<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">I am experiencing an intermittent issue, when I restart ipsec, it seems connectivity is not present as ping to the tunnel end points does not work.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Then when I try to findout the status of tunnels by ‘ipsec status’ it seems to just get stuck and not return.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">This goes on for about 30 minutes and then ‘ipsec status’ may again resume. While it is stuck I can ping non-tunnel end points.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">What can I do to get more information on why this is happening.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Version<o:p></o:p></p>
<p class="MsoNormal">Linux strongSwan U4.6.2/K2.6.18-274.el5<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Uname -a<o:p></o:p></p>
<p class="MsoNormal">Linux 2.6.18-274.el5 #1 SMP Fri Jul 8 17:36:59 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">My connection setting as follows, I have about 15 of such connections.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">#Below Are The Configuration for CCM_CCM IPSec Tunnel<o:p></o:p></p>
<p class="MsoNormal">conn LocalIP_LocalIP_10.204.74.188<o:p></o:p></p>
<p class="MsoNormal"> left=10.204.74.189<o:p></o:p></p>
<p class="MsoNormal"> leftcert=ServLcl.pem<o:p></o:p></p>
<p class="MsoNormal"> leftsendcert=yes<o:p></o:p></p>
<p class="MsoNormal"> leftupdown=/opt/ipc/security/ipsectunnel/rightdown.sh<o:p></o:p></p>
<p class="MsoNormal"> right=10.204.74.188<o:p></o:p></p>
<p class="MsoNormal"> rightid=%any<o:p></o:p></p>
<p class="MsoNormal"> keyexchange=ikev2<o:p></o:p></p>
<p class="MsoNormal"> type=transport<o:p></o:p></p>
<p class="MsoNormal"> reauth=no<o:p></o:p></p>
<p class="MsoNormal"> dpddelay=5s<o:p></o:p></p>
<p class="MsoNormal"> dpdaction=restart<o:p></o:p></p>
<p class="MsoNormal"> keyingtries=%forever<o:p></o:p></p>
<p class="MsoNormal"> auto=route<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">regards,<o:p></o:p></p>
<p class="MsoNormal">-sanjay<o:p></o:p></p>
</div>
<p style="MARGIN: 0in 0in 0pt" class="MsoNormal"></p>
<p style="MARGIN: 0in 0in 0pt" class="MsoNormal"><b><span style="COLOR: #f26631; FONT-SIZE: 8pt"></span></b></p>
<p><b><span style="COLOR: #f26631; FONT-SIZE: 8pt"><font face="Calibri"></font></span></b><b><span style="COLOR: #1f497d; FONT-SIZE: 8pt"><o:p><font size="2"></font></o:p></span></b> <a title="" href="https://www.surveymonkey.com/s/WatersRankings2012"><img style="WIDTH: 203px; HEIGHT: 98px" border="0" hspace="0" alt="" src="cid:watersranking2012_voteforipcemailsignature_web2e8d.jpg" width="224" height="92"></a></p>
<br>
<p><span style="FONT-FAMILY: 'Palatino Linotype','serif'; COLOR: green; FONT-SIZE: 10pt; mso-bidi-font-family: Calibri"><em><span style="FONT-FAMILY: 'Palatino Linotype','serif'; mso-bidi-font-family: Calibri"><font size="1"><img style="WIDTH: 24px; HEIGHT: 20px" alt="" src="cid:green-logo17dc.jpg" width="30" height="26"><span style="FONT-FAMILY: 'Palatino Linotype','serif'; COLOR: green; FONT-SIZE: 10pt; mso-bidi-font-family: Calibri"><em><span style="FONT-FAMILY: 'Palatino Linotype','serif'; mso-bidi-font-family: Calibri"><font size="1">Please
consider the environment before printing this email.</font></span></em></span></font></span></em></span></p>
<br>
<p><font color="#808080" size="2" face="Arial"><font color="#808080" size="2" face="Arial">------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------</font></p>
<p><font color="#808080" size="2" face="Arial">DISCLAIMER: This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it
by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unintended recipients are prohibited from taking action on the basis of information in this e-mail.E-mail messages may contain computer viruses or
other defects, may not be accurately replicated on other systems, or may be intercepted, deleted or interfered with without the knowledge of the sender or the intended recipient. If you are not comfortable with the risks associated with e-mail messages, you
may decide not to use e-mail to communicate with IPC. IPC reserves the right, to the extent and under circumstances permitted by applicable law, to retain, monitor and intercept e-mail messages to and from its systems.</font></font><br>
</p>
<br>
</body>
</html>