General

Profile

Andrey Elsukov

Issues

Activity

21.01.2020

10:58 strongSwan Bug #2315: FreeBSD server stops routing new connections after 16k connects/disconnects
Tobias Brunner wrote:
> I don't see why the kernel couldn't accept requests with reqids > 0x3fff while still allocat...

07.02.2017

04:08 strongSwan Feature #2213: Add support for SADB_X_EXT_NAT_T_OAI and SADB_X_EXT_NAT_T_OAR PF_KEY messages
Andrey Elsukov wrote:
> > > It is possible, I added sysctl net.inet.ipsec.natt_cksum_policy variable to control the ...

17.01.2017

16:12 strongSwan Feature #2213: Add support for SADB_X_EXT_NAT_T_OAI and SADB_X_EXT_NAT_T_OAR PF_KEY messages
> > It is possible, I added sysctl net.inet.ipsec.natt_cksum_policy variable to control the behavior:
> > 0 - increm...

16.01.2017

17:13 strongSwan Feature #2212: RFC 2367 says: Only SADB_SASTATE_MATURE SAs may be submitted in an SADB_ADD message.
Tobias Brunner wrote:
> I see that the RFC explicitly says this. And I guess with a picky kernel this is problematic...
17:05 strongSwan Feature #2213: Add support for SADB_X_EXT_NAT_T_OAI and SADB_X_EXT_NAT_T_OAR PF_KEY messages
Tobias Brunner wrote:
> Why not just ignore the checksum for decrypted packets as the Linux kernel does (as describe...

11.01.2017

16:27 strongSwan Issue #2214 (Closed): IPsec VTI support for FreeBSD
Hi,
I implemented if_ipsec(4) virtual interface for FreeBSD.
I'm not yet familiar with strongswan configuration,...
16:06 strongSwan Feature #2213 (Closed): Add support for SADB_X_EXT_NAT_T_OAI and SADB_X_EXT_NAT_T_OAR PF_KEY messages
Hi,
I reworked NAT-T support in FreeBSD.
Now I'm looking how to modify strongswan to add SADB_X_EXT_NAT_T_OAI an...
15:50 strongSwan Feature #2212 (Closed): RFC 2367 says: Only SADB_SASTATE_MATURE SAs may be submitted in an SADB_ADD message.
RFC2367 requires that SADB_SASTATE_MATURE should be used in SADB_ADD message. The same should be done for SADB_UPDATE...

Also available in: Atom