<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi Volodymyr,</p>
<p>For some reason the other end didn't accept all packages and got
some close action in return. Change the closeaction=none and now
it all seems fine. Will check for some more time but think all is
ok again.<br>
Thanks for pointing me in the right page and direction. <br>
</p>
<pre class="moz-signature" cols="72">Met vriendelijke groet,
Ben</pre>
<div class="moz-cite-prefix">On 18-11-2020 13:02, Volodymyr Litovka
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:93a5bbec-e621-287a-853e-fb387378aa53@gmx.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p>Hi Ben,</p>
<p>it makes sense to see into logs. Configure them using
charon-logging.conf or charon-systemd.conf according to
<a class="moz-txt-link-freetext"
href="https://wiki.strongswan.org/projects/strongswan/wiki/Loggerconfiguration"
moz-do-not-send="true">https://wiki.strongswan.org/projects/strongswan/wiki/Loggerconfiguration</a>,
set higher levels for ike, cfg, chd, net sections and then
reload using 'systemctl reload strongswan'. With very high
probability, you'll find the issue in the logs.</p>
<p>Thank you.<br>
</p>
<div class="moz-cite-prefix">On 18.11.2020 12:46, <a
class="moz-txt-link-abbreviated"
href="mailto:strongswan.org@it-beheer.eu"
moz-do-not-send="true">strongswan.org@it-beheer.eu</a> wrote:<br>
</div>
<blockquote type="cite"
cite="mid:1d210d23-475a-7867-4bd7-a81aeb92de2a@xs4all.nl">
<meta http-equiv="content-type" content="text/html;
charset=UTF-8">
<p>Good morning all,</p>
<p>I have a Ubuntu server 20.04 with two Strongswan connections.
One is fine and up all the time. The second is a copy of the
first config with other IP addresses and an other secret and
is all the time connecting even it has already established one
connection working. Found one person that had something
similar witch had something to do with set dpdaction and
closeaction but after a few tries didn't get result and
bringing down the connection all the time gave to much
interruptions for the client. So basically i have a working
connection and only get interruptions when it is being
reestablished.</p>
<p>Hope someone can tell me what i am doing wrong or if this is
a problem at the other end or can me give me some pointers to
debugging.<br>
</p>
<p>===== Conn1 ====<br>
conn Conn1<br>
left=31.3.111.111<br>
right=77.94.111.111<br>
leftsubnet=10.33.3.0/24<br>
rightsubnet=172.31.1.0/24<br>
ike=aes256-sha1-modp1024<br>
keyexchange=ikev2<br>
reauth=no<br>
ikelifetime=86400s<br>
compress=no<br>
authby=secret<br>
esp=aes256-sha1-modp1024<br>
type=tunnel<br>
auto=start<br>
keyingtries=%forever<br>
dpdaction=restart<br>
closeaction=restart</p>
<p><br>
===== ipsec.secrects =====<br>
# This file holds shared secrets or RSA private keys for
authentication.<br>
<br>
# RSA private key for this host, authenticating it to any
other host<br>
# which knows the public part.<br>
<br>
%any 77.94.111.111 : PSK "<sec1>"<br>
%any 90.145.222.222 : PSK "<sec2>"<br>
</p>
<p><br>
</p>
<p>Output from <i>sudo ipsec status<br>
=========================</i><br>
<br>
Security Associations (2 up, 670 connecting):<br>
Conn1[2466]: ESTABLISHED 16 minutes ago,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]<br>
Conn1{5461231}: INSTALLED, TUNNEL, reqid 637, ESP SPIs:
c1f5asdf_i 725asdf_o<br>
Conn1{5461231}: 10.33.3.0/24 === 172.31.1.0/24<br>
Conn1[2464]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]<br>
Conn1[2460]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]<br>
Conn1[2457]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]<br>
Conn1[2455]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]<br>
OtherConnection[2454]: ESTABLISHED 6 hours ago,
31.3.111.111[31.3.111.111]...90.145.222.222[90.145.222.222]<br>
OtherConnection{5459235}: INSTALLED, TUNNEL, reqid 634, ESP
SPIs: c38asdff_i c919asdf_o<br>
OtherConnection{5459235}: 10.33.3.0/24 ===
100.222.222.0/21<br>
Conn1[2451]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]<br>
Conn1[2447]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]<br>
Conn1[2440]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]<br>
Conn1[2439]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]<br>
Conn1[2437]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]<br>
Conn1[2434]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]<br>
Conn1[2432]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]<br>
Conn1[2430]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]<br>
Conn1[2429]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]<br>
Conn1[2426]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]<br>
Conn1[2425]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]<br>
Conn1[2422]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]<br>
Conn1[2421]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]<br>
Conn1[2418]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]<br>
Conn1[2412]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]<br>
Conn1[2411]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]<br>
Conn1[2409]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]<br>
============================<br>
</p>
<pre class="moz-signature" cols="72">--
Met vriendelijke groet,
Ben</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison</pre>
</blockquote>
</body>
</html>