Hi, are you running strongSwan on CentOS or RedHat? There is an issue with these Linux kernels where IPsec policies get deleted when they are queried e.g. by ipsec statusall or DPD. I think this kernel bug was fixed recently by RedHat.
Best regards Andreas ServerAlex wrote: > I've got a host-to-host connection that should be kept alive 24/7. > > machine 1: > config setup > plutostart=no # IKEv1 > charonstart=yes # IKEv2 > nat_traversal=no > > # Add connections here. > > # Sample VPN connections > conn %default > ikelifetime=60m > keylife=20m > rekeymargin=3m > keyingtries=%forever > keyexchange=ikev2 > dpdaction=hold > mobike=no > > conn server1 > left=XX.X.XX.XX > leftcert=server1-cert.pem > left...@server1.xxx.com > right=YY.YY.YY.YY > right...@server2.xxx.com > auto=start > > server2: > config setup > plutostart=no # IKEv1 > charonstart=yes # IKEv2 > nat_traversal=no > > # Add connections here. > > # Sample VPN connections > conn %default > ikelifetime=60m > keylife=20m > rekeymargin=3m > keyingtries=%forever > keyexchange=ikev2 > dpdaction=clear > mobike=no > > conn server12 > left=YY.YY.YY.YY > leftcert=server2-cert.pem > left...@server2.xxx.com > right=XX.XX.XX.XX > right...@server1.xxx.com > auto=add > > > when i start ipsec on both sides it works for a few minutes, then it > just doesnt any longer, although the SAs are still alive. > server2[2]: ESTABLISHED 11 minutes ago, > XX.XX.XX.XX[server1.XXX.com]...YY.YY.YY.YY[server2.XXX.com] > server2{2}: INSTALLED, TUNNEL, ESP SPIs: cb043689_i c4ecff51_o > server2{2}: XX.XX.XX.XX/32 === YY.YY.YY.YY/32 > > But no traffic flow can be established. Logs gives me errors like these: > Sep 2 02:44:30 server1 charon: 11[KNL] querying policy failed: No > such file or directory (2) > > I have to restart the whole daemon on server1 to get the traffic > flowing again.. for a few minutes. > > Any ideas? ====================================================================== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users