[strongSwan] charon hanging

Mon, 09 Jul 2012 05:47:01 -0700 

 

Hi:

    I have a question want to consult. I configured a lot of nodes with
ikev2,most of nodes established, some nodes is connecting or not connected.
I have a shell script to detect ipsec tunnel connection status. If the node
is not established, I will execute ipsec up tunnelname. My script is
executed once every two minutes. Half a day after I run ipsec statusall to
appear as:

bash-3.2# ipsec statusall

000 Status of IKEv1 pluto daemon (strongSwan 4.5.0):

000 interface lo/lo ::1:500

000 interface lo/lo 127.0.0.1:4500

000 interface lo/lo 127.0.0.1:500

000 interface eth0/eth0 120.197.249.35:4500

000 interface eth0/eth0 120.197.249.35:500

000 interface eth1/eth1 10.0.2.253:4500

000 interface eth1/eth1 10.0.2.253:500

000 interface tun0:1341804414/tun0:1341804414 10.0.2.129:4500

000 interface tun0:1341804414/tun0:1341804414 10.0.2.129:500

000 interface tun0:1341804415/tun0:1341804415 10.10.10.1:4500

000 interface tun0:1341804415/tun0:1341804415 10.10.10.1:500

000 %myid = '%any'

000 loaded plugins: curl ldap aes des sha1 sha2 md5 random x509 pkcs1 pgp
dnskey pem openssl hmac attr kernel-pfkey kernel-netlink resolve 

000 debug options: none

000 

000 "asg-ar2831":
10.0.0.0/16===120.197.249.35[120.197.249.35]---120.197.249.33...221.179.41.2
2[221.179.41.22]===10.8.0.0/16; erouted; eroute owner: #12

000 "asg-ar2831":   ike_life: 86400s; ipsec_life: 86400s; rekey_margin: 30s;
rekey_fuzz: 50%; keyingtries: 3

000 "asg-ar2831":   dpd_action: clear; dpd_delay: 10s; dpd_timeout: 30s;

000 "asg-ar2831":   policy: PSK+ENCRYPT+TUNNEL+UP; prio: 16,16; interface:
eth0; 

000 "asg-ar2831":   newest ISAKMP SA: #1; newest IPsec SA: #12; 

000 "asg-ar2831":   IKE proposal: 3DES_CBC/HMAC_MD5/MODP_1024

000 "asg-ar2831":   ESP proposal: 3DES_CBC/HMAC_MD5/<N/A>

000 

000 #12: "asg-ar2831" STATE_QUICK_I2 (sent QI2, IPsec SA established);
EVENT_SA_REPLACE in 86276s; newest IPSEC; eroute owner

000 #12: "asg-ar2831" [email protected] (0 bytes) esp.caf7ca84@120.
197.249.35 (0 bytes); tunnel

000 #1: "asg-ar2831" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE
in 85072s; newest ISAKMP; DPD active

000

 

ipsec statusall will die. All of tunnels will disconnect.

I want to know what causes it, thank you!

 

 


 <http://www.netentsec.com/> cid:[email protected]

www.netentsec.com

400-678-3600

        姓名 刘立鑫

部门 工程部-ASG组

 

邮件: <mailto:[email protected]> [email protected]

总机:+86 10 6267 0909-6934

传真:+86 10 6267 0958

北京市海淀区中关村东路66号长城大厦3层 100190

<<image001.gif>>

<<image002.png>>

_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to