On Dienstag, 2. Dezember 2008, Vladimir Stavrinov wrote: > The similar configuration is on the other side. There are no problem when > connection initiating from one side of tunnel and VPN are working fine. But > if it is originated from other side, the following scenario are rolling up. > At the first time ipsec started, the tunnel is build and working as should. > It is successfully rekeying few times with keylife period. But when > ikelifetime expired, the tunnel destroyed and rebuild again repeatedly in > the endless loop. Analyzing the syslog I have found the only difference > between two side in the strange message: > > charon: 08[IKE] reauthenticating IKE_SA due address change That's the first time I am reading this message. Hmm...
> If this means ip address then it is not true: no address changed. I have > tried to reproduce this situation on the virtual machines with most close > network configuration without success. Changing interfaces and firewall and > default route has no effect. Adding mobike = no to config cause this > endless loop immediately after ipsec starting up. I can't find the source > of problem. Can you reproduce this problem on another set of machines as well? best regards, Rene
signature.asc
Description: This is a digitally signed message part.
