[strongSwan] Random IPSEC IKE1 Dropping

Wed, 09 Jul 2014 07:01:08 -0700 

Hello All,

I'm currently running this config on an active strongswan box.  I am running 
CentOS 6.5 (fully patched) along side of strongswan version "Linux strongSwan 
U5.0.4/K2.6.32-431.3.1.el6.x86_6"

We upgraded a while back from a version that still used pluto to this new 
version (which uses charon)  We've started to experience random conn drops 
(primarilly on sa-01 and sa-05.  The only way to resolve this that I've found 
is to perform a 'service strongswan restart' This is not the only conn which 
experiences this, so I'm thinking this may be a configuration issue or a bug.  
The problem is, is I don't necessarily know much about ipsec.  I'm hoping 
someone can help me out.  Can anyone?  Please?

conn customer-sa-01
  auto=start
  rightsubnet=A.0.0.0/8
  also=customer-default

conn customer-sa-02
  auto=start
  rightsubnet=B.C.0.0/16
  also=customer-default

conn customer-sa-03
  auto=start
  rightsubnet=D.E.0.0/16
  also=customer-default

conn customer-sa-04
  auto=start
  rightsubnet=F.G.0.0/15
  also=customer-default

conn customer-sa-05
  auto=start
  rightsubnet=H.I.0.0/15
  also=customer-default

conn customer-sa-06
  auto=start
  rightsubnet=J.K.0.0/16
  also=customer-default

conn customer-sa-07
  auto=start
  rightsubnet=L.M.0.0/16
  also=customer-default

conn customer-sa-08
  auto=start
  rightsubnet=N.O.P.Q/32
  also=customer-default

conn customer-default
  keyingtries=%forever
  authby=secret
  left=R.S.T.U
  leftsubnet=V.W.X.0/24
  right=Y.Z.AA.BB
  rightallowany=yes
  keyexchange=ikev1
  ikelifetime=480m
  keylife=3600s
  mobike=no
  ike=aes256-sha1-modp1024
  esp=3des-md5


_____________________________________________________________ This e-mail 
transmission contains information that is confidential and may be privileged. 
It is intended only for the addressee(s) named above. If you receive this 
e-mail in error, please do not read, copy or disseminate it in any manner. If 
you are not the intended recipient, any disclosure, copying, distribution or 
use of the contents of this information is prohibited. Please reply to the 
message immediately by informing the sender that the message was misdirected. 
After replying, please erase it from your computer system. Your assistance in 
correcting this error is appreciated.
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to