Hello Noel, Thanks for these insights !
Le 28/11/2017 à 23:30, Noel Kuntze a écrit : > Hi, > >> Nov 28 16:52:29 yomama charon: 06[KNL] creating delete job for >> CHILD_SA ESP/0xc4bd0735/192.168.1.72 >> Nov 28 16:52:29 yomama charon: 06[JOB] CHILD_SA >> ESP/0xc4bd0735/192.168.1.72 not found for delete > Whatever causes these problems is your root cause and needs to be fixed. I had indeed narrowed down my attention on this but I couldn't find any litterature or example of other people experiencing this, so I'm kinda stuck because I don't know why this happens, although I'm aware that this "needs to be fixed" :) > >> Nov 28 16:52:29 yomama charon: 10[CHD] updown: /bin/sh: ipsec: >> command not found > Also, what are you doing in the updown script? Absolutely nothing, I don't have an updown script (or didn't define any), my guess is that what's happening here is this : https://wiki.strongswan.org/issues/745. My StrongSwan installation is in /usr/local, that would explain it, right ? > >> Nov 28 16:52:29 yomama charon: 05[IKE] received DELETE for IKE_SA >> net-net[6] > What are the logs on the other side? > I guess this all happens because the two sides disagree in what IKE_SA and > CHILD_SA to use. Yes, that's my guess too, but I can't figure out why considering my ipsec.conf. And oh by the way I upgraded StrongSwan on NODE 1 and now they're both 5.6.x. Just happened again (it does it at every reauth interval), here are the logs for both nodes : NODE 1 : https://pastebin.com/hYWL9dBy NODE 2 : https://pastebin.com/NDbj8MRQ > > Kind regards > > Noel
signature.asc
Description: OpenPGP digital signature
