Hi Martin, Just a quick note to say that this helped me a lot. I realise that it's a long time since you sent this email. Initially I still couldn't get my site to site VPN to work. I returned to it in the last two weeks and now have it working. We're now trialling it for use between our data centre and our Amazon Web Services environment with StrongSwan connecting to a Cisco router or ASA. So far the results have been very positive. Given the increased functionality and cost savings StrongSwan offers in comparison to Amazon's VPN offering. I would encourage anyone thinking of moving services to the cloud to explore StrongSwan and would be happy to share my experience with anyone thinking of doing so. I'd also encourage people to use GNS3 http://www.gns3.net/download/ to trial and test StrongSwan. Finally, if anyone has any experience of creating encrypted GRE tunnels from a StrongSwan box to a Cisco router I'd love to hear from them :¬) Cheers, Tormod
>>> Martin Willi <[email protected]> 07/08/2014 12:33 >>> Hi, > Aug 7 12:06:03 A0089-Mint1 charon: 09[CFG] proposing traffic selectors for other: > Aug 7 12:06:03 A0089-Mint1 charon: 09[CFG] 10.2.0.0/24 > Aug 7 12:06:03 A0089-Mint1 charon: 09[CFG] changing proposed traffic selectors for other: > Aug 7 12:06:03 A0089-Mint1 charon: 09[CFG] 0.0.0.0/0 The unity plugin widens the traffic selector as initiator, to later dynamically reduce it to what has been negotiated with the Split-Include Unity extension. If the plugin is enabled, this is done on all connections where the Unity Vendor ID has been received, which is likely with Cisco boxes. I've recently pushed a patch [1] which disables that behavior if no Split-Include attribute has been received on the connection. Please try that patch, I think it should fix this issue. Regards Martin [1]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=1a62fb0a Please consider the environment before printing this email ********************************************************************* This e-mail and any attachments are confidential. If it is not for you, please inform us and delete it immediately without disclosing, copying, or distributing it. If the content is not about the business of PayWizard Group PLC or its clients, then it is neither from nor sanctioned by PayWizard Group PLC. Use of this or any other PayWizard Group PLC e-mail facility signifies consent to interception by PayWizard Group PLC. The views expressed in this email or any attachments may not reflect the views and opinions of PayWizard Group PLC. This message has been scanned for viruses and dangerous content by MailScanner, but PayWizard Group PLC accepts no liability for any damage caused by the transmission of any viruses. PayWizard Group PLC is a public limited company registered in Scotland (SC175703) with its registered office at Cluny Court, John Smith Business Park, Kirkcaldy, Fife, KY2 6QJ. ******************************************************************** -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
