[strongSwan] Setting upp strongSwan U5.1.2 <-> Openswan IPsec U2.6.37

Tue, 26 May 2015 14:10:51 -0700 

Hello,

I am trying to connect strongswan with openswan.
It works for 60 seconds, then it all dies until I restart ipsec, then it works for another 60 seconds... 

$ sudo ipsec status
Security Associations (1 up, 0 connecting):
         hub[1]: ESTABLISHED 17 seconds ago, x[x]...y[y]
         hub{1}:  INSTALLED, TUNNEL, ESP SPIs: ca70896d_i 1d4e67fe_o
         hub{1}:   192.168.45.0/24 === 10.193.160.0/23

Fine, connection is up and running!

After one minute this happens:

$ sudo ipsec status
Security Associations (2 up, 0 connecting):
         hub[2]: ESTABLISHED 11 seconds ago, x[x]...y[y]
         hub[1]: DELETING, x[x]...y[y]
         hub{1}:  INSTALLED, TUNNEL, ESP SPIs: ca70896d_i 1d4e67fe_o
         hub{1}:   192.168.45.0/24 === 10.193.160.0/23

Log entry in auth.log
May 26 22:49:27 toto charon: 08[IKE] y is initiating a Main Mode IKE_SA

May 26 22:49:27 toto charon: 15[IKE] deleting IKE_SA hub[1] between 
x[x]...y[y]


Then all trafic is dead:

$ sudo ipsec status
Security Associations (1 up, 0 connecting):
         hub[2]: ESTABLISHED 2 minutes ago, x[x]...y[y]

Here are the logs from the openswan server:

$ sudo ipsec auto --status | grep hub

000 "hub": 10.193.160.0/23===y<y>[+S=C]...x<x>[+S=C]===192.168.45.0/24; 
erouted; eroute owner: #76

000 "hub":     myip=unset; hisip=unset;

000 "hub":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; 
rekey_fuzz: 100%; keyingtries: 0
000 "hub":   policy: 
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio: 23,24; 
interface: eth0;

000 "hub":   newest ISAKMP SA: #77; newest IPsec SA: #76;
000 "hub":   IKE algorithm newest: AES_CBC_128-SHA1-MODP2048
000 "hub":   ESP algorithms wanted: 3DES(3)_000-MD5(1)_1024; flags=-strict
000 "hub":   ESP algorithms loaded: 3DES(3)_192-MD5(1)_1024
000 "hub":   ESP algorithm newest: 3DES_192-HMAC_MD5; pfsgroup=<Phase1>

000 #98: "hub":500 STATE_QUICK_I1 (sent QI1, expecting QR1); 
EVENT_RETRANSMIT in 6s; lastdpd=-1s(seq in:0 out:0); idle; import:admin 
initiate
000 #77: "hub":500 STATE_MAIN_I4 (ISAKMP SA established); 
EVENT_SA_REPLACE in 1907s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); 
idle; import:admin initiate
000 #76: "hub":500 STATE_PARENT_R2 (received v2I2, PARENT SA 
established); EVENT_SA_REPLACE in 27535s; newest IPSEC; eroute owner; 
nodpd; idle; import:respond to stranger


conn hub
       right=y
       rightsubnet=10.193.160.0/23
       left=x
       leftsubnet=192.168.45.0/24
       auto=start
       authby=secret
       esp=3des-md5-1024
       pfs=yes
       #keyexchange = ike

What have I done wrong? :-)

/Richard
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users






















					Reply via email to