Hi,
i have strongswan and the child nodes pings at times and stop pinging
randomly and dont ping anymore and this will happen again and again. below
is an example. please help as to why this happens. after child_sa establish
then lose connection. i have attached syslog to show when it connected
GW01>ping -a 172.25.48.36 192.168.200.177
PING 192.168.200.177: 56 data bytes, press CTRL_C to break
Request time out
Reply from 192.168.200.177: bytes=56 Sequence=2 ttl=64 time=204 ms
Reply from 192.168.200.177: bytes=56 Sequence=3 ttl=64 time=206 ms
Reply from 192.168.200.177: bytes=56 Sequence=4 ttl=64 time=204 ms
Reply from 192.168.200.177: bytes=56 Sequence=5 ttl=64 time=206 ms
--- 192.168.200.177 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 204/205/206 ms
GW01>ping -a 172.25.48.36 192.168.200.177
PING 192.168.200.177: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
Feb 24 07:24:00 localhost charon: 03[IKE] CHILD_SA MTN{1} established with SPIs
c5bf2812_i 1c0032c9_o and TS 192.168.200.172/32 === 172.25.48.43/32
Feb 24 07:24:00 localhost vpn: + 41.223.117.190 172.25.48.43/32 ==
41.223.117.190 -- 185.3.95.94 == 192.168.200.172/32
Feb 24 07:24:12 localhost charon: 09[NET] received packet: from
41.223.117.190[4500] to 185.3.95.94[4500] (164 bytes)
Feb 24 07:24:12 localhost charon: 09[ENC] parsed QUICK_MODE request 2936180826
[ HASH SA No ID ID ]
Feb 24 07:24:12 localhost charon: 09[IKE] received 1843200000 lifebytes,
configured 0
Feb 24 07:24:12 localhost charon: 09[ENC] generating QUICK_MODE response
2936180826 [ HASH SA No ID ID ]
Feb 24 07:24:12 localhost charon: 09[NET] sending packet: from
185.3.95.94[4500] to 41.223.117.190[4500] (180 bytes)
Feb 24 07:24:12 localhost charon: 07[NET] received packet: from
41.223.117.190[4500] to 185.3.95.94[4500] (52 bytes)
Feb 24 07:24:12 localhost charon: 07[ENC] parsed QUICK_MODE request 2936180826
[ HASH ]
Feb 24 07:24:12 localhost charon: 07[IKE] CHILD_SA MTN{2} established with SPIs
c5337dbc_i 1c000cf8_o and TS 192.168.200.177/32 === 172.25.48.43/32
Feb 24 07:24:12 localhost vpn: + 41.223.117.190 172.25.48.43/32 ==
41.223.117.190 -- 185.3.95.94 == 192.168.200.177/32
Feb 24 07:24:12 localhost charon: 12[IKE] sending retransmit 3 of request
message ID 2944856151, seq 4
Feb 24 07:24:12 localhost charon: 12[NET] sending packet: from
185.3.95.94[4500] to 41.223.117.190[4500] (76 bytes)
Feb 24 07:24:36 localhost charon: 02[IKE] sending retransmit 4 of request
message ID 2944856151, seq 4
Feb 24 07:24:36 localhost charon: 02[NET] sending packet: from
185.3.95.94[4500] to 41.223.117.190[4500] (76 bytes)
Feb 24 07:25:01 localhost CRON[5958]: (root) CMD (command -v debian-sa1 >
/dev/null && debian-sa1 1 1)
Feb 24 07:25:18 localhost charon: 11[IKE] sending retransmit 5 of request
message ID 2944856151, seq 4
Feb 24 07:25:18 localhost charon: 11[NET] sending packet: from
185.3.95.94[4500] to 41.223.117.190[4500] (76 bytes)
Feb 24 07:26:33 localhost charon: 10[IKE] giving up after 5 retransmits
Feb 24 07:26:33 localhost charon: 10[IKE] initiating Main Mode IKE_SA MTN[249]
to 41.223.117.190
Feb 24 07:26:33 localhost charon: 10[ENC] generating ID_PROT request 0 [ SA V V
V V ]
Feb 24 07:26:33 localhost charon: 10[NET] sending packet: from
185.3.95.94[4500] to 41.223.117.190[4500] (184 bytes)
Feb 24 07:26:33 localhost vpn: - 41.223.117.190 172.25.48.43/32 ==
41.223.117.190 -- 185.3.95.94 == 192.168.200.172/32
Feb 24 07:26:33 localhost vpn: - 41.223.117.190 172.25.48.43/32 ==
41.223.117.190 -- 185.3.95.94 == 192.168.200.177/32
Feb 24 07:26:33 localhost charon: 02[NET] received packet: from
41.223.117.190[4500] to 185.3.95.94[4500] (100 bytes)
Feb 24 07:26:33 localhost charon: 02[ENC] parsed ID_PROT response 0 [ SA V ]
Feb 24 07:26:33 localhost charon: 02[ENC] received unknown vendor ID:
48:55:41:57:45:49:2d:49:4b:45:76:31:44:53:43:50
Feb 24 07:26:33 localhost charon: 02[ENC] generating ID_PROT request 0 [ KE No ]
Feb 24 07:26:33 localhost charon: 02[NET] sending packet: from
185.3.95.94[4500] to 41.223.117.190[4500] (196 bytes)
Feb 24 07:26:34 localhost charon: 04[NET] received packet: from
41.223.117.190[4500] to 185.3.95.94[4500] (196 bytes)
Feb 24 07:26:34 localhost charon: 04[ENC] parsed ID_PROT response 0 [ KE No ]
Feb 24 07:26:34 localhost charon: 04[ENC] generating ID_PROT request 0 [ ID
HASH ]
Feb 24 07:26:34 localhost charon: 04[NET] sending packet: from
185.3.95.94[4500] to 41.223.117.190[4500] (68 bytes)
Feb 24 07:26:34 localhost charon: 01[NET] received packet: from
41.223.117.190[4500] to 185.3.95.94[4500] (68 bytes)
Feb 24 07:26:34 localhost charon: 01[ENC] parsed ID_PROT response 0 [ ID HASH ]
Feb 24 07:26:34 localhost charon: 01[IKE] IKE_SA MTN[249] established between
185.3.95.94[185.3.95.94]...41.223.117.190[41.223.117.190]
Feb 24 07:26:34 localhost charon: 01[IKE] scheduling reauthentication in 28225s
Feb 24 07:26:34 localhost charon: 01[IKE] maximum IKE_SA lifetime 28525s
Feb 24 07:26:34 localhost charon: 01[ENC] generating TRANSACTION request
1021874008 [ HASH CPRQ(ADDR DNS) ]
Feb 24 07:26:34 localhost charon: 01[NET] sending packet: from
185.3.95.94[4500] to 41.223.117.190[4500] (76 bytes)
Feb 24 07:26:38 localhost charon: 07[IKE] sending retransmit 1 of request
message ID 1021874008, seq 4
Feb 24 07:26:38 localhost charon: 07[NET] sending packet: from
185.3.95.94[4500] to 41.223.117.190[4500] (76 bytes)
Feb 24 07:26:45 localhost charon: 13[IKE] sending retransmit 2 of request
message ID 1021874008, seq 4
Feb 24 07:26:45 localhost charon: 13[NET] sending packet: from
185.3.95.94[4500] to 41.223.117.190[4500] (76 bytes)
Feb 24 07:26:58 localhost charon: 02[IKE] sending retransmit 3 of request
message ID 1021874008, seq 4
Feb 24 07:26:58 localhost charon: 02[NET] sending packet: from
185.3.95.94[4500] to 41.223.117.190[4500] (76 bytes)
Feb 24 07:27:21 localhost charon: 01[IKE] sending retransmit 4 of request
message ID 1021874008, seq 4
Feb 24 07:27:21 localhost charon: 01[NET] sending packet: from
185.3.95.94[4500] to 41.223.117.190[4500] (76 bytes)
Feb 24 07:28:03 localhost charon: 07[IKE] sending retransmit 5 of request
message ID 1021874008, seq 4
Feb 24 07:28:03 localhost charon: 07[NET] sending packet: from
185.3.95.94[4500] to 41.223.117.190[4500] (76 bytes)
Feb 24 07:29:19 localhost charon: 02[IKE] giving up after 5 retransmits
Feb 24 07:29:19 localhost charon: 02[IKE] initiating Main Mode IKE_SA MTN[250]
to 41.223.117.190
Feb 24 07:29:19 localhost charon: 02[ENC] generating ID_PROT request 0 [ SA V V
V V ]
Feb 24 07:29:19 localhost charon: 02[NET] sending packet: from
185.3.95.94[4500] to 41.223.117.190[4500] (184 bytes)
Feb 24 07:29:19 localhost charon: 04[NET] received packet: from
41.223.117.190[4500] to 185.3.95.94[4500] (100 bytes)
Feb 24 07:29:19 localhost charon: 04[ENC] parsed ID_PROT response 0 [ SA V ]
Feb 24 07:29:19 localhost charon: 04[ENC] received unknown vendor ID:
48:55:41:57:45:49:2d:49:4b:45:76:31:44:53:43:50
Feb 24 07:29:19 localhost charon: 04[ENC] generating ID_PROT request 0 [ KE No ]
Feb 24 07:29:19 localhost charon: 04[NET] sending packet: from
185.3.95.94[4500] to 41.223.117.190[4500] (196 bytes)
Feb 24 07:29:19 localhost charon: 01[NET] received packet: from
41.223.117.190[4500] to 185.3.95.94[4500] (196 bytes)
Feb 24 07:29:19 localhost charon: 01[ENC] parsed ID_PROT response 0 [ KE No ]
Feb 24 07:29:19 localhost charon: 01[ENC] generating ID_PROT request 0 [ ID
HASH ]
Feb 24 07:29:19 localhost charon: 01[NET] sending packet: from
185.3.95.94[4500] to 41.223.117.190[4500] (68 bytes)
Feb 24 07:29:19 localhost charon: 03[NET] received packet: from
41.223.117.190[4500] to 185.3.95.94[4500] (68 bytes)
Feb 24 07:29:19 localhost charon: 03[ENC] parsed ID_PROT response 0 [ ID HASH ]
Feb 24 07:29:19 localhost charon: 03[IKE] IKE_SA MTN[250] established between
185.3.95.94[185.3.95.94]...41.223.117.190[41.223.117.190]
Feb 24 07:29:19 localhost charon: 03[IKE] scheduling reauthentication in 28209_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
