<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>You haven't shared any configuration to tell but we have seen
this behavior over and over again. Check <br>
</p>
<p><a href="https://wiki.strongswan.org/issues/2636">https://wiki.strongswan.org/issues/2636</a><br>
</p>
<p>Probably your issue is the same and the solution is explained on
the same page.<br>
</p>
<p>--Jafar<br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 8/15/19 11:29 AM, Naveen Neelakanta
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CA+ZTJDQ6cwnuipxAMaTJ=eiNMzqKkXj1DvJ=-SpPcNNFgHLTNA@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Hi
<div><br>
</div>
<div>I am seeing this continuous close and create for the
childsa. My logs are overrun, any clue on what might cause
this and any way to prevent this from happening?.</div>
<div><br>
</div>
<div><br>
</div>
<div>2019-08-11T05:43:45.275Z inf charon local1 @dGzD9B
text:14[IKE] <sl3|5792> CHILD_SA sl3childsa{300113}
established with SPIs a4efb19d_i 094e6541_o and TS <a
href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a>
=== <a href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a><br>
2019-08-11T05:43:45.526Z inf charon local1 @9xFYmB
text:07[IKE] <sl3|5792> closing CHILD_SA
sl3childsa{300112} with SPIs 925920ac_i (40 bytes) 0c3067c2_o
(40 bytes) and TS <a href="http://0.0.0.0/0"
moz-do-not-send="true">0.0.0.0/0</a> === <a
href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a><br>
2019-08-11T05:43:45.577Z inf charon local1 @cxVdKB
text:08[IKE] <sl3|5792> CHILD_SA sl3childsa{300114}
established with SPIs 9fb40275_i 08aab039_o and TS <a
href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a>
=== <a href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a><br>
2019-08-11T05:43:45.768Z inf charon local1 @Or8ri
text:12[IKE] <sl3|5792> closing CHILD_SA
sl3childsa{300113} with SPIs a4efb19d_i (118 bytes) 094e6541_o
(80 bytes) and TS <a href="http://0.0.0.0/0"
moz-do-not-send="true">0.0.0.0/0</a> === <a
href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a><br>
2019-08-11T05:43:45.819Z inf charon local1 @rzhCjC
text:07[IKE] <sl3|5792> CHILD_SA sl3childsa{300115}
established with SPIs 9c191940_i 09933911_o and TS <a
href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a>
=== <a href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a><br>
2019-08-11T05:43:46.173Z inf charon local1 @7Mh7WB
text:11[IKE] <sl3|5792> closing CHILD_SA
sl3childsa{300114} with SPIs 9fb40275_i (166 bytes) 08aab039_o
(80 bytes) and TS <a href="http://0.0.0.0/0"
moz-do-not-send="true">0.0.0.0/0</a> === <a
href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a><br>
2019-08-11T05:43:46.219Z inf charon local1 @8aPAC
text:06[IKE] <sl3|5792> CHILD_SA sl3childsa{300116}
established with SPIs 92827d7f_i 0aa37fd0_o and TS <a
href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a>
=== <a href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a><br>
2019-08-11T05:43:46.340Z inf charon local1 @v3IcGD
text:13[IKE] <sl3|5792> closing CHILD_SA
sl3childsa{300115} with SPIs 9c191940_i (269 bytes) 09933911_o
(1882 bytes) and TS <a href="http://0.0.0.0/0"
moz-do-not-send="true">0.0.0.0/0</a> === <a
href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a><br>
2019-08-11T05:43:46.398Z inf charon local1 @lkT2O
text:14[IKE] <sl3|5792> CHILD_SA sl3childsa{300117}
established with SPIs 7cd063e0_i 002cea3f_o and TS <a
href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a>
=== <a href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a><br>
2019-08-11T05:43:46.522Z inf charon local1 @SZB5P
text:06[IKE] <sl3|5792> closing CHILD_SA
sl3childsa{300116} with SPIs 92827d7f_i (309 bytes) 0aa37fd0_o
(1815 bytes) and TS <a href="http://0.0.0.0/0"
moz-do-not-send="true">0.0.0.0/0</a> === <a
href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a><br>
2019-08-11T05:43:46.571Z inf charon local1 @4hJI2C
text:07[IKE] <sl3|5792> CHILD_SA sl3childsa{300118}
established with SPIs 814927ac_i 06c97028_o and TS <a
href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a>
=== <a href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a><br>
2019-08-11T05:43:47.177Z inf charon local1 @P0vCN
text:14[IKE] <sl3|5792> closing CHILD_SA
sl3childsa{300117} with SPIs 7cd063e0_i (113 bytes) 002cea3f_o
(80 bytes) and TS <a href="http://0.0.0.0/0"
moz-do-not-send="true">0.0.0.0/0</a> === <a
href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a><br>
2019-08-11T05:43:47.225Z inf charon local1 @l7zl7B
text:12[IKE] <sl3|5792> CHILD_SA sl3childsa{300119}
established with SPIs 8469ef1d_i 0faab34b_o and TS <a
href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a>
=== <a href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a><br>
2019-08-11T05:43:47.350Z inf charon local1 @nS9xmC
text:06[IKE] <sl3|5792> closing CHILD_SA
sl3childsa{300118} with SPIs 814927ac_i (309 bytes) 06c97028_o
(1378 bytes) and TS <a href="http://0.0.0.0/0"
moz-do-not-send="true">0.0.0.0/0</a> === <a
href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a><br>
2019-08-11T05:43:47.401Z inf charon local1 @13NLhB
text:09[IKE] <sl3|5792> CHILD_SA sl3childsa{300120}
established with SPIs a0a0820d_i 09e1ebf5_o and TS <a
href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a>
=== <a href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a><br>
2019-08-11T05:43:47.951Z inf charon local1 @pGxtx
text:14[IKE] <sl3|5792> closing CHILD_SA
sl3childsa{300119} with SPIs 8469ef1d_i (453 bytes) 0faab34b_o
(386 bytes) and TS <a href="http://0.0.0.0/0"
moz-do-not-send="true">0.0.0.0/0</a> === <a
href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a><br>
2019-08-11T05:43:47.998Z inf charon local1 @PwvBS
text:07[IKE] <sl3|5792> CHILD_SA sl3childsa{300121}
established with SPIs 6b54047d_i 0195131c_o and TS <a
href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a>
=== <a href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a><br>
2019-08-11T05:43:48.119Z inf charon local1 @vU02x
text:11[IKE] <sl3|5792> closing CHILD_SA
sl3childsa{300120} with SPIs a0a0820d_i (72 bytes) 09e1ebf5_o
(488 bytes) and TS <a href="http://0.0.0.0/0"
moz-do-not-send="true">0.0.0.0/0</a> === <a
href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a><br>
2019-08-11T05:43:48.167Z inf charon local1 @statc
text:12[IKE] <sl3|5792> CHILD_SA sl3childsa{300122}
established with SPIs 7f4a4ad2_i 0f4abf4d_o and TS <a
href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a>
=== <a href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a><br>
2019-08-11T05:43:48.736Z inf charon local1 @9uAQz
text:16[IKE] <sl3|5792> closing CHILD_SA
sl3childsa{300121} with SPIs 6b54047d_i (76 bytes) 0195131c_o
(40 bytes) and TS <a href="http://0.0.0.0/0"
moz-do-not-send="true">0.0.0.0/0</a> === <a
href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a><br>
2019-08-11T05:43:48.786Z inf charon local1 @xQ7RwD
text:09[IKE] <sl3|5792> CHILD_SA sl3childsa{300123}
established with SPIs 84f46abf_i 0357fe8e_o and TS <a
href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a>
=== <a href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a><br>
2019-08-11T05:43:49.080Z inf charon local1 @xFhBM
text:11[IKE] <sl3|5792> closing CHILD_SA
sl3childsa{300122} with SPIs 7f4a4ad2_i (40 bytes) 0f4abf4d_o
(40 bytes) and TS <a href="http://0.0.0.0/0"
moz-do-not-send="true">0.0.0.0/0</a> === <a
href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a><br>
2019-08-11T05:43:49.127Z inf charon local1 @2uGYbD
text:05[IKE] <sl3|5792> CHILD_SA sl3childsa{300124}
established with SPIs 6ce77105_i 02c2e8e9_o and TS <a
href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a>
=== <a href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a><br>
2019-08-11T05:43:50.131Z inf charon local1 @rV0kPC
text:14[IKE] <sl3|5792> closing CHILD_SA
sl3childsa{300123} with SPIs 84f46abf_i (167 bytes) 0357fe8e_o
(154 bytes) and TS <a href="http://0.0.0.0/0"
moz-do-not-send="true">0.0.0.0/0</a> === <a
href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>There where multiple childsa session up when is issue the
command ipsec statusall</div>
<div><br>
</div>
<div>Security Associations (5 up, 0 connecting):<br>
sl3[6271]: ESTABLISHED 13 minutes ago,
12.106.228.130[15649831767440254_1146@naveen]...104.129.196.33[104.129.196.33]<br>
sl3[6271]: IKEv1 SPIs: 5db65fe91de02e3c_i*
ab821bd1aa0aa87f_r, rekeying in 23 hours<br>
sl3[6271]: IKE proposal:
AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024<br>
sl3childsa{300743}: INSTALLED, TUNNEL, reqid 5969, ESP
SPIs: 95e36438_i 0262bc4c_o<br>
sl3childsa{300743}: NULL/HMAC_MD5_96, 25007561 bytes_i,
15656981 bytes_o (38921 pkts, 1s ago), rekeying in 7 hours<br>
sl3childsa{300743}: <a href="http://0.0.0.0/0"
moz-do-not-send="true">0.0.0.0/0</a> === <a
href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a><br>
sl3[6270]: ESTABLISHED 13 minutes ago,
12.106.228.130[15649831767440254_1146@naveen]...104.129.196.33[104.129.196.33]<br>
sl3[6270]: IKEv1 SPIs: 7e711527dbc9b5b9_i*
0d192df60de9451c_r, rekeying in 22 hours<br>
sl3[6270]: IKE proposal:
AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024<br>
sl3childsa{300741}: INSTALLED, TUNNEL, reqid 5969, ESP
SPIs: ae5ec511_i 002d5ecd_o<br>
sl3childsa{300741}: NULL/HMAC_MD5_96, 120 bytes_i, 135
bytes_o (2 pkts, 780s ago), rekeying in 7 hours<br>
sl3childsa{300741}: <a href="http://0.0.0.0/0"
moz-do-not-send="true">0.0.0.0/0</a> === <a
href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a><br>
sl3childsa{300742}: INSTALLED, TUNNEL, reqid 5969, ESP
SPIs: 6c0a74ff_i 0c863034_o<br>
sl3childsa{300742}: NULL/HMAC_MD5_96, 0 bytes_i, 60 bytes_o
(1 pkt, 780s ago), rekeying in 7 hours<br>
sl3childsa{300742}: <a href="http://0.0.0.0/0"
moz-do-not-send="true">0.0.0.0/0</a> === <a
href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a><br>
sl3[6269]: ESTABLISHED 13 minutes ago,
12.106.228.130[15649831767440254_1146@naveen]...104.129.196.33[104.129.196.33]<br>
sl3[6269]: IKEv1 SPIs: 80e2c60f6de350c6_i*
4360522f2aa976a9_r, rekeying in 22 hours<br>
sl3[6269]: IKE proposal:
AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024<br>
sl3childsa{300740}: INSTALLED, TUNNEL, reqid 5969, ESP
SPIs: 70f10ba6_i 0ca6520c_o<br>
sl3childsa{300740}: NULL/HMAC_MD5_96, 0 bytes_i, 0 bytes_o,
rekeying in 7 hours<br>
sl3childsa{300740}: <a href="http://0.0.0.0/0"
moz-do-not-send="true">0.0.0.0/0</a> === <a
href="http://0.0.0.0/0" moz-do-not-send="true">0.0.0.0/0</a><br>
</div>
<div><br>
</div>
<div>Thanks,</div>
<div>Naveen</div>
<div><br>
</div>
</div>
</blockquote>
</body>
</html>