dokuwiki

User Tools

Site Tools

Trace: paloalto ausbildung music strongswan
burim:strongswan
 ipsec statusall | awk {'print $3,$4,$5,$6'} | grep up
 ipsec statusall
 ip -s xfrm policy

forums blogs

https://sysadmins.co.za/setup-a-site-to-site-ipsec-vpn-with-strongswan-on-ubuntu/

https://serverfault.com/questions/1002024/strongswan-ipsec-tunnel-block-traffic-one-way

child_sa issue with Palo Alto

1) /etc/strongswan.d/charon.conf # Initiate CHILD_SA within existing IKE_SAs (always enabled for IKEv1).
reuse_ikesa = yes
2) cron disabled
#*/1 * * * * /usr/sbin/ipsec up evoke1
#*/1 * * * * /usr/sbin/ipsec up evoke2
#*/1 * * * * /usr/sbin/ipsec up evoke3
#*/1 * * * * /usr/sbin/ipsec up evoke4
3) change tunnel from start to route
old; auto=start
new; auto=route
burim/strongswan.txt · Last modified: 2022/07/22 22:41 by burim
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki