I've got a host-to-host connection that should be kept alive 24/7.
machine 1:
config setup
plutostart=no # IKEv1
charonstart=yes # IKEv2
nat_traversal=no
# Add connections here.
# Sample VPN connections
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=%forever
keyexchange=ikev2
dpdaction=hold
mobike=no
conn server1
left=XX.X.XX.XX
leftcert=server1-cert.pem
left...@server1.xxx.com
right=YY.YY.YY.YY
right...@server2.xxx.com
auto=start
server2:
config setup
plutostart=no # IKEv1
charonstart=yes # IKEv2
nat_traversal=no
# Add connections here.
# Sample VPN connections
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=%forever
keyexchange=ikev2
dpdaction=clear
mobike=no
conn server12
left=YY.YY.YY.YY
leftcert=server2-cert.pem
left...@server2.xxx.com
right=XX.XX.XX.XX
right...@server1.xxx.com
auto=add
when i start ipsec on both sides it works for a few minutes, then it
just doesnt any longer, although the SAs are still alive.
server2[2]: ESTABLISHED 11 minutes ago,
XX.XX.XX.XX[server1.XXX.com]...YY.YY.YY.YY[server2.XXX.com]
server2{2}: INSTALLED, TUNNEL, ESP SPIs: cb043689_i c4ecff51_o
server2{2}: XX.XX.XX.XX/32 === YY.YY.YY.YY/32
But no traffic flow can be established. Logs gives me errors like these:
Sep 2 02:44:30 server1 charon: 11[KNL] querying policy failed: No
such file or directory (2)
I have to restart the whole daemon on server1 to get the traffic
flowing again.. for a few minutes.
Any ideas?
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
