-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello Bradley,
Without a log file, I can only assume, that the tunnel gets torn down, because the communication to the peers get severed. I propose enabling dpd with dpdaction=restart, as well as closeaction=restart, so the tunnel gets reestablished, if it gets severed for some reason. Regards, Noel Kuntze GPG Key id: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 Am 10.07.2014 19:42, schrieb Turnbough, Bradley E.: > Can anyone help me out with this issue? I know I have very few details to go > off of, but at this point, I don't know what else is needed and what needs to > be provided. > > Thanks, > > Brad > ________________________________ > From: Turnbough, Bradley E. > Sent: Wednesday, July 09, 2014 9:00 AM > To: [email protected] > Subject: Random IPSEC IKE1 Dropping > > Hello All, > > I'm currently running this config on an active strongswan box. I am running > CentOS 6.5 (fully patched) along side of strongswan version "Linux strongSwan > U5.0.4/K2.6.32-431.3.1.el6.x86_6" > > We upgraded a while back from a version that still used pluto to this new > version (which uses charon) We've started to experience random conn drops > (primarilly on sa-01 and sa-05. The only way to resolve this that I've found > is to perform a 'service strongswan restart' This is not the only conn which > experiences this, so I'm thinking this may be a configuration issue or a bug. > The problem is, is I don't necessarily know much about ipsec. I'm hoping > someone can help me out. Can anyone? Please? > > conn customer-sa-01 > auto=start > rightsubnet=A.0.0.0/8 > also=customer-default > > conn customer-sa-02 > auto=start > rightsubnet=B.C.0.0/16 > also=customer-default > > conn customer-sa-03 > auto=start > rightsubnet=D.E.0.0/16 > also=customer-default > > conn customer-sa-04 > auto=start > rightsubnet=F.G.0.0/15 > also=customer-default > > conn customer-sa-05 > auto=start > rightsubnet=H.I.0.0/15 > also=customer-default > > conn customer-sa-06 > auto=start > rightsubnet=J.K.0.0/16 > also=customer-default > > conn customer-sa-07 > auto=start > rightsubnet=L.M.0.0/16 > also=customer-default > > conn customer-sa-08 > auto=start > rightsubnet=N.O.P.Q/32 > also=customer-default > > conn customer-default > keyingtries=%forever > authby=secret > left=R.S.T.U > leftsubnet=V.W.X.0/24 > right=Y.Z.AA.BB > rightallowany=yes > keyexchange=ikev1 > ikelifetime=480m > keylife=3600s > mobike=no > ike=aes256-sha1-modp1024 > esp=3des-md5 > > > _____________________________________________________________ This e-mail > transmission contains information that is confidential and may be privileged. > It is intended only for the addressee(s) named above. If you receive this > e-mail in error, please do not read, copy or disseminate it in any manner. If > you are not the intended recipient, any disclosure, copying, distribution or > use of the contents of this information is prohibited. Please reply to the > message immediately by informing the sender that the message was misdirected. > After replying, please erase it from your computer system. Your assistance in > correcting this error is appreciated. > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTvu1nAAoJEDg5KY9j7GZYu6kP/38/l/0HtxYyEV1EDL4L+pi7 IsAoq07QwRFVOFn5LfAjbALfslPTyINoI+0dAxPcFSFxdvid2VgySoisTJctg+D3 Mxej/saCcsZFiJ7lUI62AeCpRpd7im8O6C24XhaNEbls4f0acwVCXjSK3awxnB0j oWfhsB8SoC9xCGiVIpHbrBvUrlSD3EvCKuY7TMmZXHlkP3TZBCRakTGSMVr6pWSp 2M4sGrVrxapUrRh7Z4YonrAY6k9j9klTtqh6TOuIveP3gQntPLl38gkzGVhhOATB 0eZrxrGmEzujuEhxCyx0UH7mtwS6VGwsJzTmSXMU+2qU2mJmRJxgm6FTaRnzDHOQ 3wrgRVV2gsYHZCfhNipICBKB+TQtHDo+Cvem/U28H8PSsa47aLPOCbTy31TNK3SU 8hcNYQnWWZj6Ldu8knsAW7J+P/ERm/SD86W4DoHWaSoTzYtdJUsP4JIoMBHBY7JE XkQZrJpIEPIDsErkM9LOSGygrnZV3SZ1n804g114dfSO6DaIIq7ZEe7OQYsl4SKB EziYAbZXJJIUUazfLihUpCkxCKIo1pl/cvkDjpoAKyyjHK1AWfxx6lZUsiFZfNlw feZmnHbg4yKK73d2cQ+wXQh2YcVzHJaene4rwrCEcdajVUSFdwLxxHr0hU6v8mOu lZNO9GrUWRrxd9+PgeL/ =xG9s -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
