Hello, I created a simple bash script that does ipsec auto --down every 50 minutes and then picks up the tunnel again after 5 seconds. Interestingly, the problem for me concerns 1 connection out of about 15 others, only this one has a problem.
pt., 22 sty 2021 o 17:51 António Silva <[email protected]> napisał(a): > Hi Paul, > > Here is the full log: > > Jan 22 16:39:23 sol pluto[22331]: "tunnel8"[3] 95.61.168.133 #5: > responding to Main Mode from unknown peer 95.61.168.133:500 > Jan 22 16:39:23 sol pluto[22331]: "tunnel8"[3] 95.61.168.133 #5: sent Main > Mode R1 > Jan 22 16:39:23 sol pluto[22331]: "tunnel8"[3] 95.61.168.133 #5: sent Main > Mode R2 > Jan 22 16:39:23 sol pluto[22331]: "tunnel8"[3] 95.61.168.133 #5: Peer ID > is ID_IPV4_ADDR: '192.168.1.2' > Jan 22 16:39:23 sol pluto[22331]: "tunnel8"[3] 95.61.168.133 #5: switched > from "tunnel8"[3] 95.61.168.133 to "tunnel8" > Jan 22 16:39:23 sol pluto[22331]: "tunnel8"[3] 95.61.168.133: deleting > connection instance with peer 95.61.168.133 {isakmp=#0/ipsec=#0} > Jan 22 16:39:23 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #5: Peer ID > is ID_IPV4_ADDR: '192.168.1.2' > Jan 22 16:39:23 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #5: IKE SA > established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 > group=MODP2048} > Jan 22 16:39:23 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #5: XAUTH: > Sending Username/Password request (MAIN_R3->XAUTH_R0) > Jan 22 16:39:23 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #5: XAUTH: > password file authentication method requested to authenticate user ' > [email protected]' > Jan 22 16:39:23 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #5: XAUTH: > password file (/etc/ipsec.d/passwd) open. > Jan 22 16:39:23 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #5: XAUTH: > success user([email protected]:(null)) > Jan 22 16:39:23 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #5: XAUTH: > User [email protected]: Authentication Successful > Jan 22 16:39:23 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #5: XAUTH: > xauth_inR1(STF_OK) > Jan 22 16:39:23 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #5: IKE SA > established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 > group=MODP2048} > Jan 22 16:39:23 sol pluto[22331]: | pool 192.168.20.2-192.168.20.2: > growing address pool from 0 to 1 > Jan 22 16:39:23 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #5: > modecfg_inR0(STF_OK) > Jan 22 16:39:23 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #5: sent > ModeCfg reply, expecting Ack {auth=PRESHARED_KEY cipher=AES_CBC_256 > integ=HMAC_SHA2_256 group=MODP2048} > Jan 22 16:39:23 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #5: the peer > proposed: 0.0.0.0/0:0/0 -> 192.168.20.2/32:0/0 > Jan 22 16:39:23 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #6: > responding to Quick Mode proposal {msgid:b5a1646d} > Jan 22 16:39:23 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #6: us: > 0.0.0.0/0===92.211.123.17<92.211.123.17>[@xauth.remote.local,MS+XS+S=C] > Jan 22 16:39:23 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #6: them: > 95.61.168.133[192.168.1.2,+MC+XC+S=C]===192.168.20.2/32 > Jan 22 16:39:23 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #6: sent > Quick Mode reply, inbound IPsec SA installed, expecting confirmation tunnel > mode {ESPinUDP=>0x2f0ed8e8 <0xfb5da4b1 xfrm=AES_GCM_16_128-NONE NATOA=none > NATD=95.61.168.133:4500 DPD=active [email protected]} > Jan 22 16:39:23 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #6: Warning: > XAUTH username changed from '' to 'asilvaptremote.local' > Jan 22 16:39:23 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #6: Warning: > XAUTH username changed from '' to 'asilvaptremote.local' > Jan 22 16:39:23 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #6: Warning: > XAUTH username changed from '' to 'asilvaptremote.local' > Jan 22 16:39:23 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #6: IPsec SA > established tunnel mode {ESPinUDP=>0x2f0ed8e8 <0xfb5da4b1 > xfrm=AES_GCM_16_128-NONE NATOA=none NATD=95.61.168.133:4500 DPD=active > [email protected]} > > Jan 22 17:34:53 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #10: > initiating IKEv1 Main Mode connection to replace #5 > Jan 22 17:34:53 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #10: sent > Main Mode request, replacing #5 > Jan 22 17:34:53 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #11: > responding to Main Mode from unknown peer 95.61.168.133:500 > Jan 22 17:34:53 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #11: sent > Main Mode R1 > Jan 22 17:34:53 sol pluto[22331]: "tunnel8"[4] 95.61.168.133: queuing > pending IPsec SA negotiating with 95.61.168.133 IKE SA #10 "tunnel8"[4] > 95.61.168.133 > Jan 22 17:34:53 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #11: sent > Main Mode R2 > Jan 22 17:34:53 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #11: Peer ID > is ID_IPV4_ADDR: '192.168.1.2' > Jan 22 17:34:53 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #11: IKE SA > established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 > group=MODP2048} > Jan 22 17:34:53 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #11: XAUTH: > Sending Username/Password request (MAIN_R3->XAUTH_R0) > Jan 22 17:34:53 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #11: XAUTH: > password file authentication method requested to authenticate user ' > [email protected]' > Jan 22 17:34:53 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #11: XAUTH: > password file (/etc/ipsec.d/passwd) open. > Jan 22 17:34:53 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #11: XAUTH: > success user([email protected]:(null)) > Jan 22 17:34:53 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #11: XAUTH: > User [email protected]: Authentication Successful > Jan 22 17:34:53 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #11: XAUTH: > xauth_inR1(STF_OK) > Jan 22 17:34:53 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #11: IKE SA > established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 > group=MODP2048} > Jan 22 17:34:53 sol pluto[22331]: | pool 192.168.20.2-192.168.20.2: > growing address pool from 0 to 1 > Jan 22 17:34:53 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #11: > modecfg_inR0(STF_OK) > Jan 22 17:34:53 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #11: sent > ModeCfg reply, expecting Ack {auth=PRESHARED_KEY cipher=AES_CBC_256 > integ=HMAC_SHA2_256 group=MODP2048} > Jan 22 17:34:53 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #10: > STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response > Jan 22 17:34:53 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #10: sent > Main Mode I2 > Jan 22 17:34:53 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #10: sent > Main Mode I3 > Jan 22 17:34:53 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #10: Peer ID > is ID_IPV4_ADDR: '192.168.1.2' > Jan 22 17:34:53 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #10: IKE SA > established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 > group=MODP2048} > Jan 22 17:34:54 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #10: XAUTH: > Sending Username/Password request (MAIN_I4->XAUTH_R0) > Jan 22 17:34:54 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #10: ignoring > informational payload CERTIFICATE_UNAVAILABLE, msgid=00000000, length=12 > Jan 22 17:34:54 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #10: received > and ignored notification payload: CERTIFICATE_UNAVAILABLE > > Jan 22 17:39:23 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #5: deleting > state (STATE_MODE_CFG_R1) aged 3600.267468s and sending notification > Jan 22 17:39:23 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #6: deleting > state (STATE_QUICK_R2) aged 3600.089548s and sending notification > Jan 22 17:39:23 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #6: ESP > traffic information: in=14MB out=78MB [email protected] > Jan 22 17:39:23 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #6: Warning: > XAUTH username changed from '' to 'asilvaptremote.local' > Jan 22 17:39:23 sol pluto[22331]: "tunnel8"[4] 95.61.168.133 #10: ignoring > Delete SA payload: PROTO_IPSEC_ESP SA(0x2f0ed8e8) not found (maybe expired) > Jan 22 17:39:23 sol pluto[22331]: ignoring found existing connection > instance "tunnel8"[4] 95.61.168.133 that covers kernel acquire with IKE > state #10 and IPsec state #0 - due to duplicate acquire? > Jan 22 17:39:54 sol pluto[22331]: existing bare shunt found - refusing to > add a duplicate > Jan 22 17:39:54 sol pluto[22331]: ignoring found existing connection > instance "tunnel8"[4] 95.61.168.133 that covers kernel acquire with IKE > state #10 and IPsec state #0 - due to duplicate acquire? > Jan 22 17:40:24 sol pluto[22331]: existing bare shunt found - refusing to > add a duplicate > Jan 22 17:40:24 sol pluto[22331]: ignoring found existing connection > instance "tunnel8"[4] 95.61.168.133 that covers kernel acquire with IKE > state #10 and IPsec state #0 - due to duplicate acquire? > > > Please let me know if you need more verbose in the logs. > > Thanks. > > -- > Saludos / Regards / Cumprimentos > António Silva > > > On 22 Jan 2021, at 14:41, Paul Wouters <[email protected]> wrote: > > This is a different issue I have not seen before. It seems there is > confusion about state between kernel and pluto ? > > To say more, i would need to see the logs from a valid state going to this > bad state. > > Paul > > Sent from my iPhone > > On Jan 22, 2021, at 07:03, António Silva <[email protected]> wrote: > > Hi, > > I’m having the same issue, after upgrading the server side to version 4.1, > every hour the tunnel disconnects, restarting the client side only makes it > work again. > > > Here is the logs from the server side when the tunnel is reconnecting > after an 1h: > > Jan 22 12:37:36 sol pluto[24350]: "tunnel8"[10] 95.61.168.133 #93: > initiating IKEv1 Main Mode connection to replace #89 > Jan 22 12:37:36 sol pluto[24350]: "tunnel8"[10] 95.61.168.133 #93: sent > Main Mode request, replacing #89 > Jan 22 12:37:36 sol pluto[24350]: "tunnel8"[10] 95.61.168.133 #94: > responding to Main Mode from unknown peer 95.61.168.133:500 > Jan 22 12:37:36 sol pluto[24350]: "tunnel8"[10] 95.61.168.133 #94: sent > Main Mode R1 > Jan 22 12:37:36 sol pluto[24350]: "tunnel8"[10] 95.61.168.133 #94: sent > Main Mode R2 > Jan 22 12:37:36 sol pluto[24350]: "tunnel8"[10] 95.61.168.133: queuing > pending IPsec SA negotiating with 95.61.168.133 IKE SA #93 "tunnel8"[10] > 95.61.168.133 > Jan 22 12:37:36 sol pluto[24350]: "tunnel8"[10] 95.61.168.133 #94: Peer ID > is ID_IPV4_ADDR: '192.168.1.2' > Jan 22 12:37:36 sol pluto[24350]: "tunnel8"[10] 95.61.168.133 #94: IKE SA > established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 > group=MODP2048} > Jan 22 12:37:36 sol pluto[24350]: "tunnel8"[10] 95.61.168.133 #94: XAUTH: > Sending Username/Password request (MAIN_R3->XAUTH_R0) > Jan 22 12:37:36 sol pluto[24350]: "tunnel8"[10] 95.61.168.133 #94: XAUTH: > password file authentication method requested to authenticate user ' > [email protected]' > Jan 22 12:37:36 sol pluto[24350]: "tunnel8"[10] 95.61.168.133 #94: XAUTH: > password file (/etc/ipsec.d/passwd) open. > Jan 22 12:37:36 sol pluto[24350]: "tunnel8"[10] 95.61.168.133 #94: XAUTH: > success user([email protected]:(null)) > Jan 22 12:37:36 sol pluto[24350]: "tunnel8"[10] 95.61.168.133 #94: XAUTH: > User [email protected]: Authentication Successful > Jan 22 12:37:36 sol pluto[24350]: "tunnel8"[10] 95.61.168.133 #94: XAUTH: > xauth_inR1(STF_OK) > Jan 22 12:37:36 sol pluto[24350]: "tunnel8"[10] 95.61.168.133 #94: IKE SA > established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 > group=MODP2048} > Jan 22 12:37:36 sol pluto[24350]: | pool 192.168.20.2-192.168.20.2: > growing address pool from 0 to 1 > Jan 22 12:37:36 sol pluto[24350]: "tunnel8"[10] 95.61.168.133 #94: > modecfg_inR0(STF_OK) > Jan 22 12:37:36 sol pluto[24350]: "tunnel8"[10] 95.61.168.133 #94: sent > ModeCfg reply, expecting Ack {auth=PRESHARED_KEY cipher=AES_CBC_256 > integ=HMAC_SHA2_256 group=MODP2048} > Jan 22 12:37:36 sol pluto[24350]: "tunnel8"[10] 95.61.168.133 #93: > STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response > Jan 22 12:37:37 sol pluto[24350]: "tunnel8"[10] 95.61.168.133 #93: sent > Main Mode I2 > Jan 22 12:37:37 sol pluto[24350]: "tunnel8"[10] 95.61.168.133 #93: sent > Main Mode I3 > Jan 22 12:37:37 sol pluto[24350]: "tunnel8"[10] 95.61.168.133 #93: Peer ID > is ID_IPV4_ADDR: '192.168.1.2' > Jan 22 12:37:37 sol pluto[24350]: "tunnel8"[10] 95.61.168.133 #93: IKE SA > established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 > group=MODP2048} > Jan 22 12:37:37 sol pluto[24350]: "tunnel8"[10] 95.61.168.133 #93: XAUTH: > Sending Username/Password request (MAIN_I4->XAUTH_R0) > Jan 22 12:37:37 sol pluto[24350]: "tunnel8"[10] 95.61.168.133 #93: > ignoring informational payload CERTIFICATE_UNAVAILABLE, msgid=00000000, > length=12 > Jan 22 12:37:37 sol pluto[24350]: "tunnel8"[10] 95.61.168.133 #93: > received and ignored notification payload: CERTIFICATE_UNAVAILABLE > Jan 22 12:42:06 sol pluto[24350]: "tunnel8"[10] 95.61.168.133 #89: > deleting state (STATE_MODE_CFG_R1) aged 3600.266987s and sending > notification > Jan 22 12:42:06 sol pluto[24350]: "tunnel8"[10] 95.61.168.133 #90: > deleting state (STATE_QUICK_R2) aged 3600.089852s and sending notification > Jan 22 12:42:06 sol pluto[24350]: "tunnel8"[10] 95.61.168.133 #90: ESP > traffic information: in=11MB out=30MB [email protected] > Jan 22 12:42:06 sol pluto[24350]: "tunnel8"[10] 95.61.168.133 #90: > Warning: XAUTH username changed from '' to 'asilvaptremote.local' > Jan 22 12:42:06 sol pluto[24350]: "tunnel8"[10] 95.61.168.133 #93: > ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x3e9fbbf6) not found (maybe > expired) > Jan 22 12:42:06 sol pluto[24350]: ignoring found existing connection > instance "tunnel8"[10] 95.61.168.133 that covers kernel acquire with IKE > state #93 and IPsec state #0 - due to duplicate acquire? > Jan 22 12:42:36 sol pluto[24350]: existing bare shunt found - refusing to > add a duplicate > Jan 22 12:42:36 sol pluto[24350]: ignoring found existing connection > instance "tunnel8"[10] 95.61.168.133 that covers kernel acquire with IKE > state #93 and IPsec state #0 - due to duplicate acquire? > Jan 22 12:42:36 sol pluto[24350]: existing bare shunt found - refusing to > add a duplicate > Jan 22 12:42:36 sol pluto[24350]: ignoring found existing connection > instance "tunnel8"[10] 95.61.168.133 that covers kernel acquire with IKE > state #93 and IPsec state #0 - due to duplicate acquire? > Jan 22 12:43:06 sol pluto[24350]: existing bare shunt found - refusing to > add a duplicate > Jan 22 12:43:06 sol pluto[24350]: ignoring found existing connection > instance "tunnel8"[10] 95.61.168.133 that covers kernel acquire with IKE > state #93 and IPsec state #0 - due to duplicate acquire? > Jan 22 12:43:36 sol pluto[24350]: existing bare shunt found - refusing to > add a duplicate > Jan 22 12:43:36 sol pluto[24350]: ignoring found existing connection > instance "tunnel8"[10] 95.61.168.133 that covers kernel acquire with IKE > state #93 and IPsec state #0 - due to duplicate acquire? > Jan 22 12:44:06 sol pluto[24350]: existing bare shunt found - refusing to > add a duplicate > Jan 22 12:44:06 sol pluto[24350]: ignoring found existing connection > instance "tunnel8"[10] 95.61.168.133 that covers kernel acquire with IKE > state #93 and IPsec state #0 - due to duplicate acquire? > Jan 22 12:44:37 sol pluto[24350]: existing bare shunt found - refusing to > add a duplicate > Jan 22 12:44:37 sol pluto[24350]: ignoring found existing connection > instance "tunnel8"[10] 95.61.168.133 that covers kernel acquire with IKE > state #93 and IPsec state #0 - due to duplicate acquire? > Jan 22 12:45:07 sol pluto[24350]: existing bare shunt found - refusing to > add a duplicate > Jan 22 12:45:07 sol pluto[24350]: ignoring found existing connection > instance "tunnel8"[10] 95.61.168.133 that covers kernel acquire with IKE > state #93 and IPsec state #0 - due to duplicate acquire? > Jan 22 12:45:12 sol pluto[24350]: "tunnel8"[10] 95.61.168.133 #93: > received Delete SA payload: self-deleting ISAKMP State #93 > > > > > My configuration: > conn tunnel8-aggr > aggrmode=yes > also=tunnel8 > > conn tunnel8 > pfs=no > type=tunnel > auto=add > ikev2=no > phase2=esp > authby=secret > keyingtries=3 > ikelifetime=24h > salifetime=1h > left=92.211.123.17 > leftsubnet=0.0.0.0/0 > [email protected] > right=%any > rightid=%any > rightaddresspool=192.168.20.100-192.168.20.254 > dpddelay=30 > dpdtimeout=300 > dpdaction=clear > leftxauthserver=yes > rightxauthclient=yes > leftmodecfgserver=yes > rightmodecfgclient=yes > modecfgpull=yes > fragmentation=yes > xauthby=file > > > > > > > -- > Saludos / Regards / Cumprimentos > António Silva > > > > > On 21 Jan 2021, at 20:01, Michael Schwartzkopff <[email protected]> wrote: > > On 21.01.21 20:53, Kontakt wrote: > > Hello, > I have a problem. ipsec tunnel compiled on libreswan 4.1 (centos 8) for 1 > client causes it to disconnect after 3600s. the same configuration on > libreswan 3.23 (centos 7) does not cause such problems. conf file, > password, iptables, entries in routing table identical. > I checked sysctl - identical. the only difference is selinux (centos 7 has > enforce, centos 8 disabled). > > libreswan 3.23 (centos 7): > > *ipsec verify*Verifying installed system and configuration files > > Version check and ipsec on-path [OK] > Libreswan 3.23 (netkey) on 3.10.0-862.3.2.el7.x86_64 > Checking for IPsec support in kernel [OK] > NETKEY: Testing XFRM related proc values > ICMP default / send_redirects [NOT DISABLED] > > Disable / proc / sys / net / ipv4 / conf / * / send_redirects or NETKEY > will act on or cause sending of bogus ICMP redirects! > > ICMP default / accept_redirects [OK] > XFRM larval drop [OK] > Pluto ipsec.conf syntax [OK] > Two or more interfaces found, checking IP forwarding [OK] > Checking rp_filter [ENABLED] > / proc / sys / net / ipv4 / conf / all / rp_filter [ENABLED] > / proc / sys / net / ipv4 / conf / default / rp_filter [ENABLED] > / proc / sys / net / ipv4 / conf / em1 / rp_filter [ENABLED] > / proc / sys / net / ipv4 / conf / em2 / rp_filter [ENABLED] > / proc / sys / net / ipv4 / conf / ip_vti0 / rp_filter [ENABLED] > rp_filter is not fully aware of IPsec and should be disabled > Checking that pluto is running [OK] > Pluto listening for IKE on udp 500 [OK] > Pluto listening for IKE / NAT-T on udp 4500 [OK] > Pluto ipsec.secret syntax [OK] > Checking 'ip' command [OK] > Checking 'iptables' command [OK] > Checking 'prelink' command does not interfere with FIPS [OK] > Checking for obsolete ipsec.conf options [OK] > > ipsec verify: encountered 12 errors - see 'man ipsec_verify' for help > > *And for libreswan 4.1 (centos 8):* > * ipsec verify* > > Verifying installed system and configuration files > > Version check and ipsec on-path [OK] > Libreswan 4.1 (netkey) on 4.18.0-193.28.1.el8_2.x86_64 > Checking for IPsec support in kernel [OK] > NETKEY: Testing XFRM related proc values > ICMP default / send_redirects [OK] > ICMP default / accept_redirects [OK] > XFRM larval drop [OK] > Pluto ipsec.conf syntax [OK] > Checking rp_filter [OK] > Checking that pluto is running [OK] > Pluto listening for IKE on udp 500 [OK] > Pluto listening for IKE / NAT-T on udp 4500 [OK] > Pluto ipsec.secret syntax [OK] > Checking 'ip' command [OK] > Checking 'iptables' command [OK] > Checking 'prelink' command does not interfere with FIPS [OK] > Checking for obsolete ipsec.conf options [OK] > > Where to look for the problem? > > > > _______________________________________________ > Swan mailing > [email protected]https://lists.libreswan.org/mailman/listinfo/swan > > > > Logs? of both sides? > > Seems the child negotiation somehow fails. But the reason should be in the > logs. > > > Mit freundlichen Grüßen, > > -- > > [*] sys4 AG > https://sys4.de, +49 (89) 30 90 46 64 > Schleißheimer Straße 26/MG,80333 München > > Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 > Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief > Aufsichtsratsvorsitzender: Florian Kirstein > > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan > > > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan > > > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan >
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
