On Thu, 11 May 2017, [email protected] wrote:
We had an IPSEC tunnel setup between our RHEL server in AWS and LPAR’s in
co-location. The connectivity is
fine, but we are seeing intermittent connectivity issues and we need to refresh
LPAR’s every time to get the
issues resolved.
Please suggest if any time out setting needs to be included as part of the
configuration file.
include /etc/ipsec.d/*.conf
You did not show your actualy connection definition.
May 11 10:26:14: "T_XX.XX.XX.XX" #111298: max number of retransmissions (8)
reached STATE_MAIN_I1. No
response (or no acceptable response) to our first IKEv1 message
May 11 10:26:15: "T_XX.XX.XX.XX" #111392: ignoring informational payload
NO_PROPOSAL_CHOSEN, msgid=00000000,
length=16
The remote did not like your first initiation packet.
May 11 07:23:39: "T_XX.XX.XX.XX" #96258: STATE_QUICK_R1: sent QR1, inbound
IPsec SA installed, expecting QI2
tunnel mode {ESP=>0x23c8bf21 <0xdfa30f1d xfrm=3DES_0-HMAC_SHA1 NATOA=none
NATD=none DPD=passive}
Apparently your end does match when being a responder. As a workaround,
you can try and set your ikelifetime and salifetime to 24h and hope that
the other end will rekey to you before that time.
It does indicate that you seem to have a minor misconfiguration between
the two endpoints.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
