[Swan] Tunnels coming establishing and dropping quickly
Madden, Joe
Joe.Madden at mottmac.com
Mon May 22 10:16:01 UTC 2017
Hi Paul,
Just wan't to check is the following messages related to the StronSwan/LibreSwan SA diffrences?
>> Likely because strongswan uses/expects CREATE_CHILD_SA and libreswan is using individual IKE SA's
#781: rejecting create child SA from 54.247.187.81:4500 -- new KE in DH for PFS is not yet supported
#781: sending unencrypted notification v2N_INVALID_KE_PAYLOAD to 54.247.187.81:4500
Thanks
Joe
-----Original Message-----
From: Swan [mailto:swan-bounces at lists.libreswan.org] On Behalf Of Madden, Joe
Sent: 18 May 2017 16:45
To: Paul Wouters <paul at nohats.ca>
Cc: swan at lists.libreswan.org
Subject: Re: [Swan] Tunnels coming establishing and dropping quickly
[This sender failed our fraud detection checks and may not be who they appear to be. Learn about spoofing at http://aka.ms/LearnAboutSpoofing]
Hi Paul,
Thanks for the Info
We kind of got it working by changing the configuration so we have three connections which each run their own subnet.
This works although on occasion it does tend to open up two tunnels - One for Incoming traffic and one for Outgoing?!
Anyways - Its working now - I'll do I might end up moving it to a cisco - Or convincing the Third party to move to LibreSwan!
Thanks
Joe.
-----Original Message-----
From: Paul Wouters [mailto:paul at nohats.ca]
Sent: 18 May 2017 16:30
To: Madden, Joe <Joe.Madden at mottmac.com>
Cc: swan at lists.libreswan.org
Subject: RE: [Swan] Tunnels coming establishing and dropping quickly
On Thu, 18 May 2017, Madden, Joe wrote:
> We ended up narrowing it down to a configuration where leftsubnets is
> used with more than one subnet - Libreswan and Strongswan doesn't like
> it
Likely because strongswan uses/expects CREATE_CHILD_SA and libreswan is using individual IKE SA's.
Your best bet is to wait for 3.21 to be released. Or try one of the release candidates we are trying to get out this/next week.
(or git master)
Paul
_______________________________________________
Swan mailing list
Swan at lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan
More information about the Swan
mailing list