Attached. I didn’t mention that we have Strongswan running in a
high-availability setup, there is a msg referring to "segment 1" in the log. I
don’t think that has anything to do with the issue with tunnel 68486, just
wanted to mention it.
thx
Dave Finley
df1...@att.com
(630) 719-4391 (desk)
(630) 740-5198 (mobile)
-----Original Message-----
From: Tobias Brunner <tob...@strongswan.org>
Sent: Wednesday, February 02, 2022 12:07 PM
To: FINLEY, DAVID BRIAN <df1...@att.com>; users@lists.strongswan.org
Subject: Re: [strongSwan] tunnel stuck, won’t seem to timeout and can’t
manually delete either
Hi Dave,
We need more of the log to see what exactly is happening with the IKE_SA
with unique ID 68486 before it got stuck in this state (or the SA before
if there were any IKE_SA rekeyings).
Regards,
Tobias
Jan 31 10:30:41.391 06[CFG] <ikev2-conn-qa|68486> selected proposal:
ESP:AES_GCM_16_256/MODP_1024/EXT_SEQ
Jan 31 10:30:41.391 06[CFG] <ikev2-conn-qa|68486> handling HA CHILD_SA
ikev2-conn-qa{104206} 2001:1890:111b:7001:2::1/128 ===
2001:1890:111b:6ab2::4a4/128 (segment in: 1*, out: 1*)
Jan 31 10:30:41.391 06[IKE] <ikev2-conn-qa|68486> inbound CHILD_SA
ikev2-conn-qa{104206} established with SPIs cfe165cf_i c1f88ca9_o and TS
2001:1890:111b:7001:2::1/128 === 2001:1890:111b:6ab2::4a4/128
Jan 31 10:30:41.400 11[IKE] <ikev2-conn-qa|68486> received DELETE for ESP
CHILD_SA with SPI ce1dff00
Jan 31 10:30:41.400 11[IKE] <ikev2-conn-qa|68486> closing CHILD_SA
ikev2-conn-qa{101603} with SPIs cf9c270b_i (0 bytes) ce1dff00_o (0 bytes) and
TS 2001:1890:111b:7001:2::1/128 === 2001:1890:111b:6ab2::4a4/128
Jan 31 10:30:41.400 11[IKE] <ikev2-conn-qa|68486> sending DELETE for ESP
CHILD_SA with SPI cf9c270b
Jan 31 10:30:41.400 11[IKE] <ikev2-conn-qa|68486> CHILD_SA closed
Jan 31 10:30:41.400 11[IKE] <ikev2-conn-qa|68486> outbound CHILD_SA
ikev2-conn-qa{104206} established with SPIs cfe165cf_i c1f88ca9_o and TS
2001:1890:111b:7001:2::1/128 === 2001:1890:111b:6ab2::4a4/128
Jan 31 10:30:46.401 08[IKE] <ikev2-conn-qa|68486> queueing CHILD_DELETE task
Jan 31 10:30:46.401 08[IKE] <ikev2-conn-qa|68486> activating new tasks
Jan 31 10:30:46.401 08[IKE] <ikev2-conn-qa|68486> activating CHILD_DELETE task
Jan 31 10:30:46.401 08[IKE] <ikev2-conn-qa|68486> activating new tasks
Jan 31 10:30:46.401 08[IKE] <ikev2-conn-qa|68486> nothing to initiate
Jan 31 11:17:16.312 12[IKE] <ikev2-conn-qa|68486> received retransmit of
request with ID 168, retransmitting response
Jan 31 11:17:54.517 09[IKE] <ikev2-conn-qa|68486> received retransmit of
request with ID 169, retransmitting response
Jan 31 11:19:03.174 14[IKE] <ikev2-conn-qa|68486> received retransmit of
request with ID 171, retransmitting response
Jan 31 11:19:03.174 10[IKE] <ikev2-conn-qa|68486> received retransmit of
request with ID 171, retransmitting response
Jan 31 11:20:03.339 09[IKE] <ikev2-conn-qa|68486> received retransmit of
request with ID 172, retransmitting response
Jan 31 11:20:03.378 11[IKE] <ikev2-conn-qa|68486> received retransmit of
request with ID 172, retransmitting response
Jan 31 11:20:03.389 07[IKE] <ikev2-conn-qa|68486> received retransmit of
request with ID 172, retransmitting response
Jan 31 11:20:03.414 10[IKE] <ikev2-conn-qa|68486> received retransmit of
request with ID 172, retransmitting response
Jan 31 11:20:03.420 12[IKE] <ikev2-conn-qa|68486> received retransmit of
request with ID 172, retransmitting response
Jan 31 11:24:05.815 08[IKE] <ikev2-conn-qa|68486> sending DPD request
Jan 31 11:24:05.815 08[IKE] <ikev2-conn-qa|68486> queueing IKE_DPD task
Jan 31 11:24:05.815 08[IKE] <ikev2-conn-qa|68486> activating new tasks
Jan 31 11:24:05.815 08[IKE] <ikev2-conn-qa|68486> activating IKE_DPD task
Jan 31 11:24:09.815 14[IKE] <ikev2-conn-qa|68486> retransmit 1 of request with
message ID 0
Jan 31 17:57:02.732 13[IKE] <ikev2-conn-qa|68486> queueing CHILD_REKEY task
Jan 31 17:57:02.733 13[IKE] <ikev2-conn-qa|68486> delaying task initiation,
INFORMATIONAL exchange in progress
Jan 31 18:20:28.732 09[IKE] <ikev2-conn-qa|68486> queueing CHILD_REKEY task
Jan 31 18:20:28.732 09[IKE] <ikev2-conn-qa|68486> delaying task initiation,
INFORMATIONAL exchange in progress
Jan 31 19:52:17.732 14[IKE] <ikev2-conn-qa|68486> queueing CHILD_DELETE task
Jan 31 19:52:17.732 14[IKE] <ikev2-conn-qa|68486> delaying task initiation,
INFORMATIONAL exchange in progress
Jan 31 19:52:17.733 07[IKE] <ikev2-conn-qa|68486> queueing CHILD_DELETE task
Jan 31 19:52:17.733 07[IKE] <ikev2-conn-qa|68486> delaying task initiation,
INFORMATIONAL exchange in progress
Jan 31 20:05:40.401 08[IKE] <ikev2-conn-qa|68486> queueing CHILD_REKEY task
Jan 31 20:05:40.401 08[IKE] <ikev2-conn-qa|68486> delaying task initiation,
INFORMATIONAL exchange in progress
Jan 31 20:22:11.392 06[IKE] <ikev2-conn-qa|68486> queueing CHILD_REKEY task
Jan 31 20:22:11.392 06[IKE] <ikev2-conn-qa|68486> delaying task initiation,
INFORMATIONAL exchange in progress
Jan 31 21:30:41.391 08[IKE] <ikev2-conn-qa|68486> queueing CHILD_DELETE task
Jan 31 21:30:41.391 08[IKE] <ikev2-conn-qa|68486> delaying task initiation,
INFORMATIONAL exchange in progress
Jan 31 21:30:41.401 07[IKE] <ikev2-conn-qa|68486> queueing CHILD_DELETE task
Jan 31 21:30:41.401 07[IKE] <ikev2-conn-qa|68486> delaying task initiation,
INFORMATIONAL exchange in progress
Feb 1 00:01:36.311 10[IKE] <ikev2-conn-qa|68486> retransmit 2 of request with
message ID 0
Feb 1 09:45:06.214 05[CFG] <ikev2-conn-qa|68486> IKE_VIPS: segment 1 under my
responsibility, ignoring message
Feb 1 09:45:26.111 07[IKE] <ikev2-conn-qa|68486> queueing IKE_DELETE task
Feb 1 09:45:26.111 07[IKE] <ikev2-conn-qa|68486> delaying task initiation,
INFORMATIONAL exchange in progress
Feb 1 11:36:50.445 09[IKE] <ikev2-conn-qa|68486> queueing IKE_REKEY task
Feb 1 11:36:50.445 09[IKE] <ikev2-conn-qa|68486> delaying task initiation,
INFORMATIONAL exchange in progress
Feb 1 12:25:23.115 07[IKE] <ikev2-conn-qa|68486> schedule delete of duplicate
IKE_SA for peer 'ST=IL, L=Lisle, O=Labs, OU=QA, CN=ss02-405' due to uniqueness
policy and suspected reauthentication
Feb 1 12:25:33.116 12[IKE] <ikev2-conn-qa|68486> queueing IKE_DELETE task
Feb 1 12:25:33.116 12[IKE] <ikev2-conn-qa|68486> delaying task initiation,
INFORMATIONAL exchange in progress
Feb 1 14:12:50.445 09[IKE] <ikev2-conn-qa|68486> queueing IKE_DELETE task
Feb 1 14:12:50.445 09[IKE] <ikev2-conn-qa|68486> delaying task initiation,
INFORMATIONAL exchange in progress
