Thanks Martin for the good detail. Yes that was the problem. It works with
IKvE2.
Best Regards,
Farid
On Thursday, October 17, 2013 11:49 PM, Martin Willi <[email protected]>
wrote:
Hi Farid,
> I have observed if I select charonstat=yes and plutostart=no ipsec
> is not listening in all interfaces
With strongSwan 4.x, two IKE daemons have been in use. Pluto handled
IKEv1 connections, while charon was responsible to handle IKEv2
connections.
Both protocols receive messages on port 500/4500, but only one process
can bind to it. As a work-around, charon used a RAW socket to receive
packets, but did not bind to the UDP port. This allowed both daemons to
receive packets for their protocol.
> and it never receives any connection from outside.
charon ignores IKEv1 packets, but it should receive packets for IKEv2.
If you have IKEv1 connections, you'll need to start pluto.
With 5.x releases, things have changed; charon now handles both IKEv1
and IKEv2 over a standard UDP socket, pluto is not required anymore.
Regards
Martin
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
