[strongSwan] Proxy ID handling

Martin Willi martin at strongswan.org
Tue Jan 29 11:11:53 CET 2013


Hi Markus,

> the tunnel won't get up if I only do an "ipsec start" and try to ping a
> machine on the remote network. The Juniper device complains about wrong
> */32 ProxyIDs.

Are you using strongSwan 5.0.0? If yes, this is a known bug and has been
fixed [1] in 5.0.1. 5.0.0 included the traffic selector of the triggering
packet (as it is recommended in IKEv2), but this of course doesn't work
with IKEv1, where we can negotiate a single subnet only.

Regards
Martin

[1]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=777bcdc0






More information about the Users mailing list