<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;font-family:Calibri,Helvetica,sans-serif;" dir="ltr">
<p style="margin-top:0;margin-bottom:0">Setting that value had a negative effect. Not only is it not deleting the old rekeys (they continue to accumulate at 1 every 30 seconds or so), but now it creates 2 installed tunnels:</p>
<p style="margin-top:0;margin-bottom:0"><br>
</p>
<p style="margin-top:0;margin-bottom:0"></p>
<div> sph-main{8}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: ccf1f516_i 968001a4_o</div>
<div> sph-main{8}: AES_CBC_128/HMAC_SHA1_96/MODP_1536, 0 bytes_i, 0 bytes_o, rekeying in 7 hours</div>
<div> sph-main{8}: x.x.x.x/16 === x.x.x.x/28</div>
<div> sph-main{9}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c57fde42_i 7d27b8fb_o</div>
<div> sph-main{9}: AES_CBC_128/HMAC_SHA1_96/MODP_1536, 0 bytes_i, 0 bytes_o, rekeying in 7 hours</div>
<div> sph-main{9}: x.x.x.x/16 === x.x.x.x/28</div>
<div><br>
</div>
<br>
<p></p>
<p style="margin-top:0;margin-bottom:0"><br>
</p>
<div id="Signature">
<div id="divtagdefaultwrapper" dir="ltr" style="background-color:rgb(255,255,255)">
<p style="margin:0in 0in 0.0001pt"></p>
<p style="font-size:12pt; color:rgb(0,0,0); margin:0in 0in 0.0001pt"><font face="Helvetica, sans-serif"><b>Doug Tucker</b></font></p>
<p style="color:rgb(0,0,0); margin:0in 0in 0.0001pt"><font face="Helvetica, sans-serif"><span style="font-size:13.3333px">Sr. Network Administrator</span></font></p>
<p style="font-size:12pt; font-family:Calibri,Arial,Helvetica,sans-serif; color:rgb(0,0,0); margin:0in 0in 0.0001pt">
<span style="font-size:10pt; font-family:Helvetica,sans-serif; color:black"><b>o:
</b>817.975.5832</span><span style="font-size:10.0pt; font-family:"Helvetica",sans-serif; color:black"><b> | </b>m: 817.975.5832 </span></p>
<p style="font-size:12pt; font-family:Calibri,Arial,Helvetica,sans-serif; margin:0in 0in 0.0001pt">
<b style="color:rgb(0,0,0)"><span style="font-size:10.0pt; font-family:"Helvetica",sans-serif; color:black">e:</span></b><span style="color:black; font-size:10pt; font-family:Helvetica,sans-serif"> doug.tucker@newscycle.com</span></p>
<p style="font-size:12pt; font-family:Calibri,Arial,Helvetica,sans-serif; color:rgb(0,0,0); margin:0in 0in 0.0001pt; min-height:14px">
<b><span style="font-size:9.0pt; font-family:"Helvetica",sans-serif; color:#955072"> </span></b></p>
<p style="font-size:12pt; font-family:Calibri,Arial,Helvetica,sans-serif; color:rgb(0,0,0); margin:0in 0in 15pt">
<span style="font-size:10.0pt; font-family:"Arial",sans-serif; color:#4F4E54"><a href="http://www.newscycle.com/" id="LPNoLP"><span style="color:#3B74A9; text-decoration:none"><img border="0" width="250" height="41" id="_x0000_i1025" alt="Newscycle Solutions" class=" size-full wp-image-6318 alignleft" style="max-width: 100%; border-width: 0px; float: left; height: auto; margin: 5px 20px 20px 0px; user-select: none;" src="http://www.newscyclesolutions.com/wp-content/uploads/2013/09/newscycle-logo-email.png"></span></a></span></p>
<p style="font-size:12pt; font-family:Calibri,Arial,Helvetica,sans-serif; color:rgb(0,0,0); margin:0in 0in 0.0001pt; min-height:18px">
<b><span style="font-size:11.5pt; font-family:"Helvetica",sans-serif; color:#01ABFC">Breakthrough technologies for media</span></b></p>
<p style="font-size:12pt; font-family:Calibri,Arial,Helvetica,sans-serif; color:rgb(0,0,0); margin:0in 0in 0.0001pt">
<b><span style="font-size:10.0pt; font-family:"Helvetica",sans-serif; color:#042EEE"> </span></b></p>
<p style="font-size:12pt; font-family:Calibri,Arial,Helvetica,sans-serif; color:rgb(0,0,0); margin:0in 0in 0.0001pt">
<span class="s1"><b><span style="font-size:10.0pt; font-family:"Arial",sans-serif; color:#00ACFC"><a href="http://www.twitter.com/newscycle_news" id="LPNoLP"><span style="color:#00ACFC">Twitter</span></a></span></b></span><span class="s2"><b><span style="font-size:10.0pt; font-family:"Arial",sans-serif; color:#00ACFC">
| <a href="https://www.facebook.com/NEWSCYCLESolutions" id="LPNoLP"><span class="s3"><span style="color:#00ACFC; text-decoration:none">Facebook</span></span></a> | <a href="https://www.linkedin.com/company/newscycle-solutions" id="LPNoLP"><span class="s3"><span style="color:#00ACFC; text-decoration:none">Linkedin</span></span></a></span></b></span><b><span style="font-size:10.0pt; font-family:"Helvetica",sans-serif; color:#042EEE"></span></b></p>
<p style="font-size:12pt; font-family:Calibri,Arial,Helvetica,sans-serif; color:rgb(0,0,0); margin:0in 0in 0.0001pt; min-height:13px">
<b><span style="font-size:8.5pt; font-family:"Helvetica",sans-serif; color:#88898B"> </span></b></p>
<p style="font-size:12pt; font-family:Calibri,Arial,Helvetica,sans-serif; color:rgb(0,0,0); margin:0in 0in 0.0001pt">
<span style="font-size:8.5pt; font-family:"Helvetica",sans-serif; color:#88898B">CONFIDENTIALITY NOTICE: The contents of this email message and any attachments are intended solely for the addressee(s) and may contain confidential and/or privileged information
and may be legally protected from disclosure. If you are not the intended recipient of this message or their agent, or if this message has been addressed to you in error, please immediately alert the sender by reply email and then delete this message and any
attachments. If you are not the intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its attachments is strictly prohibited.</span></p>
<br>
<p></p>
<p style="font-size:12pt; font-family:Calibri,Arial,Helvetica,sans-serif; color:rgb(0,0,0); margin:0in 0in 0.0001pt">
<span style="font-size:8.5pt; font-family:"Helvetica",sans-serif; color:#88898B"></span></p>
</div>
</div>
</div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Noel Kuntze <noel.kuntze+strongswan-users-ml@thermi.consulting><br>
<b>Sent:</b> Tuesday, July 24, 2018 4:02:13 AM<br>
<b>To:</b> Doug Tucker; users@lists.strongswan.org<br>
<b>Subject:</b> Re: [strongSwan] Strongswan 5.6.3 rekey every 30 seconds</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText">Hi,<br>
<br>
You can use charon.delete_rekeyed = yes. But the better solution is to check the logs of the CISCO side to understand why it is doing that.<br>
<br>
Kind regards<br>
<br>
Noel<br>
<br>
On 24.07.2018 05:29, Doug Tucker wrote:<br>
><br>
> Have an issue I've never seen before. Connecting to a remote Cisco router. Have verified settings on the cisco, our rekey options look the same. We get an established connection, then 30 seconds later a rekey happens and it installs under the new one.
This goes on forever. Here are the logs showing the original and 1 rekey. If allowed to continue the number of SA increments as such:<br>
><br>
><br>
> Connections:<br>
> sph-main: x.x.x.x...x.x.x.x IKEv1, dpddelay=15s<br>
> sph-main: local: [x.x.x.x] uses pre-shared key authentication<br>
> sph-main: remote: [x.x.x.x] uses pre-shared key authentication<br>
> sph-main: child: x.x.0.0/16 === x.x.x.x/28 TUNNEL, dpdaction=clear<br>
> Routed Connections:<br>
> sph-main{1}: ROUTED, TUNNEL, reqid 1<br>
> sph-main{1}: x.x.0.0/16 === x.x.x.x/28<br>
> Security Associations (1 up, 0 connecting):<br>
> sph-main[1]: ESTABLISHED 3 minutes ago, x.x.x.x[x.x.x.x]...x.x.x.x[x.x.x.x]<br>
> sph-main[1]: IKEv1 SPIs: 6a4fba86489e9e61_i a244a0079084bf87_r*, pre-shared key reauthentication in 7 hours<br>
> sph-main[1]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536<br>
> sph-main{2}: REKEYED, TUNNEL, reqid 1, expires in 7 hours<br>
> sph-main{2}: x.x.0.0/16 === x.x.x.x/28<br>
> sph-main{3}: REKEYED, TUNNEL, reqid 1, expires in 7 hours<br>
> sph-main{3}: x.x.0.0/16 === x.x.x.x/28<br>
> sph-main{4}: REKEYED, TUNNEL, reqid 1, expires in 7 hours<br>
> sph-main{4}: x.x.0.0/16 === x.x.x.x/28<br>
> sph-main{5}: REKEYED, TUNNEL, reqid 1, expires in 7 hours<br>
> sph-main{5}: x.x.0.0/16 === x.x.x.x/28<br>
> sph-main{6}: REKEYED, TUNNEL, reqid 1, expires in 7 hours<br>
> sph-main{6}: x.x.0.0/16 === x.x.x.x/28<br>
> sph-main{7}: REKEYED, TUNNEL, reqid 1, expires in 7 hours<br>
> sph-main{7}: x.x.0.0/16 === x.x.x.x/28<br>
> sph-main{8}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c781d0ed_i d0a8e566_o<br>
> sph-main{8}: AES_CBC_128/HMAC_SHA1_96/MODP_1536, 0 bytes_i, 0 bytes_o, rekeying in 7 hours<br>
> sph-main{8}: x.x.0.0/16 === x.x.x.x/28<br>
><br>
> Here are my logs:<br>
><br>
><br>
> Jul 24 03:17:31 ip-x-x-x-x journal: Suppressed 379 messages from /user.slice/user-x0.slice<br>
> Jul 24 03:17:31 ip-x-x-x-x charon: 11[NET] received packet: from x.x.x.x[500] to x.x.x.x[500] (34x bytes)<br>
> Jul 24 03:17:31 ip-x-x-x-x charon: 11[ENC] parsed ID_PROT request 0 [ KE No V V V NAT-D NAT-D ]<br>
> Jul 24 03:17:31 ip-x-x-x-x charon: 11[IKE] received DPD vendor ID<br>
> Jul 24 03:17:31 ip-x-x-x-x charon: 11[ENC] received unknown vendor ID: 9f:xx:1d:9b:4x:9f:9e:61:5e:40:3x:7e:a5:6a:96:1f<br>
> Jul 24 03:17:31 ip-x-x-x-x charon: 11[IKE] received XAuth vendor ID<br>
> Jul 24 03:17:31 ip-x-x-x-x charon: 11[IKE] local host is behind NAT, sending keep alives<br>
> Jul 24 03:17:31 ip-x-x-x-x charon: 11[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]<br>
> Jul 24 03:17:31 ip-x-x-x-x charon: 11[NET] sending packet: from x.x.x.x[500] to x.x.x.x[500] (30x bytes)<br>
> Jul 24 03:17:31 ip-x-x-x-x charon: 12[NET] received packet: from x.x.x.x[4500] to x.x.x.x[4500] (10x bytes)<br>
> Jul 24 03:17:31 ip-x-x-x-x charon: 12[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]<br>
> Jul 24 03:17:31 ip-x-x-x-x charon: 12[CFG] looking for pre-shared key peer configs matching x.x.x.x...x.x.x.x[x.x.x.x]<br>
> Jul 24 03:17:31 ip-x-x-x-x charon: 12[CFG] selected peer config "sph-main"<br>
> Jul 24 03:17:31 ip-x-x-x-x charon: 12[IKE] IKE_SA sph-main[1] established between x.x.x.x[13.251.151.1x]...x.x.x.x[x.x.x.x]<br>
> Jul 24 03:17:31 ip-x-x-x-x charon: 12[IKE] scheduling reauthentication in 2x02xs<br>
> Jul 24 03:17:31 ip-x-x-x-x charon: 12[IKE] maximum IKE_SA lifetime 2x56xs<br>
> Jul 24 03:17:31 ip-x-x-x-x charon: 12[ENC] generating ID_PROT response 0 [ ID HASH ]<br>
> Jul 24 03:17:31 ip-x-x-x-x charon: 12[NET] sending packet: from x.x.x.x[4500] to x.x.x.x[4500] (76 bytes)<br>
> Jul 24 03:17:31 ip-x-x-x-x charon: 14[NET] received packet: from x.x.x.x[4500] to x.x.x.x[4500] (3x0 bytes)<br>
> Jul 24 03:17:31 ip-x-x-x-x charon: 14[ENC] parsed QUICK_MODE request 225x9x7323 [ HASH SA No KE ID ID ]<br>
> Jul 24 03:17:31 ip-x-x-x-x charon: 14[IKE] received 460x000000 lifebytes, configured 0<br>
> Jul 24 03:17:31 ip-x-x-x-x charon: 14[ENC] generating QUICK_MODE response 225x9x7323 [ HASH SA No KE ID ID ]<br>
> Jul 24 03:17:31 ip-x-x-x-x charon: 14[NET] sending packet: from x.x.x.x[4500] to x.x.x.x[4500] (396 bytes)<br>
> Jul 24 03:17:31 ip-x-x-x-x charon: 15[NET] received packet: from x.x.x.x[4500] to x.x.x.x[4500] (60 bytes)<br>
> Jul 24 03:17:31 ip-x-x-x-x charon: 15[ENC] parsed QUICK_MODE request 225x9x7323 [ HASH ]<br>
> Jul 24 03:17:31 ip-x-x-x-x charon: 15[IKE] CHILD_SA sph-main{2} established with SPIs cx2f9f6f_i c4cx6290_o and TS x.x.0.0/16 === x.x.x.x/2x<br>
><br>
><br>
> Jul 24 03:17:46 ip-x-x-x-x charon: 05[IKE] sending DPD request<br>
> Jul 24 03:17:46 ip-x-x-x-x charon: 05[ENC] generating INFORMATIONAL_V1 request 43665939 [ HASH N(DPD) ]<br>
> Jul 24 03:17:46 ip-x-x-x-x charon: 05[NET] sending packet: from x.x.x.x[4500] to x.x.x.x[4500] (92 bytes)<br>
> Jul 24 03:17:46 ip-x-x-x-x charon: 07[NET] received packet: from x.x.x.x[4500] to x.x.x.x[4500] (92 bytes)<br>
> Jul 24 03:17:46 ip-x-x-x-x charon: 07[ENC] parsed INFORMATIONAL_V1 request 1316377373 [ HASH N(DPD_ACK) ]<br>
> Jul 24 03:1x:01 ip-x-x-x-x charon: 09[IKE] sending DPD request<br>
> Jul 24 03:1x:01 ip-x-x-x-x charon: 09[ENC] generating INFORMATIONAL_V1 request 2941x32606 [ HASH N(DPD) ]<br>
> Jul 24 03:1x:01 ip-x-x-x-x charon: 09[NET] sending packet: from x.x.x.x[4500] to x.x.x.x[4500] (92 bytes)<br>
> Jul 24 03:1x:01 ip-x-x-x-x charon: 10[NET] received packet: from x.x.x.x[4500] to x.x.x.x[4500] (92 bytes)<br>
> Jul 24 03:1x:01 ip-x-x-x-x charon: 10[ENC] parsed INFORMATIONAL_V1 request 465745044 [ HASH N(DPD_ACK) ]<br>
> Jul 24 03:1x:02 ip-x-x-x-x charon: 11[NET] received packet: from x.x.x.x[4500] to x.x.x.x[4500] (3x0 bytes)<br>
> Jul 24 03:1x:02 ip-x-x-x-x charon: 11[ENC] parsed QUICK_MODE request 1506132661 [ HASH SA No KE ID ID ]<br>
> Jul 24 03:1x:02 ip-x-x-x-x charon: 11[IKE] received 460x000000 lifebytes, configured 0<br>
> Jul 24 03:1x:02 ip-x-x-x-x charon: 11[IKE] detected rekeying of CHILD_SA sph-main{2}<br>
> Jul 24 03:1x:02 ip-x-x-x-x charon: 11[ENC] generating QUICK_MODE response 1506132661 [ HASH SA No KE ID ID ]<br>
> Jul 24 03:1x:02 ip-x-x-x-x charon: 11[NET] sending packet: from x.x.x.x[4500] to x.x.x.x[4500] (396 bytes)<br>
> Jul 24 03:1x:02 ip-x-x-x-x charon: 12[NET] received packet: from x.x.x.x[4500] to x.x.x.x[4500] (60 bytes)<br>
> Jul 24 03:1x:02 ip-x-x-x-x charon: 12[ENC] parsed QUICK_MODE request 1506132661 [ HASH ]<br>
> Jul 24 03:1x:02 ip-x-x-x-x charon: 12[IKE] CHILD_SA sph-main{3} established with SPIs c3cf290a_i 1cab665a_o and TS x.x.0.0/16 === x.x.x.x/2x<br>
><br>
> Thank you in advance for any insight into resolving this.<br>
><br>
><br>
> Sincerely,<br>
><br>
><br>
> *Doug Tucker*<br>
><br>
><br>
><br>
<br>
</div>
</span></font></div>
</body>
</html>