This is a continuation of issue #317 on the wiki. I have posted the same there but without any help. I was hoping there is a solution which I have been unable to find. I am running strongSwan 5.0.2 on CentOS and with an ASA on the other end, experience what appears to be the connection deleting itself during the re-auth stage. Below are the logs where I am losing my tunnel like clockwork exactly every 6 hours (I have sanitized the public IP address):
Aug 30 14:58:40 bhm-ipsec-221 charon: 14[NET] received packet: from
XXX.YYY.2.20[4500] to 10.10.100.221[4500] (168 bytes)
Aug 30 14:58:40 bhm-ipsec-221 charon: 14[ENC] parsed ID_PROT request 0 [ SA V
V V V ]
Aug 30 14:58:40 bhm-ipsec-221 charon: 14[IKE] received
draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Aug 30 14:58:40 bhm-ipsec-221 charon: 14[IKE] received
draft-ietf-ipsec-nat-t-ike-03 vendor ID
Aug 30 14:58:40 bhm-ipsec-221 charon: 14[IKE] received NAT-T (RFC 3947)
vendor ID
Aug 30 14:58:40 bhm-ipsec-221 charon: 14[IKE] received FRAGMENTATION vendor ID
Aug 30 14:58:40 bhm-ipsec-221 charon: 14[IKE] XXX.YYY.2.20 is initiating a
Main Mode IKE_SA
Aug 30 14:58:40 bhm-ipsec-221 charon: 14[ENC] generating ID_PROT response 0 [
SA V V V ]
Aug 30 14:58:40 bhm-ipsec-221 charon: 14[NET] sending packet: from
10.10.100.221[4500] to XXX.YYY.2.20[4500] (132 bytes)
Aug 30 14:58:40 bhm-ipsec-221 charon: 11[NET] received packet: from
XXX.YYY.2.20[4500] to 10.10.100.221[4500] (304 bytes)
Aug 30 14:58:40 bhm-ipsec-221 charon: 11[ENC] parsed ID_PROT request 0 [ KE
No V V V V NAT-D NAT-D ]
Aug 30 14:58:40 bhm-ipsec-221 charon: 11[IKE] local host is behind NAT,
sending keep alives
Aug 30 14:58:40 bhm-ipsec-221 charon: 11[ENC] generating ID_PROT response 0 [
KE No NAT-D NAT-D ]
Aug 30 14:58:40 bhm-ipsec-221 charon: 11[NET] sending packet: from
10.10.100.221[4500] to XXX.YYY.2.20[4500] (244 bytes)
Aug 30 14:58:41 bhm-ipsec-221 charon: 12[NET] received packet: from
XXX.YYY.2.20[4500] to 10.10.100.221[4500] (84 bytes)
Aug 30 14:58:41 bhm-ipsec-221 charon: 12[ENC] parsed ID_PROT request 0 [ ID
HASH V ]
Aug 30 14:58:41 bhm-ipsec-221 charon: 12[CFG] looking for pre-shared key peer
configs matching 10.10.100.221...XXX.YYY.2.20[XXX.YYY.2.20]
Aug 30 14:58:41 bhm-ipsec-221 charon: 12[CFG] selected peer config
"secret-tunnel02"
Aug 30 14:58:41 bhm-ipsec-221 charon: 12[IKE] deleting duplicate IKE_SA for
peer 'XXX.YYY.2.20' due to uniqueness policy
Aug 30 14:58:41 bhm-ipsec-221 charon: 12[IKE] deleting IKE_SA
secret-tunnel02[2] between 10.10.100.221[company]...XXX.YYY.2.20[XXX.YYY.2.20]
Aug 30 14:58:41 bhm-ipsec-221 charon: 12[IKE] sending DELETE for IKE_SA
sending-tunnel02[2]
Aug 30 14:58:41 bhm-ipsec-221 charon: 12[ENC] generating INFORMATIONAL_V1
request 1385282457 [ HASH D ]
Aug 30 14:58:41 bhm-ipsec-221 charon: 12[NET] sending packet: from
10.10.100.221[4500] to XXX.YYY.2.20[4500] (84 bytes)
Aug 30 14:58:41 bhm-ipsec-221 charon: 12[IKE] IKE_SA secret-tunnel02[10]
established between 10.10.100.221[company]...XXX.YYY.2.20[XXX.YYY.2.20]
Aug 30 14:58:41 bhm-ipsec-221 charon: 12[IKE] scheduling reauthentication in
27872s
Aug 30 14:58:41 bhm-ipsec-221 charon: 12[IKE] maximum IKE_SA lifetime 28412s
Aug 30 14:58:41 bhm-ipsec-221 charon: 12[IKE] DPD not supported by peer,
disabled
Aug 30 14:58:41 bhm-ipsec-221 charon: 12[ENC] generating ID_PROT response 0 [
ID HASH ]
Aug 30 14:58:41 bhm-ipsec-221 charon: 12[NET] sending packet: from
10.10.100.221[4500] to XXX.YYY.2.20[4500] (68 bytes)
Aug 30 14:58:41 bhm-ipsec-221 charon: 15[NET] received packet: from
XXX.YYY.2.20[4500] to 10.10.100.221[4500] (68 bytes)
Aug 30 14:58:41 bhm-ipsec-221 charon: 15[ENC] parsed INFORMATIONAL_V1 request
3803765251 [ HASH D ]
Aug 30 14:58:41 bhm-ipsec-221 charon: 15[IKE] received DELETE for ESP
CHILD_SA with SPI c95b03dd
Aug 30 14:58:41 bhm-ipsec-221 charon: 15[IKE] closing CHILD_SA
secret-tunnel02{2} with SPIs c7a16268_i (13652 bytes) c95b03dd_o (17544 bytes)
and TS 10.10.100.0/24 === XXX.YYY.43.0/24
Aug 30 14:58:41 bhm-ipsec-221 vpn: - XXX.YYY.2.20 XXX.YYY.43.0/24 ==
XXX.YYY.2.20 -- 10.10.100.221 == 10.10.100.0/24
Aug 30 14:58:41 bhm-ipsec-221 charon: 09[NET] received packet: from
XXX.YYY.2.20[4500] to 10.10.100.221[4500] (84 bytes)
Aug 30 14:58:41 bhm-ipsec-221 charon: 09[ENC] parsed INFORMATIONAL_V1 request
958391242 [ HASH D ]
Aug 30 14:58:41 bhm-ipsec-221 charon: 09[IKE] received DELETE for IKE_SA
secret-tunnel02[10]
Aug 30 14:58:41 bhm-ipsec-221 charon: 09[IKE] deleting IKE_SA
secret-tunnel02[10] between 10.10.100.221[company]...XXX.YYY.2.20[XXX.YYY.2.20]
I appreciate any and all input.
Thanks,
Izz
Izz Abdullah
Senior Systems Engineer
www.wepanow.com<http://www.wepanow.com>
[cid:[email protected]]
<<attachment: wepa_logo.png>>
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
