Hi,

i have strongswan and the child nodes pings at times and stop pinging
randomly and dont ping anymore and this will happen again and again. below
is an example. please help as to why this happens. after child_sa establish
then lose connection. i have attached syslog to show when it connected

GW01>ping -a 172.25.48.36 192.168.200.177
  PING 192.168.200.177: 56  data bytes, press CTRL_C to break
    Request time out
    Reply from 192.168.200.177: bytes=56 Sequence=2 ttl=64 time=204 ms
    Reply from 192.168.200.177: bytes=56 Sequence=3 ttl=64 time=206 ms
    Reply from 192.168.200.177: bytes=56 Sequence=4 ttl=64 time=204 ms
    Reply from 192.168.200.177: bytes=56 Sequence=5 ttl=64 time=206 ms

  --- 192.168.200.177 ping statistics ---
    5 packet(s) transmitted
    4 packet(s) received
    20.00% packet loss
    round-trip min/avg/max = 204/205/206 ms

GW01>ping -a 172.25.48.36 192.168.200.177
  PING 192.168.200.177: 56  data bytes, press CTRL_C to break
    Request time out
    Request time out
    Request time out
    Request time out
    Request time out
Feb 24 07:24:00 localhost charon: 03[IKE] CHILD_SA MTN{1} established with SPIs 
c5bf2812_i 1c0032c9_o and TS 192.168.200.172/32 === 172.25.48.43/32 
Feb 24 07:24:00 localhost vpn: + 41.223.117.190 172.25.48.43/32 == 
41.223.117.190 -- 185.3.95.94 == 192.168.200.172/32
Feb 24 07:24:12 localhost charon: 09[NET] received packet: from 
41.223.117.190[4500] to 185.3.95.94[4500] (164 bytes)
Feb 24 07:24:12 localhost charon: 09[ENC] parsed QUICK_MODE request 2936180826 
[ HASH SA No ID ID ]
Feb 24 07:24:12 localhost charon: 09[IKE] received 1843200000 lifebytes, 
configured 0
Feb 24 07:24:12 localhost charon: 09[ENC] generating QUICK_MODE response 
2936180826 [ HASH SA No ID ID ]
Feb 24 07:24:12 localhost charon: 09[NET] sending packet: from 
185.3.95.94[4500] to 41.223.117.190[4500] (180 bytes)
Feb 24 07:24:12 localhost charon: 07[NET] received packet: from 
41.223.117.190[4500] to 185.3.95.94[4500] (52 bytes)
Feb 24 07:24:12 localhost charon: 07[ENC] parsed QUICK_MODE request 2936180826 
[ HASH ]
Feb 24 07:24:12 localhost charon: 07[IKE] CHILD_SA MTN{2} established with SPIs 
c5337dbc_i 1c000cf8_o and TS 192.168.200.177/32 === 172.25.48.43/32 
Feb 24 07:24:12 localhost vpn: + 41.223.117.190 172.25.48.43/32 == 
41.223.117.190 -- 185.3.95.94 == 192.168.200.177/32
Feb 24 07:24:12 localhost charon: 12[IKE] sending retransmit 3 of request 
message ID 2944856151, seq 4
Feb 24 07:24:12 localhost charon: 12[NET] sending packet: from 
185.3.95.94[4500] to 41.223.117.190[4500] (76 bytes)
Feb 24 07:24:36 localhost charon: 02[IKE] sending retransmit 4 of request 
message ID 2944856151, seq 4
Feb 24 07:24:36 localhost charon: 02[NET] sending packet: from 
185.3.95.94[4500] to 41.223.117.190[4500] (76 bytes)
Feb 24 07:25:01 localhost CRON[5958]: (root) CMD (command -v debian-sa1 > 
/dev/null && debian-sa1 1 1)
Feb 24 07:25:18 localhost charon: 11[IKE] sending retransmit 5 of request 
message ID 2944856151, seq 4
Feb 24 07:25:18 localhost charon: 11[NET] sending packet: from 
185.3.95.94[4500] to 41.223.117.190[4500] (76 bytes)
Feb 24 07:26:33 localhost charon: 10[IKE] giving up after 5 retransmits
Feb 24 07:26:33 localhost charon: 10[IKE] initiating Main Mode IKE_SA MTN[249] 
to 41.223.117.190
Feb 24 07:26:33 localhost charon: 10[ENC] generating ID_PROT request 0 [ SA V V 
V V ]
Feb 24 07:26:33 localhost charon: 10[NET] sending packet: from 
185.3.95.94[4500] to 41.223.117.190[4500] (184 bytes)
Feb 24 07:26:33 localhost vpn: - 41.223.117.190 172.25.48.43/32 == 
41.223.117.190 -- 185.3.95.94 == 192.168.200.172/32
Feb 24 07:26:33 localhost vpn: - 41.223.117.190 172.25.48.43/32 == 
41.223.117.190 -- 185.3.95.94 == 192.168.200.177/32
Feb 24 07:26:33 localhost charon: 02[NET] received packet: from 
41.223.117.190[4500] to 185.3.95.94[4500] (100 bytes)
Feb 24 07:26:33 localhost charon: 02[ENC] parsed ID_PROT response 0 [ SA V ]
Feb 24 07:26:33 localhost charon: 02[ENC] received unknown vendor ID: 
48:55:41:57:45:49:2d:49:4b:45:76:31:44:53:43:50
Feb 24 07:26:33 localhost charon: 02[ENC] generating ID_PROT request 0 [ KE No ]
Feb 24 07:26:33 localhost charon: 02[NET] sending packet: from 
185.3.95.94[4500] to 41.223.117.190[4500] (196 bytes)
Feb 24 07:26:34 localhost charon: 04[NET] received packet: from 
41.223.117.190[4500] to 185.3.95.94[4500] (196 bytes)
Feb 24 07:26:34 localhost charon: 04[ENC] parsed ID_PROT response 0 [ KE No ]
Feb 24 07:26:34 localhost charon: 04[ENC] generating ID_PROT request 0 [ ID 
HASH ]
Feb 24 07:26:34 localhost charon: 04[NET] sending packet: from 
185.3.95.94[4500] to 41.223.117.190[4500] (68 bytes)
Feb 24 07:26:34 localhost charon: 01[NET] received packet: from 
41.223.117.190[4500] to 185.3.95.94[4500] (68 bytes)
Feb 24 07:26:34 localhost charon: 01[ENC] parsed ID_PROT response 0 [ ID HASH ]
Feb 24 07:26:34 localhost charon: 01[IKE] IKE_SA MTN[249] established between 
185.3.95.94[185.3.95.94]...41.223.117.190[41.223.117.190]
Feb 24 07:26:34 localhost charon: 01[IKE] scheduling reauthentication in 28225s
Feb 24 07:26:34 localhost charon: 01[IKE] maximum IKE_SA lifetime 28525s
Feb 24 07:26:34 localhost charon: 01[ENC] generating TRANSACTION request 
1021874008 [ HASH CPRQ(ADDR DNS) ]
Feb 24 07:26:34 localhost charon: 01[NET] sending packet: from 
185.3.95.94[4500] to 41.223.117.190[4500] (76 bytes)
Feb 24 07:26:38 localhost charon: 07[IKE] sending retransmit 1 of request 
message ID 1021874008, seq 4
Feb 24 07:26:38 localhost charon: 07[NET] sending packet: from 
185.3.95.94[4500] to 41.223.117.190[4500] (76 bytes)
Feb 24 07:26:45 localhost charon: 13[IKE] sending retransmit 2 of request 
message ID 1021874008, seq 4
Feb 24 07:26:45 localhost charon: 13[NET] sending packet: from 
185.3.95.94[4500] to 41.223.117.190[4500] (76 bytes)
Feb 24 07:26:58 localhost charon: 02[IKE] sending retransmit 3 of request 
message ID 1021874008, seq 4
Feb 24 07:26:58 localhost charon: 02[NET] sending packet: from 
185.3.95.94[4500] to 41.223.117.190[4500] (76 bytes)
Feb 24 07:27:21 localhost charon: 01[IKE] sending retransmit 4 of request 
message ID 1021874008, seq 4
Feb 24 07:27:21 localhost charon: 01[NET] sending packet: from 
185.3.95.94[4500] to 41.223.117.190[4500] (76 bytes)
Feb 24 07:28:03 localhost charon: 07[IKE] sending retransmit 5 of request 
message ID 1021874008, seq 4
Feb 24 07:28:03 localhost charon: 07[NET] sending packet: from 
185.3.95.94[4500] to 41.223.117.190[4500] (76 bytes)
Feb 24 07:29:19 localhost charon: 02[IKE] giving up after 5 retransmits
Feb 24 07:29:19 localhost charon: 02[IKE] initiating Main Mode IKE_SA MTN[250] 
to 41.223.117.190
Feb 24 07:29:19 localhost charon: 02[ENC] generating ID_PROT request 0 [ SA V V 
V V ]
Feb 24 07:29:19 localhost charon: 02[NET] sending packet: from 
185.3.95.94[4500] to 41.223.117.190[4500] (184 bytes)
Feb 24 07:29:19 localhost charon: 04[NET] received packet: from 
41.223.117.190[4500] to 185.3.95.94[4500] (100 bytes)
Feb 24 07:29:19 localhost charon: 04[ENC] parsed ID_PROT response 0 [ SA V ]
Feb 24 07:29:19 localhost charon: 04[ENC] received unknown vendor ID: 
48:55:41:57:45:49:2d:49:4b:45:76:31:44:53:43:50
Feb 24 07:29:19 localhost charon: 04[ENC] generating ID_PROT request 0 [ KE No ]
Feb 24 07:29:19 localhost charon: 04[NET] sending packet: from 
185.3.95.94[4500] to 41.223.117.190[4500] (196 bytes)
Feb 24 07:29:19 localhost charon: 01[NET] received packet: from 
41.223.117.190[4500] to 185.3.95.94[4500] (196 bytes)
Feb 24 07:29:19 localhost charon: 01[ENC] parsed ID_PROT response 0 [ KE No ]
Feb 24 07:29:19 localhost charon: 01[ENC] generating ID_PROT request 0 [ ID 
HASH ]
Feb 24 07:29:19 localhost charon: 01[NET] sending packet: from 
185.3.95.94[4500] to 41.223.117.190[4500] (68 bytes)
Feb 24 07:29:19 localhost charon: 03[NET] received packet: from 
41.223.117.190[4500] to 185.3.95.94[4500] (68 bytes)
Feb 24 07:29:19 localhost charon: 03[ENC] parsed ID_PROT response 0 [ ID HASH ]
Feb 24 07:29:19 localhost charon: 03[IKE] IKE_SA MTN[250] established between 
185.3.95.94[185.3.95.94]...41.223.117.190[41.223.117.190]
Feb 24 07:29:19 localhost charon: 03[IKE] scheduling reauthentication in 28209
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to