Hi, [re-sending with trimmed down charon.log to fit mailing list size limits.]
I have a VPN connection which is generally stable, but occasionally (2-3 times per day) will drop out for a short period after what seems to be some disagreement between client and server. The logs attached show an example of this, where the connection fails around 18:24:35 and is restored around a minute later. I’m using strongSwan 5.7.2 on the client. I have no information or control over what is running on the server. I’d be grateful for any clues as to exactly what is happening and how to correct it. Regards, Chris — Chris Smith <space.da...@icloud.com>
ipsec.conf
Description: Binary data
18:24:26.013348 IP yy.yy.yy.yy.4500 > xx.xx.xx.xx.4500: UDP-encap: ESP(spi=0xc0684ebd,seq=0x14), length 180 18:24:30.001026 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: UDP-encap: ESP(spi=0xc2747ac4,seq=0x15), length 180 18:24:30.013325 IP yy.yy.yy.yy.4500 > xx.xx.xx.xx.4500: UDP-encap: ESP(spi=0xc0684ebd,seq=0x15), length 180 18:24:34.001014 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: UDP-encap: ESP(spi=0xc2747ac4,seq=0x16), length 180 18:24:34.013289 IP yy.yy.yy.yy.4500 > xx.xx.xx.xx.4500: UDP-encap: ESP(spi=0xc0684ebd,seq=0x16), length 180 18:24:35.268044 IP yy.yy.yy.yy.4500 > xx.xx.xx.xx.4500: NONESP-encap: isakmp: phase 1 I agg 18:24:35.278088 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: NONESP-encap: isakmp: phase 2/others R inf 18:24:35.637624 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: isakmp-nat-keep-alive 18:24:37.306133 IP yy.yy.yy.yy.4500 > xx.xx.xx.xx.4500: isakmp-nat-keep-alive 18:24:38.000896 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: UDP-encap: ESP(spi=0xc2747ac4,seq=0x17), length 180 18:24:40.503239 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: UDP-encap: ESP(spi=0xc2747ac4,seq=0x18), length 180 18:24:43.004883 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: UDP-encap: ESP(spi=0xc2747ac4,seq=0x19), length 180 18:24:45.506871 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: UDP-encap: ESP(spi=0xc2747ac4,seq=0x1a), length 180 18:24:48.008266 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: UDP-encap: ESP(spi=0xc2747ac4,seq=0x1b), length 180 18:24:50.509943 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: UDP-encap: ESP(spi=0xc2747ac4,seq=0x1c), length 180 18:24:53.011963 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: UDP-encap: ESP(spi=0xc2747ac4,seq=0x1d), length 180 18:24:55.514295 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: UDP-encap: ESP(spi=0xc2747ac4,seq=0x1e), length 180 18:24:55.637856 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: isakmp-nat-keep-alive 18:24:57.305598 IP yy.yy.yy.yy.4500 > xx.xx.xx.xx.4500: isakmp-nat-keep-alive 18:24:58.015504 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: UDP-encap: ESP(spi=0xc2747ac4,seq=0x1f), length 180 18:24:58.393558 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: NONESP-encap: isakmp: phase 1 I agg 18:24:58.407452 IP yy.yy.yy.yy.4500 > xx.xx.xx.xx.4500: NONESP-encap: isakmp: phase 1 R agg 18:24:58.430603 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: NONESP-encap: isakmp: phase 1 I agg[E] 18:25:00.517337 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: UDP-encap: ESP(spi=0xc2747ac4,seq=0x20), length 180 18:25:02.016957 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: UDP-encap: ESP(spi=0xc2747ac4,seq=0x21), length 180 18:25:04.518627 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: UDP-encap: ESP(spi=0xc2747ac4,seq=0x22), length 180 18:25:07.012845 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: UDP-encap: ESP(spi=0xc2747ac4,seq=0x23), length 180 18:25:08.432917 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: NONESP-encap: isakmp: phase 2/others ? inf[E] 18:25:09.515987 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: UDP-encap: ESP(spi=0xc2747ac4,seq=0x24), length 180 18:25:12.016969 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: UDP-encap: ESP(spi=0xc2747ac4,seq=0x25), length 180 18:25:22.428919 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: isakmp-nat-keep-alive 18:25:22.441715 IP yy.yy.yy.yy.4500 > xx.xx.xx.xx.4500: isakmp-nat-keep-alive 18:25:28.432464 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: NONESP-encap: isakmp: phase 2/others I inf[E] 18:25:28.441543 IP yy.yy.yy.yy.4500 > xx.xx.xx.xx.4500: NONESP-encap: isakmp: phase 2/others R inf[E] 18:25:28.446754 IP yy.yy.yy.yy.4500 > xx.xx.xx.xx.4500: NONESP-encap: isakmp: phase 2/others R inf[E] 18:25:28.451284 IP xx.xx.xx.xx.500 > yy.yy.yy.yy.500: isakmp: phase 1 I agg 18:25:28.465095 IP yy.yy.yy.yy.500 > xx.xx.xx.xx.500: isakmp: phase 1 R agg 18:25:28.486296 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: NONESP-encap: isakmp: phase 1 I agg[E] 18:25:28.499711 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: NONESP-encap: isakmp: phase 2/others I oakley-quick[E] 18:25:28.513046 IP yy.yy.yy.yy.4500 > xx.xx.xx.xx.4500: NONESP-encap: isakmp: phase 2/others R oakley-quick[E] 18:25:28.534374 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: NONESP-encap: isakmp: phase 2/others I oakley-quick[E] 18:25:29.294069 IP yy.yy.yy.yy.4500 > xx.xx.xx.xx.4500: UDP-encap: ESP(spi=0xc90cf1e3,seq=0x1), length 116 18:25:29.296538 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: UDP-encap: ESP(spi=0xc2b3dd69,seq=0x1), length 116 18:25:30.295507 IP yy.yy.yy.yy.4500 > xx.xx.xx.xx.4500: UDP-encap: ESP(spi=0xc90cf1e3,seq=0x2), length 276 18:25:30.297286 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: UDP-encap: ESP(spi=0xc2b3dd69,seq=0x2), length 356 18:25:30.309184 IP yy.yy.yy.yy.4500 > xx.xx.xx.xx.4500: UDP-encap: ESP(spi=0xc90cf1e3,seq=0x3), length 276 18:25:30.311862 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: UDP-encap: ESP(spi=0xc2b3dd69,seq=0x3), length 276 18:25:30.312727 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: UDP-encap: ESP(spi=0xc2b3dd69,seq=0x4), length 308 18:25:30.324858 IP yy.yy.yy.yy.4500 > xx.xx.xx.xx.4500: UDP-encap: ESP(spi=0xc90cf1e3,seq=0x4), length 308 18:25:30.324896 IP yy.yy.yy.yy.4500 > xx.xx.xx.xx.4500: UDP-encap: ESP(spi=0xc90cf1e3,seq=0x5), length 116 18:25:30.331930 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: UDP-encap: ESP(spi=0xc2b3dd69,seq=0x5), length 116 18:25:31.292109 IP yy.yy.yy.yy.4500 > xx.xx.xx.xx.4500: UDP-encap: ESP(spi=0xc90cf1e3,seq=0x6), length 132 18:25:31.295656 IP xx.xx.xx.xx.4500 > yy.yy.yy.yy.4500: UDP-encap: ESP(spi=0xc2b3dd69,seq=0x6), length 132
charon.log
Description: Binary data
