Re: [strongSwan] Problems with IKEv1 Dead-Peer-Detection in 5.0.1

Wed, 24 Oct 2012 05:26:39 -0700 

I use next server side config:

/etc/ipsec.conf :

# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup
        uniqueids=never

conn macos
        authby=xauthpsk
        xauth=server
        left=176.9.1.119
        leftsubnet=0.0.0.0/0
        leftfirewall=yes
        right=%any
        rightsubnet=0.0.0.0/0
        rightsourceip=10.2.0.0/24
        auto=add


/etc/strongswan.conf

https://gist.github.com/3945801


24.10.2012 15:21, Dmitry Korzhevin пишет:

Hello Martin

Please, look at server log, i can't paste it because it verbose (4.5M):

http://madsanity.kiev.ua/files/charon.log

Look at ip: 89.252.56.204

This user DPD problem start at 13:35 (1 hour difference between server
log and client log)

Client side log:

https://gist.github.com/3945759

I use Debian and strongSwan 5.0.1 on server side. I will provide any
needed info to help detect source of this problem.




24.10.2012 11:34, Martin Willi пишет:

Hi,


IKEv1 Information-Notice: transmit success. (R-U-THERE?).
IKEv1 Information-Notice: transmit success. (R-U-THERE?).
IKEv1 Dead-Peer-Detection: maximum retransmits. (DPD maximum
retransmits).
IPSec Controller: IKE FAILED. phase 6, assert 0


racoon sends DPD requests, but strongSwan does not seem to answer them.
What is the log output on strongSwan? Does it receive the DPD messages?

Regards
Martin



Best Regards,
Dmitry

---
Dmitry KORZHEVIN
System Administrator
STIDIA S.A. - Luxembourg

e: [email protected]
m: +38 093 874 5453
w: http://www.stidia.com



_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users



Best Regards,
Dmitry

---
Dmitry KORZHEVIN
System Administrator
STIDIA S.A. - Luxembourg

e: [email protected]
m: +38 093 874 5453
w: http://www.stidia.com

Attachment: smime.p7s
Description: Криптографическая подпись S/MIME

_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to