[Swan] Libreswan 4.9 ms-dh-downgrade

Mirsad Goran Todorovac mirsad.todorovac at alu.unizg.hr
Thu Nov 3 21:37:10 EET 2022 

Unfortunately, even this solution did not help:

https://learn.microsoft.com/en-us/security-updates/securityadvisories/2016/3174644

Still losing the connection and IPv4 ping after a couple of speedtests 
from Ookla.

ms-dh-downgrade=yes appears to fix that, even without USE_DH2=true when 
compiling ...

Hope this helps.

Mirsad

On 11/3/2022 8:17 PM, Mirsad Goran Todorovac wrote:
>
> Hi, Tuomo,
>
> Unfortunately, even with Windows 10 22H2 release, there is no progress 
> on ms-dh-downgrade problem.
>
> The sessions die after a couple of runs of the Ookla speedtest.
>
> Here are the session logs without and with ms-dh-downgrade:
>
> https://domac.alu.hr/~mtodorov/tmp/ikev2-20221103-no-dh-downgrade-01.log
>
> https://domac.alu.hr/~mtodorov/tmp/ikev2-20221103-with-dh-downgrade-04.log
>
> Probably it is better to install Strongswan windows client than to 
> expect native client to be fixed?
> (Maybe there is some additional tweak in registry needed?)
>
> Thank you.
>
> On 11/3/2022 5:04 PM, Mirsad Goran Todorovac wrote:
>>
>> On 20.10.2022. 12:54, Tuomo Soini wrote:
>>
>>> ms-dh-downgrade=yes
>>> This is not needed any more, Windows 10+ have been fixed to allow dh14
>>> or dh19 without downgrade on rekey.
>>
>> Unfortunately, my version of Windows 10 still breaks IPv4 VPN 
>> connection under stress load (Ookla speedtest
>> repeated a couple of times).
>>
>> Cheers.
>>
>> -- 
>> Mirsad Todorovac
>> System engineer
>> Faculty of Graphic Arts | Academy of Fine Arts
>> University of Zagreb
>> Republic of Croatia, the European Union
>> --
>> Sistem inženjer
>> Grafički fakultet | Akademija likovnih umjetnosti
>> Sveučilište u Zagrebu
> --
> Mirsad Todorovac
> Sistem inženjer
> Grafički fakultet | Akademija likovnih umjetnosti
> Sveučilište u Zagrebu
> -- 
> System engineer
> Faculty of Graphic Arts | Academy of Fine Arts
> University of Zagreb, Republic of Croatia
> tel. +385 (0)1 3711 451
> mob. +385 91 57 88 355

--
Mirsad Todorovac
Sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
-- 
System engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
tel. +385 (0)1 3711 451
mob. +385 91 57 88 355
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20221103/1b48713c/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: FucdWdfZJH04WXCd.png
Type: image/png
Size: 11939 bytes
Desc: not available
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20221103/1b48713c/attachment.png>

More information about the Swan mailing list