#vyatta

http://about.att.com/story/att_to_acquire_vyatta_software_technology_from_brocade.html

Vyatta Launches Community Edition 4

by clickykbd

Vyatta Launches Community Edition 4

Vyatta (meaning ‘open’ in ancient Sanskrit), which took the networking world by storm through its introduction of the first commercially supported, open-source router and firewall solution a few years ago, is back in the news once again, this time with its robust and innovative network operating system, Vyatta Community Edition 4 (VC4).

Vyatta,…

When doing IPsec Site-to-site VPN between Mikrotik RouterOS and StrongSwan (e.g. VyOS, Vyatta, linux distro) there is problem that StrongSwan some time ago changed default value of leftsendcert=always to leftsendcert=ifasked, which results in failed IKE negotiation.

Log:

pluto[21004]: "peer-A.B.C.D-tunnel-0" #123: we have a cert but are not sending it without request pluto[21004]: "peer-A.B.C.D-tunnel-0" #123: sent MR3, ISAKMP SA established pluto[21004]: "peer-A.B.C.D-tunnel-0" #123: retransmitting in response to duplicate packet; already STATE_MAIN_R3 pluto[21004]: "peer-A.B.C.D-tunnel-0" #123: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3

I found two practical solutions:

Modify RouterOS Configuration - Specify Remote Certificate in Peer configuration (Remote certificate needs to be imported)

Modify StongSwan Configuration - Add leftsendcert=always to /etc/ipsec.conf in related peer section

VyOS is a community fork of Vyatta, a Linux-based network operating system that provides software-based network routing, firewall, and VPN functionality.

Runs on both physical and virtual platforms.

Supports paravirtual drivers and integration packages for virtual platforms.