Hi Team,
I am relatively new to IPSEC configurations. Appreciate any help that you can
provide in the below issue. Let me know if you need any more details from my
end.
We had an IPSEC tunnel setup between our RHEL server in AWS and LPAR's in
co-location. The connectivity is fine, but we are seeing intermittent
connectivity issues and we need to refresh LPAR's every time to get the issues
resolved.
Please suggest if any time out setting needs to be included as part of the
configuration file.
Below is the IPSEC configuration that I am using
# grep -v "#" /etc/ipsec.conf
config setup
protostack=netkey
logfile=/var/log/pluto.log
dumpdir=/var/run/pluto/
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
nat_traversal=yes
include /etc/ipsec.d/*.conf
error logs I am seeing in pluto.log
May 11 10:26:14: "T_XX.XX.XX.XX" #111298: max number of retransmissions (8)
reached STATE_MAIN_I1. No response (or no acceptable response) to our first
IKEv1 message
May 11 10:26:14: "T_XX.XX.XX.XX" #111298: starting keying attempt 1637 of an
unlimited number
May 11 10:26:14: "T_XX.XX.XX.XX" #111392: initiating Main Mode to replace
#111298
May 11 10:26:14: deleting other state #111298 (STATE_MAIN_I1) "T_XX.XX.XX.XX"
May 11 10:26:14: "T_XX.XX.XX.XX" #111392: ignoring informational payload
NO_PROPOSAL_CHOSEN, msgid=00000000, length=16
May 11 10:26:14: "T_XX.XX.XX.XX" #111392: received and ignored informational
message
May 11 10:26:15: "T_XX.XX.XX.XX" #111392: ignoring informational payload
NO_PROPOSAL_CHOSEN, msgid=00000000, length=16
May 11 10:26:15: "T_XX.XX.XX.XX" #111392: received and ignored informational
message
May 11 10:26:15: "T_XX.XX.XX.XX" #111392: ignoring informational payload
NO_PROPOSAL_CHOSEN, msgid=00000000, length=16
May 11 10:26:15: "T_XX.XX.XX.XX" #111392: received and ignored informational
message
May 11 10:26:16: "T_XX.XX.XX.XX" #111300: max number of retransmissions (8)
reached STATE_MAIN_I1. No response (or no acceptable response) to our first
IKEv1 message
May 11 10:26:16: "T_XX.XX.XX.XX" #111300: starting keying attempt 615 of an
unlimited number
May 11 10:26:16: "T_XX.XX.XX.XX" #111394: initiating Main Mode to replace
#111300
May 11 10:26:16: deleting other state #111300 (STATE_MAIN_I1) "T_XX.XX.XX.XX"
May 11 10:26:16: "T_XX.XX.XX.XX" #111394: ignoring informational payload
NO_PROPO
May 11 07:23:39: "T_XX.XX.XX.XX" #96258: STATE_QUICK_R1: sent QR1, inbound
IPsec SA installed, expecting QI2 tunnel mode {ESP=>0x23c8bf21 <0xdfa30f1d
xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=passive}
May 11 07:23:39: "T_XX.XX.XX.XX" #96258: STATE_QUICK_R2: IPsec SA established
tunnel mode {ESP=>0x23c8bf21 <0xdfa30f1d xfrm=3DES_0-HMAC_SHA1 NATOA=none
NATD=none DPD=passive}
Thanks & Regards,
Sandeep Vegiraju
Infrastructure Consulting,
Infrastructure Services - Accenture Operations
(M) +1-678-790-6631
________________________________
This message is for the designated recipient only and may contain privileged,
proprietary, or otherwise confidential information. If you have received it in
error, please notify the sender immediately and delete the original. Any other
use of the e-mail by you is prohibited. Where allowed by local law, electronic
communications with Accenture and its affiliates, including e-mail and instant
messaging (including content), may be scanned by our systems for the purposes
of information security and assessment of internal compliance with Accenture
policy.
______________________________________________________________________________________
www.accenture.com
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
