Hi Nick, what do you mean,
can you please explain..
is this finally so difficult to be done?? crazy!!
what i need to do just to have the route UP after connection ?
many thanks
On Fri, Jan 11, 2019 at 3:00 PM <[email protected]
<mailto:[email protected]>> wrote:
Send Swan mailing list submissions to
[email protected] <mailto:[email protected]>
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.libreswan.org/mailman/listinfo/swan
or, via email, send a message with subject or body 'help' to
[email protected]
<mailto:[email protected]>
You can reach the person managing the list at
[email protected] <mailto:[email protected]>
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Swan digest..."
Today's Topics:
1. Re: Help!! (Paul Wouters)
2. Re: Help!! (Antonios Katsouros)
3. Re: Help!! (Nick Howitt)
4. Re: Libreswan 3.27 segfault (csszep)
----------------------------------------------------------------------
Message: 1
Date: Thu, 10 Jan 2019 10:09:54 -0500 (EST)
From: Paul Wouters <[email protected] <mailto:[email protected]>>
To: Antonios Katsouros <[email protected]
<mailto:[email protected]>>
Cc: [email protected] <mailto:[email protected]>
Subject: Re: [Swan] Help!!
Message-ID: <[email protected]
<mailto:[email protected]>>
Content-Type: text/plain; charset=US-ASCII; format=flowed
On Thu, 10 Jan 2019, Antonios Katsouros wrote:
Another solution people use is to add:
leftupdown="ipsec _updown.netkey --route yes"
(if left is your server side)
That forces updown to automatically add the route.
Paul
------------------------------
Message: 2
Date: Thu, 10 Jan 2019 19:31:42 +0300
From: Antonios Katsouros <[email protected]
<mailto:[email protected]>>
To: [email protected] <mailto:[email protected]>
Subject: Re: [Swan] Help!!
Message-ID:
<capozperv9anp1dfupwntiafesr3fnqwz6efydqg8+baw1eo...@mail.gmail.com
<mailto:capozperv9anp1dfupwntiafesr3fnqwz6efydqg8%[email protected]>>
Content-Type: text/plain; charset="utf-8"
yes its there!!!
this is
root@srv1:~# cat /etc/ipsec.conf
version 2.0
config setup
virtual-private=%v4:
10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.50.0.0/24,%v4:!10.50.1.0/24
<http://10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.50.0.0/24,%v4:!10.50.1.0/24>
protostack=netkey
interfaces=%defaultroute
uniqueids=no
conn shared
left=%defaultroute
leftid=195.95.65.10
right=%any
encapsulation=yes
authby=secret
pfs=no
rekey=no
keyingtries=5
dpddelay=30
dpdtimeout=120
dpdaction=clear
ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2
sha2-truncbug=yes
conn l2tp-psk
auto=add
leftprotoport=17/1701
rightprotoport=17/%any
type=transport
phase2=esp
also=shared
conn xauth-psk
auto=add
leftsubnet=0.0.0.0/0 <http://0.0.0.0/0>
*rightaddresspool=10.50.1.2-10.50.1.3 (by the way is there a
way to
give a static in the other side??? i dont want pool)..*
modecfgdns="8.8.8.8 8.8.4.4"
leftxauthserver=yes
rightxauthclient=yes
leftmodecfgserver=yes
rightmodecfgclient=yes
modecfgpull=yes
xauthby=file
ike-frag=yes
ikev2=never
cisco-unity=yes
also=shared
root@srv1:~#
Many thanks!!!
On Thu, Jan 10, 2019 at 7:23 PM Paul Wouters <[email protected]
<mailto:[email protected]>> wrote:
> On Thu, 10 Jan 2019, Antonios Katsouros wrote:
>
> > root@srv1:/etc/ipsec.d# ls
> > cert9.db key4.db passwd pkcs11.txt policies
>
> check /etc/ipsec.conf
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.libreswan.org/pipermail/swan/attachments/20190110/8952eed1/attachment-0001.html>
------------------------------
Message: 3
Date: Thu, 10 Jan 2019 16:34:36 +0000
From: Nick Howitt <[email protected] <mailto:[email protected]>>
To: [email protected] <mailto:[email protected]>
Subject: Re: [Swan] Help!!
Message-ID: <[email protected]
<mailto:[email protected]>>
Content-Type: text/plain; charset=utf-8; format=flowed
Are you trying to do a LAN-LAN connection? If so you don't want
anything
to do with l2tp or xauth. Have a look at the examples I linked you to
earlier on the libreswan web site. What you have here is for
roadwarriors.
NIck
On 10/01/2019 16:31, Antonios Katsouros wrote:
> yes its there!!!
>
> this is
>
> root@srv1:~# cat /etc/ipsec.conf
> version 2.0
>
> config setup
> ?
>
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.50.0.0/24,%v4:!10.50.1.0/24
<http://10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.50.0.0/24,%v4:!10.50.1.0/24>
>
<http://10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.50.0.0/24,%v4:!10.50.1.0/24>
> ? protostack=netkey
> ? interfaces=%defaultroute
> ? uniqueids=no
>
> conn shared
> ? left=%defaultroute
> ? leftid=195.95.65.10
> ? right=%any
> ? encapsulation=yes
> ? authby=secret
> ? pfs=no
> ? rekey=no
> ? keyingtries=5
> ? dpddelay=30
> ? dpdtimeout=120
> ? dpdaction=clear
>
ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
>
phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2
> ? sha2-truncbug=yes
>
> conn l2tp-psk
> ? auto=add
> ? leftprotoport=17/1701
> ? rightprotoport=17/%any
> ? type=transport
> ? phase2=esp
> ? also=shared
>
> conn xauth-psk
> ? auto=add
> ? leftsubnet=0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0>
> *rightaddresspool=10.50.1.2-10.50.1.3? ?(by the way is there a
way to
> give a static in the other side??? i dont want pool)..*
> ? modecfgdns="8.8.8.8 8.8.4.4"
> ? leftxauthserver=yes
> ? rightxauthclient=yes
> ? leftmodecfgserver=yes
> ? rightmodecfgclient=yes
> ? modecfgpull=yes
> ? xauthby=file
> ? ike-frag=yes
> ? ikev2=never
> ? cisco-unity=yes
> ? also=shared
> root@srv1:~#
>
>
> Many thanks!!!
>
>
>
> On Thu, Jan 10, 2019 at 7:23 PM Paul Wouters <[email protected]
<mailto:[email protected]>
> <mailto:[email protected] <mailto:[email protected]>>> wrote:
>
> On Thu, 10 Jan 2019, Antonios Katsouros wrote:
>
> > root@srv1:/etc/ipsec.d# ls
> > cert9.db? key4.db? passwd? pkcs11.txt? policies
>
> check /etc/ipsec.conf
>
> Paul
>
>
> _______________________________________________
> Swan mailing list
> [email protected] <mailto:[email protected]>
> https://lists.libreswan.org/mailman/listinfo/swan
------------------------------
Message: 4
Date: Fri, 11 Jan 2019 10:56:45 +0100
From: csszep <[email protected] <mailto:[email protected]>>
To: Paul Wouters <[email protected] <mailto:[email protected]>>
Cc: [email protected] <mailto:[email protected]>
Subject: Re: [Swan] Libreswan 3.27 segfault
Message-ID:
<CADobNNJQNUAsV16Ny3Txqa6Egq7_=mz07mf+txbppqjqm8o...@mail.gmail.com
<mailto:mz07mf%[email protected]>>
Content-Type: text/plain; charset="utf-8"
Hi!
Still crashing with Libreswan master from 10 jan.
I updating the github issue #169 with new gdb backtrace.
The RHEL bugzilla enry is not accessible with regular RH account.
Thx Csszep
csszep <[email protected] <mailto:[email protected]>> ezt ?rta
(id?pont: 2018. dec. 4., K, 9:23):
> Hi Paul!
>
> Thx for the Answer. I will try and report. Unfortunately the
crash now
> happens ony once or twice a week....
>
> Paul Wouters <[email protected] <mailto:[email protected]>> ezt ?rta
(id?pont: 2018. dec. 3., H, 15:40):
>
>> On Thu, 29 Nov 2018, csszep wrote:
>>
>> > I have a longstanding problem w libreswan. See github issue #169
>> >
>> > Can anyone help identify the problem?
>> >
>> > The crash happened daily (SA delete? rekey?), and after 4-5
crashes it
>> works again.
>> >
>> > The last few messages, before every crash:
>> >
>> >
>> > 2018-11-28T10:43:15+01:00 firewall1 pluto[16834]: "customer2"
#701:
>> received Delete SA(0xb6ca75dc) payload: deleting IPSEC State #702
>> > 2018-11-28T10:43:15+01:00 firewall1 pluto[16834]: "customer2"
#702:
>> deleting other state #702 (STATE_QUICK_R2) and sending notification
>> > 2018-11-28T10:43:15+01:00 firewall1 pluto[16834]: "customer2"
#702: ESP
>> traffic information: in=1MB out=248KB
>> > 2018-11-28T10:43:15+01:00 firewall1 pluto[16834]: "customer2
#701:
>> deleting state (STATE_MAIN_R3) and sending notification
>> > 2018-11-28T10:40:23+01:00 firewall1 kernel: traps:
pluto[16834] general
>> protection ip:7f71e05e212b sp:7ffcd12c9180 error:0 in
>> pluto[7f71e0587000+154000]
>> >
>> > The connection "customer2" is not the same in every crash,
but maybe?
>> all connections that causes the crash come from F5/BIG-IP peer....
>>
>> Can you try git master? I think this issue is fixed there. This
is when
>> there is a Delete plus an additional notify payload.
>>
>> A different backport of the same bug is applied for RHEL via
>> https://bugzilla.redhat.com/show_bug.cgi?id=1630355
>>
>> Paul
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.libreswan.org/pipermail/swan/attachments/20190111/7e5b1528/attachment-0001.html>
------------------------------
Subject: Digest Footer
_______________________________________________
Swan mailing list
[email protected] <mailto:[email protected]>
https://lists.libreswan.org/mailman/listinfo/swan
------------------------------
End of Swan Digest, Vol 73, Issue 7
***********************************
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
