<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body smarttemplateinserted="true" text="#000000" bgcolor="#FFFFFF">
<div id="smartTemplate4-template">
<title></title>
This is a continuation of issue #317 on the wiki. I have posted the same there but without any help. I was hoping there is a solution which I have been unable to find.<br>
I am running strongSwan 5.0.2 on CentOS and with an ASA on the other end, experience what appears to be the connection deleting itself during the re-auth stage. Below are the logs where I am losing my tunnel like clockwork exactly every 6 hours (I have sanitized
the public IP address):<br>
<pre> Aug 30 14:58:40 bhm-ipsec-221 charon: 14[NET] received packet: from XXX.YYY.2.20[4500] to 10.10.100.221[4500] (168 bytes)
Aug 30 14:58:40 bhm-ipsec-221 charon: 14[ENC] parsed ID_PROT request 0 [ SA V V V V ]
Aug 30 14:58:40 bhm-ipsec-221 charon: 14[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Aug 30 14:58:40 bhm-ipsec-221 charon: 14[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Aug 30 14:58:40 bhm-ipsec-221 charon: 14[IKE] received NAT-T (RFC 3947) vendor ID
Aug 30 14:58:40 bhm-ipsec-221 charon: 14[IKE] received FRAGMENTATION vendor ID
Aug 30 14:58:40 bhm-ipsec-221 charon: 14[IKE] XXX.YYY.2.20 is initiating a Main Mode IKE_SA
Aug 30 14:58:40 bhm-ipsec-221 charon: 14[ENC] generating ID_PROT response 0 [ SA V V V ]
Aug 30 14:58:40 bhm-ipsec-221 charon: 14[NET] sending packet: from 10.10.100.221[4500] to XXX.YYY.2.20[4500] (132 bytes)
Aug 30 14:58:40 bhm-ipsec-221 charon: 11[NET] received packet: from XXX.YYY.2.20[4500] to 10.10.100.221[4500] (304 bytes)
Aug 30 14:58:40 bhm-ipsec-221 charon: 11[ENC] parsed ID_PROT request 0 [ KE No V V V V NAT-D NAT-D ]
Aug 30 14:58:40 bhm-ipsec-221 charon: 11[IKE] local host is behind NAT, sending keep alives
Aug 30 14:58:40 bhm-ipsec-221 charon: 11[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Aug 30 14:58:40 bhm-ipsec-221 charon: 11[NET] sending packet: from 10.10.100.221[4500] to XXX.YYY.2.20[4500] (244 bytes)
Aug 30 14:58:41 bhm-ipsec-221 charon: 12[NET] received packet: from XXX.YYY.2.20[4500] to 10.10.100.221[4500] (84 bytes)
Aug 30 14:58:41 bhm-ipsec-221 charon: 12[ENC] parsed ID_PROT request 0 [ ID HASH V ]
Aug 30 14:58:41 bhm-ipsec-221 charon: 12[CFG] looking for pre-shared key peer configs matching 10.10.100.221...XXX.YYY.2.20[XXX.YYY.2.20]
Aug 30 14:58:41 bhm-ipsec-221 charon: 12[CFG] selected peer config "secret-tunnel02"
Aug 30 14:58:41 bhm-ipsec-221 charon: 12[IKE] deleting duplicate IKE_SA for peer 'XXX.YYY.2.20' due to uniqueness policy
Aug 30 14:58:41 bhm-ipsec-221 charon: 12[IKE] deleting IKE_SA secret-tunnel02[2] between 10.10.100.221[company]...XXX.YYY.2.20[XXX.YYY.2.20]
Aug 30 14:58:41 bhm-ipsec-221 charon: 12[IKE] sending DELETE for IKE_SA sending-tunnel02[2]
Aug 30 14:58:41 bhm-ipsec-221 charon: 12[ENC] generating INFORMATIONAL_V1 request 1385282457 [ HASH D ]
Aug 30 14:58:41 bhm-ipsec-221 charon: 12[NET] sending packet: from 10.10.100.221[4500] to XXX.YYY.2.20[4500] (84 bytes)
Aug 30 14:58:41 bhm-ipsec-221 charon: 12[IKE] IKE_SA secret-tunnel02[10] established between 10.10.100.221[company]...XXX.YYY.2.20[XXX.YYY.2.20]
Aug 30 14:58:41 bhm-ipsec-221 charon: 12[IKE] scheduling reauthentication in 27872s
Aug 30 14:58:41 bhm-ipsec-221 charon: 12[IKE] maximum IKE_SA lifetime 28412s
Aug 30 14:58:41 bhm-ipsec-221 charon: 12[IKE] DPD not supported by peer, disabled
Aug 30 14:58:41 bhm-ipsec-221 charon: 12[ENC] generating ID_PROT response 0 [ ID HASH ]
Aug 30 14:58:41 bhm-ipsec-221 charon: 12[NET] sending packet: from 10.10.100.221[4500] to XXX.YYY.2.20[4500] (68 bytes)
Aug 30 14:58:41 bhm-ipsec-221 charon: 15[NET] received packet: from XXX.YYY.2.20[4500] to 10.10.100.221[4500] (68 bytes)
Aug 30 14:58:41 bhm-ipsec-221 charon: 15[ENC] parsed INFORMATIONAL_V1 request 3803765251 [ HASH D ]
Aug 30 14:58:41 bhm-ipsec-221 charon: 15[IKE] received DELETE for ESP CHILD_SA with SPI c95b03dd
Aug 30 14:58:41 bhm-ipsec-221 charon: 15[IKE] closing CHILD_SA secret-tunnel02{2} with SPIs c7a16268_i (13652 bytes) c95b03dd_o (17544 bytes) and TS 10.10.100.0/24 === XXX.YYY.43.0/24
Aug 30 14:58:41 bhm-ipsec-221 vpn: - XXX.YYY.2.20 XXX.YYY.43.0/24 == XXX.YYY.2.20 -- 10.10.100.221 == 10.10.100.0/24
Aug 30 14:58:41 bhm-ipsec-221 charon: 09[NET] received packet: from XXX.YYY.2.20[4500] to 10.10.100.221[4500] (84 bytes)
Aug 30 14:58:41 bhm-ipsec-221 charon: 09[ENC] parsed INFORMATIONAL_V1 request 958391242 [ HASH D ]
Aug 30 14:58:41 bhm-ipsec-221 charon: 09[IKE] received DELETE for IKE_SA secret-tunnel02[10]
Aug 30 14:58:41 bhm-ipsec-221 charon: 09[IKE] deleting IKE_SA secret-tunnel02[10] between 10.10.100.221[company]...XXX.YYY.2.20[XXX.YYY.2.20]
</pre>
I appreciate any and all input.<br>
<br>
Thanks,<br>
Izz<br>
<br>
<br>
<div class="moz-signature"><font color="blue"><br>
<b>Izz Abdullah</b><br>
<i>Senior Systems Engineer</i><br>
<a class="moz-txt-link-abbreviated" href="http://www.wepanow.com">www.wepanow.com</a><br>
<div style="line-height:50%"> </div>
<img alt="" src="cid:part1.00060501.08010500@wepanow.com" width="201" height="67"><br>
<br>
</font></div>
</div>
<br>
</body>
</html>