[strongSwan] Lots of reconnections for a rekey/reauth, and packet drops
Noel Kuntze
noel.kuntze+strongswan-users-ml at thermi.consulting
Tue Nov 28 23:30:04 CET 2017
Hi,
> Nov 28 16:52:29 yomama charon: 06[KNL] creating delete job for
> CHILD_SA ESP/0xc4bd0735/192.168.1.72
> Nov 28 16:52:29 yomama charon: 06[JOB] CHILD_SA
> ESP/0xc4bd0735/192.168.1.72 not found for delete
Whatever causes these problems is your root cause and needs to be fixed.
> Nov 28 16:52:29 yomama charon: 10[CHD] updown: /bin/sh: ipsec:
> command not found
Also, what are you doing in the updown script?
> Nov 28 16:52:29 yomama charon: 05[IKE] received DELETE for IKE_SA
> net-net[6]
What are the logs on the other side?
I guess this all happens because the two sides disagree in what IKE_SA and CHILD_SA to use.
Kind regards
Noel
On 28.11.2017 17:15, Hoggins! wrote:
> Hello,
>
> We're experiencing something new on our installation, and we can't
> figure out why. Here's the thing : we have NODE 1 and NODE 2
> establishing tunnels (ipsec.conf follows), all working well. Except
> every rekeying/reauth, we now lose packets.
> Why now ? Well, we have restarted NODE 1, changing from a 4.4.8 to a
> 4.9.2 kernel, but Strongswan version did not change, it's still "Linux
> strongSwan U5.5.1/K4.9.2". On NODE 2, version is "Linux strongSwan
> U5.6.0/K4.13.4-200.fc26.x86_64".
>
> Should we update the 5.5.1 one ? I mean we surely should, but is there
> any know issue that could be caused by this version difference ?
>
> On both sides, make_before_break is set to yes in charon.conf
>
> Configuration on NODE 1 :
>
> conn %default
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> keyingtries=%forever
> authby=secret
> keyexchange=ikev2
> mobike=no
> reauth=no
> ikedscp=101110
>
> conn net-net
> auto=start
> left=%defaultroute
> leftsubnet=192.168.22.0/24,192.168.35.0/24
> leftid=netnetYomama
> leftfirewall=yes
> right=1.2.3.4
> rightsubnet=192.168.55.0/24,192.168.33.0/24,192.168.66.0/24
> closeaction=restart
> dpdaction=restart
> dpddelay=30s
> dpdtimeout=120s
>
> Configuration on NODE 2 :
>
> conn %default
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> keyingtries=%forever
> authby=secret
> keyexchange=ikev2
> ikedscp=101110
>
> conn net-net
> left=1.2.3.4
> leftsubnet=192.168.55.0/24,192.168.33.0/24,192.168.66.0/24
> leftfirewall=yes
> right=%any
> rightsubnet=192.168.22.0/24
> rightid=netnetYomama
> auto=start
>
>
> When we experience packet drops, this strange logging appears. It seems
> that the rekeying is happening several times on the same minute even
> though it succeeds :
>
> Nov 28 16:52:29 yomama charon: 06[KNL] creating delete job for
> CHILD_SA ESP/0xc4bd0735/192.168.1.72
> Nov 28 16:52:29 yomama charon: 06[JOB] CHILD_SA
> ESP/0xc4bd0735/192.168.1.72 not found for delete
> Nov 28 16:52:29 yomama charon: 14[IKE] giving up after 5 retransmits
> Nov 28 16:52:29 yomama charon: 14[IKE] restarting CHILD_SA net-net
> Nov 28 16:52:29 yomama charon: 14[IKE] initiating IKE_SA net-net[5]
> to 1.2.3.4
> Nov 28 16:52:29 yomama charon: 14[ENC] generating IKE_SA_INIT
> request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP)
> N(HASH_ALG) N(REDIR_SUP) ]
> Nov 28 16:52:29 yomama charon: 14[NET] sending packet: from
> 192.168.1.72[500] to 1.2.3.4[500] (804 bytes)
> Nov 28 16:52:29 yomama charon: 14[CHD] updown: /bin/sh: ipsec:
> command not found
> Nov 28 16:52:29 yomama charon: 14[CHD] updown: /bin/sh: ipsec:
> command not found
> Nov 28 16:52:29 yomama charon: 14[CHD] updown: /bin/sh: ipsec:
> command not found
> Nov 28 16:52:29 yomama charon: 12[NET] received packet: from
> 1.2.3.4[500] to 192.168.1.72[500] (594 bytes)
> Nov 28 16:52:29 yomama charon: 12[ENC] parsed IKE_SA_INIT response 0
> [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG)
> N(MULT_AUTH) ]
> Nov 28 16:52:29 yomama charon: 12[IKE] local host is behind NAT,
> sending keep alives
> Nov 28 16:52:29 yomama charon: 12[IKE] authentication of
> 'netnetYomama' (myself) with pre-shared key
> Nov 28 16:52:29 yomama charon: 12[IKE] establishing CHILD_SA net-net{2}
> Nov 28 16:52:29 yomama charon: 12[ENC] generating IKE_AUTH request 1
> [ IDi IDr AUTH SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) ]
> Nov 28 16:52:29 yomama charon: 12[NET] sending packet: from
> 192.168.1.72[4500] to 1.2.3.4[4500] (432 bytes)
> Nov 28 16:52:29 yomama charon: 10[NET] received packet: from
> 1.2.3.4[4500] to 192.168.1.72[4500] (256 bytes)
> Nov 28 16:52:29 yomama charon: 10[ENC] parsed IKE_AUTH response 1 [
> IDr AUTH SA TSi TSr N(AUTH_LFT) ]
> Nov 28 16:52:29 yomama charon: 10[IKE] authentication of '1.2.3.4'
> with pre-shared key successful
> Nov 28 16:52:29 yomama charon: 10[IKE] IKE_SA net-net[5] established
> between 192.168.1.72[netnetYomama]...1.2.3.4[1.2.3.4]
> Nov 28 16:52:29 yomama charon: 10[IKE] scheduling rekeying in 3296s
> Nov 28 16:52:29 yomama charon: 10[IKE] maximum IKE_SA lifetime 3476s
> Nov 28 16:52:29 yomama charon: 10[IKE] CHILD_SA net-net{10}
> established with SPIs cad1537d_i cfd5446b_o and TS 192.168.22.0/24
> === 192.168.33.0/24 192.168.55.0/24 192.168.66.0/24
> Nov 28 16:52:29 yomama charon: 05[NET] received packet: from
> 1.2.3.4[4500] to 192.168.1.72[4500] (80 bytes)
> Nov 28 16:52:29 yomama charon: 10[CHD] updown: /bin/sh: ipsec:
> command not found
> Nov 28 16:52:29 yomama charon: 10[CHD] updown: /bin/sh: ipsec:
> command not found
> Nov 28 16:52:29 yomama charon: 10[CHD] updown: /bin/sh: ipsec:
> command not found
> Nov 28 16:52:29 yomama charon: 10[IKE] received AUTH_LIFETIME of
> 3371s, scheduling reauthentication in 3191s
> Nov 28 16:52:29 yomama charon: 05[ENC] parsed INFORMATIONAL request
> 2 [ D ]
> Nov 28 16:52:29 yomama charon: 05[IKE] received DELETE for IKE_SA
> net-net[4]
> Nov 28 16:52:29 yomama charon: 05[IKE] deleting IKE_SA net-net[4]
> between 192.168.1.72[netnetYomama]...1.2.3.4[1.2.3.4]
> Nov 28 16:52:29 yomama charon: 05[IKE] restarting CHILD_SA net-net
> Nov 28 16:52:29 yomama charon: 05[IKE] initiating IKE_SA net-net[6]
> to 1.2.3.4
> Nov 28 16:52:29 yomama charon: 05[ENC] generating IKE_SA_INIT
> request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP)
> N(HASH_ALG) N(REDIR_SUP) ]
> Nov 28 16:52:29 yomama charon: 05[NET] sending packet: from
> 192.168.1.72[500] to 1.2.3.4[500] (804 bytes)
> Nov 28 16:52:29 yomama charon: 05[IKE] IKE_SA deleted
> Nov 28 16:52:29 yomama charon: 05[CHD] updown: /bin/sh: ipsec:
> command not found
> Nov 28 16:52:29 yomama charon: 05[CHD] updown: /bin/sh: ipsec:
> command not found
> Nov 28 16:52:29 yomama charon: 05[CHD] updown: /bin/sh: ipsec:
> command not found
> Nov 28 16:52:29 yomama charon: 05[ENC] generating INFORMATIONAL
> response 2 [ ]
> Nov 28 16:52:29 yomama charon: 05[NET] sending packet: from
> 192.168.1.72[4500] to 1.2.3.4[4500] (80 bytes)
> Nov 28 16:52:29 yomama charon: 06[NET] received packet: from
> 1.2.3.4[4500] to 192.168.1.72[4500] (80 bytes)
> Nov 28 16:52:29 yomama charon: 06[ENC] parsed INFORMATIONAL request
> 0 [ D ]
> Nov 28 16:52:29 yomama charon: 06[IKE] received DELETE for IKE_SA
> net-net[5]
> Nov 28 16:52:29 yomama charon: 06[IKE] deleting IKE_SA net-net[5]
> between 192.168.1.72[netnetYomama]...1.2.3.4[1.2.3.4]
> Nov 28 16:52:29 yomama charon: 06[IKE] restarting CHILD_SA net-net
> Nov 28 16:52:29 yomama charon: 06[IKE] initiating IKE_SA net-net[7]
> to 1.2.3.4
> Nov 28 16:52:29 yomama charon: 11[NET] received packet: from
> 1.2.3.4[500] to 192.168.1.72[500] (594 bytes)
> Nov 28 16:52:29 yomama charon: 11[ENC] parsed IKE_SA_INIT response 0
> [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG)
> N(MULT_AUTH) ]
> Nov 28 16:52:29 yomama charon: 11[IKE] local host is behind NAT,
> sending keep alives
> Nov 28 16:52:29 yomama charon: 11[IKE] authentication of
> 'netnetYomama' (myself) with pre-shared key
> Nov 28 16:52:29 yomama charon: 11[IKE] establishing CHILD_SA net-net{2}
> Nov 28 16:52:29 yomama charon: 11[ENC] generating IKE_AUTH request 1
> [ IDi IDr AUTH SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) ]
> Nov 28 16:52:29 yomama charon: 11[NET] sending packet: from
> 192.168.1.72[4500] to 1.2.3.4[4500] (432 bytes)
> Nov 28 16:52:29 yomama charon: 06[ENC] generating IKE_SA_INIT
> request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP)
> N(HASH_ALG) N(REDIR_SUP) ]
> Nov 28 16:52:29 yomama charon: 06[NET] sending packet: from
> 192.168.1.72[500] to 1.2.3.4[500] (804 bytes)
> Nov 28 16:52:29 yomama charon: 06[IKE] IKE_SA deleted
> Nov 28 16:52:29 yomama charon: 06[CHD] updown: /bin/sh: ipsec:
> command not found
> Nov 28 16:52:29 yomama charon: 06[CHD] updown: /bin/sh: ipsec:
> command not found
> Nov 28 16:52:29 yomama charon: 06[CHD] updown: /bin/sh: ipsec:
> command not found
> Nov 28 16:52:29 yomama charon: 06[ENC] generating INFORMATIONAL
> response 0 [ ]
> Nov 28 16:52:29 yomama charon: 06[NET] sending packet: from
> 192.168.1.72[4500] to 1.2.3.4[4500] (80 bytes)
> Nov 28 16:52:29 yomama charon: 14[NET] received packet: from
> 1.2.3.4[4500] to 192.168.1.72[4500] (256 bytes)
> Nov 28 16:52:29 yomama charon: 14[ENC] parsed IKE_AUTH response 1 [
> IDr AUTH SA TSi TSr N(AUTH_LFT) ]
> Nov 28 16:52:29 yomama charon: 14[IKE] authentication of '1.2.3.4'
> with pre-shared key successful
> Nov 28 16:52:29 yomama charon: 14[IKE] IKE_SA net-net[6] established
> between 192.168.1.72[netnetYomama]...1.2.3.4[1.2.3.4]
> Nov 28 16:52:29 yomama charon: 14[IKE] scheduling rekeying in 3398s
> Nov 28 16:52:29 yomama charon: 14[IKE] maximum IKE_SA lifetime 3578s
> Nov 28 16:52:29 yomama charon: 06[NET] received packet: from
> 1.2.3.4[500] to 192.168.1.72[500] (594 bytes)
> Nov 28 16:52:29 yomama charon: 06[ENC] parsed IKE_SA_INIT response 0
> [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG)
> N(MULT_AUTH) ]
> Nov 28 16:52:29 yomama charon: 14[IKE] CHILD_SA net-net{11}
> established with SPIs cc5e352f_i cf455c05_o and TS 192.168.22.0/24
> === 192.168.33.0/24 192.168.55.0/24 192.168.66.0/24
> Nov 28 16:52:29 yomama charon: 14[CHD] updown: /bin/sh: ipsec:
> command not found
> Nov 28 16:52:29 yomama charon: 14[CHD] updown: /bin/sh: ipsec:
> command not found
> Nov 28 16:52:29 yomama charon: 14[CHD] updown: /bin/sh: ipsec:
> command not found
> Nov 28 16:52:29 yomama charon: 14[IKE] received AUTH_LIFETIME of
> 3343s, scheduling reauthentication in 3163s
> Nov 28 16:52:29 yomama charon: 06[IKE] local host is behind NAT,
> sending keep alives
> Nov 28 16:52:29 yomama charon: 06[IKE] authentication of
> 'netnetYomama' (myself) with pre-shared key
> Nov 28 16:52:29 yomama charon: 06[IKE] establishing CHILD_SA net-net{2}
> Nov 28 16:52:29 yomama charon: 06[ENC] generating IKE_AUTH request 1
> [ IDi IDr AUTH SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) ]
> Nov 28 16:52:29 yomama charon: 06[NET] sending packet: from
> 192.168.1.72[4500] to 1.2.3.4[4500] (432 bytes)
> Nov 28 16:52:29 yomama charon: 05[NET] received packet: from
> 1.2.3.4[4500] to 192.168.1.72[4500] (80 bytes)
> Nov 28 16:52:29 yomama charon: 05[ENC] parsed INFORMATIONAL request
> 0 [ D ]
> Nov 28 16:52:29 yomama charon: 05[IKE] received DELETE for IKE_SA
> net-net[6]
> Nov 28 16:52:29 yomama charon: 05[IKE] deleting IKE_SA net-net[6]
> between 192.168.1.72[netnetYomama]...1.2.3.4[1.2.3.4]
> Nov 28 16:52:29 yomama charon: 05[IKE] restarting CHILD_SA net-net
> Nov 28 16:52:29 yomama charon: 05[IKE] initiating IKE_SA net-net[8]
> to 1.2.3.4
> Nov 28 16:52:29 yomama charon: 05[ENC] generating IKE_SA_INIT
> request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP)
> N(HASH_ALG) N(REDIR_SUP) ]
> Nov 28 16:52:29 yomama charon: 05[NET] sending packet: from
> 192.168.1.72[500] to 1.2.3.4[500] (804 bytes)
> Nov 28 16:52:29 yomama charon: 05[IKE] IKE_SA deleted
> Nov 28 16:52:29 yomama charon: 05[CHD] updown: /bin/sh: ipsec:
> command not found
> Nov 28 16:52:29 yomama charon: 05[CHD] updown: /bin/sh: ipsec:
> command not found
> Nov 28 16:52:29 yomama charon: 05[CHD] updown: /bin/sh: ipsec:
> command not found
> Nov 28 16:52:29 yomama charon: 05[ENC] generating INFORMATIONAL
> response 0 [ ]
> Nov 28 16:52:29 yomama charon: 05[NET] sending packet: from
> 192.168.1.72[4500] to 1.2.3.4[4500] (80 bytes)
> Nov 28 16:52:29 yomama charon: 10[NET] received packet: from
> 1.2.3.4[4500] to 192.168.1.72[4500] (256 bytes)
> Nov 28 16:52:29 yomama charon: 10[ENC] parsed IKE_AUTH response 1 [
> IDr AUTH SA TSi TSr N(AUTH_LFT) ]
> Nov 28 16:52:29 yomama charon: 10[IKE] authentication of '1.2.3.4'
> with pre-shared key successful
> Nov 28 16:52:29 yomama charon: 10[IKE] IKE_SA net-net[7] established
> between 192.168.1.72[netnetYomama]...1.2.3.4[1.2.3.4]
> Nov 28 16:52:29 yomama charon: 10[IKE] scheduling rekeying in 3398s
> Nov 28 16:52:29 yomama charon: 10[IKE] maximum IKE_SA lifetime 3578s
> Nov 28 16:52:29 yomama charon: 10[IKE] CHILD_SA net-net{12}
> established with SPIs ccb73d33_i c1271759_o and TS 192.168.22.0/24
> === 192.168.33.0/24 192.168.55.0/24 192.168.66.0/24
> Nov 28 16:52:29 yomama charon: 10[CHD] updown: /bin/sh: ipsec:
> command not found
> Nov 28 16:52:29 yomama charon: 10[CHD] updown: /bin/sh: ipsec:
> command not found
> Nov 28 16:52:29 yomama charon: 10[CHD] updown: /bin/sh: ipsec:
> command not found
> Nov 28 16:52:29 yomama charon: 10[IKE] received AUTH_LIFETIME of
> 3282s, scheduling reauthentication in 3102s
> Nov 28 16:52:29 yomama charon: 08[NET] received packet: from
> 1.2.3.4[4500] to 192.168.1.72[4500] (80 bytes)
> Nov 28 16:52:29 yomama charon: 08[ENC] parsed INFORMATIONAL request
> 0 [ D ]
> Nov 28 16:52:29 yomama charon: 08[IKE] received DELETE for IKE_SA
> net-net[7]
> Nov 28 16:52:29 yomama charon: 08[IKE] deleting IKE_SA net-net[7]
> between 192.168.1.72[netnetYomama]...1.2.3.4[1.2.3.4]
> Nov 28 16:52:29 yomama charon: 08[IKE] restarting CHILD_SA net-net
> Nov 28 16:52:29 yomama charon: 08[IKE] initiating IKE_SA net-net[9]
> to 1.2.3.4
> Nov 28 16:52:29 yomama charon: 14[NET] received packet: from
> 1.2.3.4[500] to 192.168.1.72[500] (594 bytes)
> Nov 28 16:52:29 yomama charon: 14[ENC] parsed IKE_SA_INIT response 0
> [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG)
> N(MULT_AUTH) ]
> Nov 28 16:52:29 yomama charon: 08[ENC] generating IKE_SA_INIT
> request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP)
> N(HASH_ALG) N(REDIR_SUP) ]
> Nov 28 16:52:29 yomama charon: 08[NET] sending packet: from
> 192.168.1.72[500] to 1.2.3.4[500] (804 bytes)
> Nov 28 16:52:29 yomama charon: 08[IKE] IKE_SA deleted
> Nov 28 16:52:29 yomama charon: 08[CHD] updown: /bin/sh: ipsec:
> command not found
> Nov 28 16:52:29 yomama charon: 08[CHD] updown: /bin/sh: ipsec:
> command not found
> Nov 28 16:52:29 yomama charon: 08[CHD] updown: /bin/sh: ipsec:
> command not found
> Nov 28 16:52:29 yomama charon: 08[ENC] generating INFORMATIONAL
> response 0 [ ]
> Nov 28 16:52:29 yomama charon: 08[NET] sending packet: from
> 192.168.1.72[4500] to 1.2.3.4[4500] (80 bytes)
> Nov 28 16:52:29 yomama charon: 14[IKE] local host is behind NAT,
> sending keep alives
> Nov 28 16:52:29 yomama charon: 14[IKE] authentication of
> 'netnetYomama' (myself) with pre-shared key
> Nov 28 16:52:29 yomama charon: 14[IKE] establishing CHILD_SA net-net{3}
> Nov 28 16:52:29 yomama charon: 14[ENC] generating IKE_AUTH request 1
> [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) ]
> Nov 28 16:52:29 yomama charon: 14[NET] sending packet: from
> 192.168.1.72[4500] to 1.2.3.4[4500] (432 bytes)
> Nov 28 16:52:30 yomama charon: 13[NET] received packet: from
> 1.2.3.4[500] to 192.168.1.72[500] (594 bytes)
> Nov 28 16:52:30 yomama charon: 13[ENC] parsed IKE_SA_INIT response 0
> [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG)
> N(MULT_AUTH) ]
> Nov 28 16:52:30 yomama charon: 13[IKE] local host is behind NAT,
> sending keep alives
> Nov 28 16:52:30 yomama charon: 13[IKE] authentication of
> 'netnetYomama' (myself) with pre-shared key
> Nov 28 16:52:30 yomama charon: 13[IKE] establishing CHILD_SA net-net{4}
> Nov 28 16:52:30 yomama charon: 13[ENC] generating IKE_AUTH request 1
> [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) ]
> Nov 28 16:52:30 yomama charon: 13[NET] sending packet: from
> 192.168.1.72[4500] to 1.2.3.4[4500] (432 bytes)
> Nov 28 16:52:30 yomama charon: 09[NET] received packet: from
> 1.2.3.4[4500] to 192.168.1.72[4500] (256 bytes)
> Nov 28 16:52:30 yomama charon: 09[ENC] parsed IKE_AUTH response 1 [
> IDr AUTH SA TSi TSr N(AUTH_LFT) ]
> Nov 28 16:52:30 yomama charon: 09[IKE] authentication of '1.2.3.4'
> with pre-shared key successful
> Nov 28 16:52:30 yomama charon: 09[IKE] IKE_SA net-net[8] established
> between 192.168.1.72[netnetYomama]...1.2.3.4[1.2.3.4]
> Nov 28 16:52:30 yomama charon: 09[IKE] scheduling rekeying in 3365s
> Nov 28 16:52:30 yomama charon: 09[IKE] maximum IKE_SA lifetime 3545s
> Nov 28 16:52:30 yomama charon: 09[IKE] CHILD_SA net-net{13}
> established with SPIs c387f914_i c8e8c66a_o and TS 192.168.22.0/24
> === 192.168.33.0/24 192.168.55.0/24 192.168.66.0/24
> Nov 28 16:52:30 yomama charon: 09[CHD] updown: /bin/sh: ipsec:
> command not found
> Nov 28 16:52:30 yomama charon: 09[CHD] updown: /bin/sh: ipsec:
> command not found
> Nov 28 16:52:30 yomama charon: 09[CHD] updown: /bin/sh: ipsec:
> command not found
> Nov 28 16:52:30 yomama charon: 09[IKE] received AUTH_LIFETIME of
> 3277s, scheduling reauthentication in 3097s
> Nov 28 16:52:30 yomama charon: 11[NET] received packet: from
> 1.2.3.4[4500] to 192.168.1.72[4500] (256 bytes)
> Nov 28 16:52:30 yomama charon: 11[ENC] parsed IKE_AUTH response 1 [
> IDr AUTH SA TSi TSr N(AUTH_LFT) ]
> Nov 28 16:52:30 yomama charon: 11[IKE] authentication of '1.2.3.4'
> with pre-shared key successful
> Nov 28 16:52:30 yomama charon: 11[IKE] IKE_SA net-net[9] established
> between 192.168.1.72[netnetYomama]...1.2.3.4[1.2.3.4]
> Nov 28 16:52:30 yomama charon: 11[IKE] scheduling rekeying in 3245s
> Nov 28 16:52:30 yomama charon: 11[IKE] maximum IKE_SA lifetime 3425s
> Nov 28 16:52:30 yomama charon: 11[IKE] CHILD_SA net-net{14}
> established with SPIs cb820599_i cbf3f93f_o and TS 192.168.22.0/24
> === 192.168.33.0/24 192.168.55.0/24 192.168.66.0/24
> Nov 28 16:52:30 yomama charon: 11[CHD] updown: /bin/sh: ipsec:
> command not found
> Nov 28 16:52:30 yomama charon: 11[CHD] updown: /bin/sh: ipsec:
> command not found
> Nov 28 16:52:30 yomama charon: 11[CHD] updown: /bin/sh: ipsec:
> command not found
>
>
> Any idea, even suggestion on our ipsec.conf files that were made
> according to several examples and might contain some absurd values, will
> be greatly appreciated !
>
> Thanks !
>
> Hoggins!
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171128/cc7ce093/attachment-0001.sig>
More information about the Users
mailing list