[strongSwan] "unable to install policy" for clients some minutes after the first client has connected
Larsen
larsen007 at web.de
Tue Jul 21 20:43:22 CEST 2015
Hello Noel,
problem didn´t occur again when I tested over more than two hours. Should
be fixed.
The problematic "vhost:%no,%priv" seems to stem from IPcop that IPFire was
forked from. I could remove this by unchecking "Roadwarrior virtual IP
(inner-IP)".
I will also update the IPFire wiki as the current example is incorrect in
some ways.
Thanks for your help!
Lars
On Tue, 21 Jul 2015 12:24:44 +0200, Noel Kuntze <noel at familie-kuntze.de>
wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello Larsen,
>
> No. Remove rightsubnet and use rightsourceip instead.
> Set the IP pool in rightsourceip.
>
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
> Am 21.07.2015 um 12:23 schrieb Larsen:
>> Hello Noel,
>>
>> ok, thanks. Will try that (removing "rightsourceip").
>>
>>
>> Lars
>>
>>
>>
>> On Tue, 21 Jul 2015 12:22:08 +0200, Noel Kuntze
>> <noel at familie-kuntze.de> wrote:
>>
>>>
>> Hello Larsen,
>>
>> Sorry, I mean the rightsourceip option.
>>
>>
>> Mit freundlichen Grüßen/Kind Regards,
>> Noel Kuntze
>>
>> GPG Key ID: 0x63EC6658
>> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>>
>> Am 21.07.2015 um 12:21 schrieb Larsen:
>> >>> Hello Noel,
>> >>>
>> >>>> The virtual IPs for the clients are chosen from the rightsubnet
>> option.
>> >>>
>> >>> But I should remove the rightsubnet option, shouldn´t I?
>> >>> How is this gonna work then?
>> >>>
>> >>>
>> >>>> What version of strongSwan are you using?
>> >>>
>> >>> strongSwan U5.3.2/K3.14.43-ipfire-pae
>> >>>
>> >>>
>> >>>
>> >>> Lars
>> >>> _______________________________________________
>> >>> Users mailing list
>> >>> Users at lists.strongswan.org
>> >>> https://lists.strongswan.org/mailman/listinfo/users
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJVrh3rAAoJEDg5KY9j7GZYFkQP/iIWmwc66nd9j1rjFqKHfL4K
> Hpzl/rx1m6peGt6+44p3LX7Kqg9sTJSU3bMfcbhPKPc27gEhVjzXwnChUxhyqpSb
> iLSZ9avE7zYtj3g4CFnu/mcr0KWnDFxXI4yTICsXjaTJEhLM5fQ+4te+AZ+KW6rs
> PJaB9LimLoMyiSs8jHPTE4OMX1NeaghOaaVkicRKr7Cwin1QDYSeNoiXCK4Zm9E4
> qyy6MwPLQ4TMMBpSoaSKQVtJAmBHLKsu80MvvSAn4Ia5wB7lFs6H2+cDnkg4NRtI
> owtm93IFU67ARG0f24JNKCUzUNc3+ULvisRnZeKb7QXK8RM1yoWd6Hr4hYAx0mQJ
> ruebLrcAoQiF6kPBX+t9HVgT1s/k66mWIgzwEyY6OORZ8AyWTPBpdiD0EVyxv+YX
> swQwAQjizgdWdPwtFdA6WQ7EUpcl2GBLh30zGq6aBkn5ItJrnaTAS7v/clNN/sED
> SyXcUWmQwG0UYgdQaRyxVIpC69pWu0ovazW04eAa1S2cJ63VIDN5YoC30vP5LUOa
> 7tJHRjgrih4SsInZY3JZLxep4OE9Mv2T6k9PIQj8nnRlNmcjQMwkxrWKnvFmMxN7
> 3JR5Ywxbi6bJzMAUCTURv5VJ/6Ioazmv1y9sYukQKW1MiQJsOaGaNnBE6XRUBecM
> XNtSOoXOKt59PaZG8RxF
> =dFhH
> -----END PGP SIGNATURE-----
More information about the Users
mailing list