strongSwan

21.01.2020

10:58 strongSwan Bug #2315: FreeBSD server stops routing new connections after 16k connects/disconnects

Tobias Brunner wrote:
> I don't see why the kernel couldn't accept requests with reqids > 0x3fff while still allocat...

07.02.2017

04:08 strongSwan Feature #2213: Add support for SADB_X_EXT_NAT_T_OAI and SADB_X_EXT_NAT_T_OAR PF_KEY messages

Andrey Elsukov wrote:
> > > It is possible, I added sysctl net.inet.ipsec.natt_cksum_policy variable to control the ...

17.01.2017

16:12 strongSwan Feature #2213: Add support for SADB_X_EXT_NAT_T_OAI and SADB_X_EXT_NAT_T_OAR PF_KEY messages

> > It is possible, I added sysctl net.inet.ipsec.natt_cksum_policy variable to control the behavior:
> > 0 - increm...

16.01.2017

17:13 strongSwan Feature #2212: RFC 2367 says: Only SADB_SASTATE_MATURE SAs may be submitted in an SADB_ADD message.

Tobias Brunner wrote:
> I see that the RFC explicitly says this. And I guess with a picky kernel this is problematic...

17:05 strongSwan Feature #2213: Add support for SADB_X_EXT_NAT_T_OAI and SADB_X_EXT_NAT_T_OAR PF_KEY messages

Tobias Brunner wrote:
> Why not just ignore the checksum for decrypted packets as the Linux kernel does (as describe...

11.01.2017

16:27 strongSwan Issue #2214 (Closed): IPsec VTI support for FreeBSD

Hi,
I implemented if_ipsec(4) virtual interface for FreeBSD.
I'm not yet familiar with strongswan configuration,...

16:06 strongSwan Feature #2213 (Closed): Add support for SADB_X_EXT_NAT_T_OAI and SADB_X_EXT_NAT_T_OAR PF_KEY messages

Hi,
I reworked NAT-T support in FreeBSD.
Now I'm looking how to modify strongswan to add SADB_X_EXT_NAT_T_OAI an...

15:50 strongSwan Feature #2212 (Closed): RFC 2367 says: Only SADB_SASTATE_MATURE SAs may be submitted in an SADB_ADD message.

RFC2367 requires that SADB_SASTATE_MATURE should be used in SADB_ADD message. The same should be done for SADB_UPDATE...