Hi All,
I am using strongswan-4.2.8 stack. And I am getting a strange problem
with this stack:-
The steps that I have taken:-
1. I created an IKE SA for IpSecCPlane and two CHILD SA's under it -
IpSecCPlane & IpSecUCSPlane.
2. After that I bring down IpSecUCSPlane CHILD SA by using the command
"ipsec down {<reqid>}".
3. After that I changed the configuration for IpSecUCSPlane in the
ipsec.conf and then fired the command "ipsec update" and after this
everything hangs. even the command "ipsec status" is not working. The
only option left for me is to restart the Computer.
In syslogs only delete connection is sent to the stroke plugin and not
the add connection for the IpSecUCSPlane.
Following is the conf file I am using:-
Before changing the configuration:-
config setup
cachecrls=no
charonstart=yes
plutostart=no
strictcrlpolicy=no
uniqueids=no
charondebug="ike 4,knl 4,cfg 4,chd 4"
conn IpSecMPlane
ikelifetime=24h
keyexchange=ikev2
keyingtries=%forever
keylife=90m
reauth=no
rekey=yes
mobike=no
rekeymargin=2m
ike=aes128-sha1-modp1024!
esp=3des-sha1-modp1024,aes128-sha1-modp1024!
authby=psk
right=10.118.209.204
rightsubnet=192.168.150.25/24
left=10.118.209.90
leftsubnet=192.168.150.24/32
leftprotoport=sctp/49152
rightprotoport=sctp/49152
auto=add
conn IpSecCPlane
ikelifetime=24h
keyexchange=ikev2
keyingtries=%forever
keylife=90m
reauth=no
rekey=yes
mobike=no
rekeymargin=2m
ike=aes128-sha1-modp1024!
esp=null-sha1-modp1024!
authby=psk
right=10.118.209.254
rightsubnet=10.10.10.10/24
left=10.118.209.90
leftsubnet=10.10.10.11/32
leftprotoport=sctp
rightprotoport=sctp
auto=add
conn IpSecUPSPlane
ikelifetime=24h
keyexchange=ikev2
keyingtries=%forever
keylife=90m
reauth=no
rekey=yes
mobike=no
rekeymargin=2m
ike=aes128-sha1-modp1024!
esp=null-sha1-modp1024!
authby=psk
right=10.118.209.254
rightsubnet=10.10.10.10/24
left=10.118.209.90
leftsubnet=10.10.10.13/32
leftprotoport=udp/49156
rightprotoport=udp/49156
auto=add
conn IpSecUCSPlane
ikelifetime=24h
keyexchange=ikev2
keyingtries=%forever
keylife=90m
reauth=no
rekey=yes
mobike=no
rekeymargin=2m
ike=aes128-sha1-modp1024!
esp=aes128-sha1-modp1024,3des-sha1-modp1024!
authby=psk
right=10.118.209.254
rightsubnet=10.10.10.10/24
left=10.118.209.90
leftsubnet=10.10.10.12/32
leftprotoport=udp/49154
rightprotoport=udp/49154
auto=add
After changing the configuration:-
config setup
cachecrls=no
charonstart=yes
plutostart=no
strictcrlpolicy=no
uniqueids=no
charondebug="ike 4,knl 4,cfg 4,chd 4"
conn IpSecMPlane
ikelifetime=24h
keyexchange=ikev2
keyingtries=%forever
keylife=90m
reauth=no
rekey=yes
mobike=no
rekeymargin=2m
ike=aes128-sha1-modp1024!
esp=3des-sha1-modp1024,aes128-sha1-modp1024!
authby=psk
right=10.118.209.204
rightsubnet=192.168.150.25/24
left=10.118.209.90
leftsubnet=192.168.150.24/32
leftprotoport=sctp/49152
rightprotoport=sctp/49152
auto=add
conn IpSecCPlane
ikelifetime=24h
keyexchange=ikev2
keyingtries=%forever
keylife=90m
reauth=no
rekey=yes
mobike=no
rekeymargin=2m
ike=aes128-sha1-modp1024!
esp=null-sha1-modp1024!
authby=psk
right=10.118.209.254
rightsubnet=10.10.10.10/24
left=10.118.209.90
leftsubnet=10.10.10.11/32
leftprotoport=sctp
rightprotoport=sctp
auto=add
conn IpSecUPSPlane
ikelifetime=24h
keyexchange=ikev2
keyingtries=%forever
keylife=90m
reauth=no
rekey=yes
mobike=no
rekeymargin=2m
ike=aes128-sha1-modp1024!
esp=null-sha1-modp1024!
authby=psk
right=10.118.209.254
rightsubnet=10.10.10.10/24
left=10.118.209.90
leftsubnet=10.10.10.13/32
leftprotoport=udp/49156
rightprotoport=udp/49156
auto=add
conn IpSecUCSPlane
ikelifetime=24h
keyexchange=ikev2
keyingtries=%forever
keylife=90m
reauth=no
rekey=yes
mobike=no
rekeymargin=2m
ike=aes128-sha1-modp1024!
esp=3des-sha1-modp1024,aes128-sha1-modp1024!
authby=psk
right=10.118.209.254
rightsubnet=10.10.10.10/24
left=10.118.209.90
leftsubnet=10.10.10.12/32
leftprotoport=udp/49154
rightprotoport=udp/49154
auto=add
Thanks in advance.
Regards,
Vivek
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
