > > > > On Thu, 10 Jan 2019, Antonios Katsouros wrote: > > > > > root@srv1:/etc/ipsec.d# ls > > > cert9.db? key4.db? passwd? pkcs11.txt? policies > > > > check /etc/ipsec.conf > > > > Paul > > > > > > _______________________________________________ > > Swan mailing list > > [email protected] > > https://lists.libreswan.org/mailman/listinfo/swan > > > > ------------------------------ > > Message: 4 > Date: Fri, 11 Jan 2019 10:56:45 +0100 > From: csszep <[email protected]> > To: Paul Wouters <[email protected]> > Cc: [email protected] > Subject: Re: [Swan] Libreswan 3.27 segfault > Message-ID: > <CADobNNJQNUAsV16Ny3Txqa6Egq7_= > [email protected]> > Content-Type: text/plain; charset="utf-8" > > Hi! > > Still crashing with Libreswan master from 10 jan. > > I updating the github issue #169 with new gdb backtrace. > > The RHEL bugzilla enry is not accessible with regular RH account. > > Thx Csszep > > csszep <[email protected]> ezt ?rta (id?pont: 2018. dec. 4., K, 9:23): > > > Hi Paul! > > > > Thx for the Answer. I will try and report. Unfortunately the crash now > > happens ony once or twice a week.... > > > > Paul Wouters <[email protected]> ezt ?rta (id?pont: 2018. dec. 3., H, > 15:40): > > > >> On Thu, 29 Nov 2018, csszep wrote: > >> > >> > I have a longstanding problem w libreswan. See github issue #169 > >> > > >> > Can anyone help identify the problem? > >> > > >> > The crash happened daily (SA delete? rekey?), and after 4-5 crashes it > >> works again. > >> > > >> > The last few messages, before every crash: > >> > > >> > > >> > 2018-11-28T10:43:15+01:00 firewall1 pluto[16834]: "customer2" #701: > >> received Delete SA(0xb6ca75dc) payload: deleting IPSEC State #702 > >> > 2018-11-28T10:43:15+01:00 firewall1 pluto[16834]: "customer2" #702: > >> deleting other state #702 (STATE_QUICK_R2) and sending notification > >> > 2018-11-28T10:43:15+01:00 firewall1 pluto[16834]: "customer2" #702: > ESP > >> traffic information: in=1MB out=248KB > >> > 2018-11-28T10:43:15+01:00 firewall1 pluto[16834]: "customer2 #701: > >> deleting state (STATE_MAIN_R3) and sending notification > >> > 2018-11-28T10:40:23+01:00 firewall1 kernel: traps: pluto[16834] > general > >> protection ip:7f71e05e212b sp:7ffcd12c9180 error:0 in > >> pluto[7f71e0587000+154000] > >> > > >> > The connection "customer2" is not the same in every crash, but maybe? > >> all connections that causes the crash come from F5/BIG-IP peer.... > >> > >> Can you try git master? I think this issue is fixed there. This is when > >> there is a Delete plus an additional notify payload. > >> > >> A different backport of the same bug is applied for RHEL via > >> https://bugzilla.redhat.com/show_bug.cgi?id=1630355 > >> > >> Paul > >> > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > https://lists.libreswan.org/pipermail/swan/attachments/20190111/7e5b1528/attachment-0001.html > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan > > > ------------------------------ > > End of Swan Digest, Vol 73, Issue 7 > *********************************** >
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
