-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello Banio,
Did you try setting leftsendcert=always in the conn definition on the server side? Also, I think you are more likely to have an MTU problem, as the packet with size 1916 byte never reach the server. You might want to upgrade and use fragmentation to make sure that packets larger than the MTU (probably around 1500 byte) are fragmented and can reach the destination. Mit freundlichen Grüßen/Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 Am 19.01.2015 um 21:56 schrieb Banio: > I have 7 gateways (all set up the same) and many clients (all configured in > the same manner), some on multiple gateways. The gateways use certs for > authentication. Clients and gateways are all on amazon aws. I periodically > see the follow issue: > > Client connects fine to gateway for weeks, then stops being able to connect. > Other clients continue to connect without issue to gateway. The two can > communicate and get to the point where they both send their respective > "request for cert", and the client sends it's end entity cert, but the > gateway never seems to receive it. The client continues to retransmit until 5 > are sent and it times out. If I destroy the virtual server and redeploy, the > new client, with the same hostname and same configuration, can connect > without issue. > > Here is the meta info (versions and OS are the same on gateway and client): > > OS: Centos 6.6 > strongswan version: 5.2.0 > Gateway config: http://ur1.ca/jh5g7 > Client config: http://ur1.ca/jh5go > Gateway log: http://ur1.ca/jh5h4 > Client log: http://ur1.ca/jh5hn > > Please let me know if you need more info. > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJUvXNzAAoJEDg5KY9j7GZYGQoP/jnyJMP7ehYkTj+O+JrTx0vf v2a7YDJjR1Ukj3upMJxnFse2QR2MGV4fpZdobep2RCE5Pp4KGiNqsBqrwgppx6OS ot9L4cjuDsllK8tPFuee5a9KNNOfhAGSxgXWrDg+f10d/2bmxteInZB7cmWZZJ7o YP0LKu/3ZXC+RBaWY8HHqgz43AwT0tyzgfEaMHKUSDH5WYvAswI8Fc0FoeP5Hh2f y1Jq32BvIDQJ3txaMO6DBflEI9eHhnQydDccz3983ktsJirCKfYm6G0qLnDjnrjA RuACaoxUPqiA/nYsw+QRPcXGwbO5dEXDBjElQk9hCE7rB9Yi8KRb2Fs4i8CiS7eF pf4jcywiCIBTbqODJEK1dVmIRcmr3O//Z/eREucAB02LNK+HJUuR+8YQc7Okuezc 6lWj6vva6oNc8VIp89+9MWlwhhXGXEWSGVGLnlhSOuzq8RedB1Z+sjY4tcqKDVcE wPnTdDjh6E8fH6TZF6FJtlCWXFkcclyDDdcpnEjSKI6ZwPv8lqF8s1YvcwvoQrYQ YZb9spWMSMNOOx7BLBWArZ3czM64uciTBC7hMVEsHuYhM7MZfna6puDyZ11oSoRJ bWSdUQusCp4Zyx4gUTmn4xiJAUpxC02v08mNKIND0ZNAsEQU+5TmGyWP0qnLcp1k P8mRqjp/G9sZRbkP1gs5 =qHOt -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
