Hello Leon, Please provide all information listed on the HelpRequests page.
Kind regards Noel Am 28.04.19 um 17:24 schrieb Leon K: > Hi, > > I am experiencing the following issue when setting up ipsec site-to-site vpn > connection: > Initially everything works fine but in some period of time of inactivity > (still need to figure out when it happens) when I check the status of VPN > connection/tunnel on both sides, everything looks OK: > Cisco RV042 status "Connected", strongSwan SA (connection) - Up. But I can't > ping from the Cisco side to strongSwan, pinging restores only after Cisco > side is pinged from the strongSwan side. > > strongSwan related logs: > > sending keep alive to <Cisco External IP>[500] > sending DPD request > generating INFORMATIONAL_V1 request 3168494568 [ HASH N(DPD) ] > sending packet: from <strongSwan-Internal IP> [4500] to <Cisco External IP> > (76 bytes) > received packet: from <Cisco External IP> 9[4500] to <strongSwan-Internal > IP> (76 bytes) > > And there are no any errors, looks good, but in reality it is far from to be > OK. > > Is this Cisco side problem , strongSwan or both? > > My ipsec.conf: > > config setup > charondebug="ike 2, knl 3, cfg 0" > > conn %default > keyingtries=%forever > left=%defaultroute > leftid=34.x.x.x > leftsubnet=10.x.x.0/24 > > conn MyConn > keyexchange=ikev1 > authby=secret > type=tunnel > leftauth=psk > rightauth=psk > right=<FQDN-DynDNS> > rightsubnet=192.x.x.0/24 > rightid=@<FQDN-DynDNS> > reauth=no > ike=aes256-sha1-modp1024 > esp=aes256-sha1-modp1024 > ikelifetime=8h > lifetime=1h > modeconfig = push > dpddelay=30 > dpdtimeout=180 > dpdaction=clear > auto=route > > Cisco RV042 (GUI configuration): > Local Group: IP+Domain Name Authentication > Remote Group: IP only > > Perfect Forward Secrecy - enabled > Keep Alive > DPD interval: 30 sec > > I have set up a site-to-site VPN tunnel between EdgeRouter and this > strongSwan, everything works as expected, but they are both strongSwan > > Cisco-EdgeRouter is experiencing the same issues as discribed above. > > But Cisco-Cisco and Cisco-other (non-StrongSwan) are quite stable. > > I need to make a final decision on whether to use strongSwan as a VPN gateway > on AWS VPC or swith to AWS VPN gateway. Need your help to figure out on > whether Cisco RV042 (or Linksys LRT 224) with strongSwan or not. > > Thanks in advance. >
signature.asc
Description: OpenPGP digital signature
