I use the work randomly, but I think it was around midnight this time. It
happened other times during the day last week.
This is my home office that had connections to all 3 segments of the 3 segment
ipsec cloud. The cloud itself is working flawlessly now (after migrating the
final openswan to strongSwan). On the home office when I do an ipsec start, the
tunnels come up just fine. At some point they can no longer talk to the 3
segment vpn servers and it just stops. I'm not sure why. Last night it appared
to happen at around midnight, so I thought I'd look at that as a possible
trigger. The home office is on a dynamic IP which hasn't changed in several
months (since I logged it last -- maybe a year+).
Here is the dump from the log file where it actually dies:
Mar 2 00:03:20 charon: 03[KNL] creating rekey job for ESP CHILD_SA with SPI
ca7282eb and reqid {5}
Mar 2 00:03:20 charon: 06[IKE] establishing CHILD_SA fre-ben{5}
Mar 2 00:03:20 charon: 06[IKE] establishing CHILD_SA fre-ben{5}
Mar 2 00:03:20 charon: 06[ENC] generating CREATE_CHILD_SA request 4 [
N(REKEY_SA) SA No TSi TSr ]
... First sending/retrans happens right after rekey 00:03:20
Mar 2 00:04:49 hsbenfiw01 charon: 13[IKE] retransmit 5 of request with message
ID 4
Mar 2 00:04:49 hsbenfiw01 charon: 13[NET] sending packet: from HOMEOFFICE[500]
to REMOTENETWORK[500]
Mar 2 00:06:05 charon: 03[KNL] creating delete job for ESP CHILD_SA with SPI
ccdb20b0 and reqid {5}
Mar 2 00:06:05 charon: 12[IKE] giving up after 5 retransmits
Mar 2 00:06:05 vpn: - ...
Mar 2 00:06:05 charon: 12[KNL] received netlink error: No such process (3)
Mar 2 00:06:05 charon: 12[KNL] unable to delete SAD entry with SPI ccdb20b0
What's my best course at this time?
Gary Smith
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
