<!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> </head> <body> Hello Hideki, Thanks so very much for getting back to me and for your response about IPsec. Given the age of it that you mention, it may not be a fruitful endeavor to go that route, but I think that digging into the syslogs more will be helpful and will work on getting them set up properly to yield information about what may be happening here. Maybe if the IPsec is so very old then perhaps removing it completely from Bitvisor would be an option to consider and just rely on Wireguard since it is a more modern solution although, I would have to see how many dependencies it would affect in the code base as well. Of course, I will be happy to report any findings and possible resolutions that I come up with in this area. My hope is that maybe we can continue to discuss Bitvisor as it really is more of a research project for me at the moment while in the learning stage and while hoping to get it to a viable state with Wireguard but ultimately the goal is to rework that area to make it a P2P solution with Wireguard as the base. Best Regards and have a great day, Lonnie <div class="moz-cite-prefix">On 6/18/2024 6:06 AM, Hideki EIRAKU wrote: </div> <blockquote type="cite" cite="mid:20240618.190621.1837337652116481669.hdk@igel.co.jp"> <pre class="moz-quote-pre" wrap="">Hello, If BitVisor looks crashed, enabling syslog makes debugging easier. docs/getting_started.md describes about the syslog feature. </pre> <blockquote type="cite"> <pre class="moz-quote-pre" wrap="">Now I need your help as in looking over the default ".vpn" settings it seems as though someone was able to connect with a SoftEther server perhaps on VPN-Gate and I also have a SoftEther server set up and would like to do a test to see if that works since if it does then that effectively confirms that there is a bug in the Wireguard code that is causing the crash and hope fully the person that developed it can help locate that bug to get it fixed, if at all possible. </pre> </blockquote> <pre class="moz-quote-pre" wrap=""> The IPsec VPN feature in BitVisor was introduced before the open sourced SoftEther VPN was released. About 15 years ago, I tested it with Linux IPsec and racoon daemon. I could not find what I did at that time. In addition, it probably has security issues because of the too old version of OpenSSL and poor random number generation in crypto/chelp/chelp.c. The racoon.conf file that I probably used in 2009 has the following lines, just for your information: ------------------------------------------------------------ path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/racoon/certs"; remote anonymous { exchange_mode aggressive,main; my_identifier user_fqdn <a class="moz-txt-link-rfc2396E" href="mailto:user1@tsukuba.ac.jp">"user1@tsukuba.ac.jp"</a>; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 2; } } sainfo anonymous { lifetime time 12 hours; encryption_algorithm 3des; authentication_algorithm hmac_sha1; compression_algorithm deflate; } ------------------------------------------------------------ WireGuard implementaion comes from <a class="moz-txt-link-freetext" href="https://github.com/smartalock/wireguard-lwip">https://github.com/smartalock/wireguard-lwip</a>. It does not use OpenSSL code and looks much simpler than IPsec VPN. Hardware random number generator (RDRAND instruction) is used if available. </pre> </blockquote> </body> </html>