Hey,
when IPFire 2.13 was released, the latest version of strongswan was shipped with it. Apparently, some people have problems operating their VPN connections with it.
This is a brief summary from my point of view:
The first version with these changes that might cause trouble has been released in August 2012 with a big headline which said: Testers needed.
* http://planet.ipfire.org/post/testers-needed-strongswan-5-0-0 * http://lists.ipfire.org/pipermail/development/2012-August/000039.html
My mail on the mailing list states:
It should not require any manual interaction at all. Please install and give me feedback about the connection stability and the interoperability with other (proprietary) implementations.
It's as if someone had known...
If you think, we didn't have people who actually tested this, you are wrong. There were a lot of people and the reports I got of them were all like: "Yeah, this made my VPN tunnels more stable". Especially when the configuration of one connection has been edited, the other connections remained established all the time. A big advantage over the implementation in IPFire 2.11!
Eight days before the final version of IPFire 2.13 was released, people started complaining. It was not a real bug report, but just a shout out "something went wrong, I could not be bothered, so I downgraded!". No technical details, no logs, no what-so-ever.
Since the release, a bunch of more people complained about similar problems. Again, no one provided (or was willing to provide) information that helps to solve the problem. Nobody was even bothered to create a proper bug report in bugzilla.
My VPN connections run for more than six months with strongswan 5 and I never had any problems since then.
If someone really has interest in solving this, maybe it is time that you start the action and help the developers. This is not a project where you can tell people what they should do (for you). This is an Open Source project - so everyone is able to read the source code, check what changes have been made and to provide a fix.
-Michael
Hi Michael,
you are right in your complaints. But on the other hand, why can not these users without problems with Strongswan 5, help these with issues? As I see it, there are ways to do VPN wrong and ways to do it right. And we should provide as community hints for the right ways.
-Bernhard
Gesendet: Donnerstag, 07. März 2013 um 13:21 Uhr Von: "Michael Tremer" michael.tremer@ipfire.org An: development@lists.ipfire.org Betreff: Strongswan 5 issues in IPFire 2.13
Hey,
when IPFire 2.13 was released, the latest version of strongswan was shipped with it. Apparently, some people have problems operating their VPN connections with it.
This is a brief summary from my point of view:
The first version with these changes that might cause trouble has been released in August 2012 with a big headline which said: Testers needed.
- http://planet.ipfire.org/post/testers-needed-strongswan-5-0-0
- http://lists.ipfire.org/pipermail/development/2012-August/000039.html
My mail on the mailing list states:
It should not require any manual interaction at all. Please install and give me feedback about the connection stability and the interoperability with other (proprietary) implementations.
It's as if someone had known...
If you think, we didn't have people who actually tested this, you are wrong. There were a lot of people and the reports I got of them were all like: "Yeah, this made my VPN tunnels more stable". Especially when the configuration of one connection has been edited, the other connections remained established all the time. A big advantage over the implementation in IPFire 2.11!
Eight days before the final version of IPFire 2.13 was released, people started complaining. It was not a real bug report, but just a shout out "something went wrong, I could not be bothered, so I downgraded!". No technical details, no logs, no what-so-ever.
Since the release, a bunch of more people complained about similar problems. Again, no one provided (or was willing to provide) information that helps to solve the problem. Nobody was even bothered to create a proper bug report in bugzilla.
My VPN connections run for more than six months with strongswan 5 and I never had any problems since then.
If someone really has interest in solving this, maybe it is time that you start the action and help the developers. This is not a project where you can tell people what they should do (for you). This is an Open Source project - so everyone is able to read the source code, check what changes have been made and to provide a fix.
-Michael
Development mailing list Development@lists.ipfire.org http://lists.ipfire.org/mailman/listinfo/development
Good evening,
well I am one of those problematic users. I have first encountered the problems when I installed RC1 on our productive environment. My problems were posted to forum, yes without any helpful logfiles, did not know which would be helpsome. Then after core66 got officially released I tried again with installing, in the hope there won't be any failures anymore. I was sure anyone else would have encountered the same problems and our problems would block the core66 from release before it is fixed properly. Okay it has not been that way but who could know.
Also I am using linux servers(which is open source) where new releases also show up from time to time, but never found such big problems anywhere around. If I had a test environment for Net2Net - connections with ipsec in the exact same constellation as the productive environment is, I would be so glad. But that thingie will cost many thousend euro. Can't make my boss friend with that, will say "just stick with the current version". But as I know it is security related in upgrading firewall solutions, it is essential to be up to date.
If anyone could help with ipsec net2net, please let me know. Would be great.
After one week of failure I downgraded the main productive ipfire back to core65, there is still one ipfire in productive which has one Net2Net conn but no such problems! So I just could figure out that it really depends hard on the peer side if you get problems or not! There are many different manufacturers of VPN-solution hardware AND software. My problems have been with Microsoft and Cisco-Peers. On the working ipfire it is also a Cisco-Peer but a different model!
Regards Jan
2013/3/7 Bernhard Bitsch Bernhard.Bitsch@gmx.de
Hi Michael,
you are right in your complaints. But on the other hand, why can not these users without problems with Strongswan 5, help these with issues? As I see it, there are ways to do VPN wrong and ways to do it right. And we should provide as community hints for the right ways.
-Bernhard
Gesendet: Donnerstag, 07. März 2013 um 13:21 Uhr Von: "Michael Tremer" michael.tremer@ipfire.org An: development@lists.ipfire.org Betreff: Strongswan 5 issues in IPFire 2.13
Hey,
when IPFire 2.13 was released, the latest version of strongswan was shipped with it. Apparently, some people have problems operating their VPN connections with it.
This is a brief summary from my point of view:
The first version with these changes that might cause trouble has been released in August 2012 with a big headline which said: Testers needed.
- http://planet.ipfire.org/post/testers-needed-strongswan-5-0-0
- http://lists.ipfire.org/pipermail/development/2012-August/000039.html
My mail on the mailing list states:
It should not require any manual interaction at all. Please install and give me feedback about the connection stability and the interoperability with other (proprietary) implementations.
It's as if someone had known...
If you think, we didn't have people who actually tested this, you are wrong. There were a lot of people and the reports I got of them were all like: "Yeah, this made my VPN tunnels more stable". Especially when the configuration of one connection has been edited, the other connections remained established all the time. A big advantage over the implementation in IPFire 2.11!
Eight days before the final version of IPFire 2.13 was released, people started complaining. It was not a real bug report, but just a shout out "something went wrong, I could not be bothered, so I downgraded!". No technical details, no logs, no what-so-ever.
Since the release, a bunch of more people complained about similar problems. Again, no one provided (or was willing to provide) information that helps to solve the problem. Nobody was even bothered to create a proper bug report in bugzilla.
My VPN connections run for more than six months with strongswan 5 and I never had any problems since then.
If someone really has interest in solving this, maybe it is time that you start the action and help the developers. This is not a project where you can tell people what they should do (for you). This is an Open Source project - so everyone is able to read the source code, check what changes have been made and to provide a fix.
-Michael
Development mailing list Development@lists.ipfire.org http://lists.ipfire.org/mailman/listinfo/development
Development mailing list Development@lists.ipfire.org http://lists.ipfire.org/mailman/listinfo/development
I just compiled the latest development release of strongswan 5.1.0.
You can download it over here and install it: https://bugzilla.ipfire.org/attachment.cgi?id=135&action=edit
I did not test it (yet), so there might be some easter eggs. You have been warned.
Please don't forget to send feedback about your testing results.
Best, -Michael
Hello Michael,
I recently have installed your attached version of strongswan (5.1.0).
For the moment I can't find any problems. All configured tunnels came up.
I did some basic tests and was able to ping and login into different remote systems.
I will do some further testing and report any issues.
-Stefan
I just compiled the latest development release of strongswan 5.1.0.
You can download it over here and install it: https://bugzilla.ipfire.org/attachment.cgi?id=135&action=edit
I did not test it (yet), so there might be some easter eggs. You have been warned.
Please don't forget to send feedback about your testing results.
Best, -Michael
Development mailing list Development@lists.ipfire.org http://lists.ipfire.org/mailman/listinfo/development
Hey,
here is the next development release: strongswan 5.1.0dr2.
https://bugzilla.ipfire.org/attachment.cgi?id=137&action=edit
-Michael