Hello Noel, I'll try to provide as much as I can. The sat connection and the machine in question are currently down, they are used like two or three times a year, and when they are, we "don't have time" to gather statusall messages and so on, hence the lack of information regarding what we experienced. So yeah, the guessing part is quite important, and I'm sorry for that. I used to work in engineering Support teams, and most of the time we had a lot of "guessing" work, I know how it feels.
In the first place I was mostly looking for hints that _could explain_
what we experienced, sometimes it's good to wonder a little when we
don't have all the bits.
Our "client" ipsec.conf is :
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=%forever
authby=secret
keyexchange=ikev2
mobike=yes
reauth=no
ikedscp=101110
conn net-net
auto=start
left=%defaultroute
leftsubnet=192.168.22.0/24
leftid=netnetYomama
leftfirewall=yes
right=x.x.x.x
rightsubnet=192.168.55.0/24,192.168.33.0/24,192.168.66.0/24
closeaction=restart
dpdaction=restart
dpddelay=30s
dpdtimeout=120s
On our "server" (star network concentrator) :
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=%forever
authby=secret
keyexchange=ikev2
ikedscp=101110
conn net-net
left=51.254.26.13
leftsubnet=192.168.55.0/24,192.168.33.0/24,192.168.66.0/24
leftfirewall=yes
right=%any
rightsubnet=192.168.22.0/24
rightid=netnetYomama
auto=start
I'll do my best to extract some logs.
Thanks !
Le 26/10/2017 à 19:19, Noel Kuntze a écrit :
> Hello,
>
> Hoggins: Please provide the full list of information that is listed on the
> HelpRequests page. It helps immensely in understanding what the actual
> problem is.
> In fact, it saves us about 99,9% of the guessing.
>
> Kind regards
>
> Noel
>
> [1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests
signature.asc
Description: OpenPGP digital signature
