[strongSwan-dev] INFORMATION message stops after rekey

Patil, Suresh (Suresh) suresh.patil at alcatel-lucent.com
Wed Nov 4 07:21:43 CET 2015


Hi 

I am seeing that some times after the Re-key the INFORMATION messages stop's going to the SeGW. I do not have a wireshark to for the same as the issue occurs randomly and causes our Tunnels to fail.

Any inputs on the same is highly appreciated.

Nov  2 20:36:18 charon: 09[IKE] IKE_SA tun3_sa1[51] rekeyed between XX.XX.XX.XX[XXXXXXXX]...X.X.X.X[XXXXXXXXX]
Nov  2 20:36:18 charon: 09[IKE] deleting IKE_SA tun3_sa1[48] between XX.XX.XX.XX[XXXXXXXX]... X.X.X.X[XXXXXXXXX]
Nov  2 20:36:18 charon: 09[IKE] IKE_SA deleted
Nov  2 20:36:52 charon: 14[IKE] retransmit 1 of request with message ID 0, exchange INFORMATIONAL
Nov  2 20:36:59 charon: 04[IKE] retransmit 2 of request with message ID 0, exchange INFORMATIONAL
Nov  2 20:37:12 charon: 12[IKE] retransmit 3 of request with message ID 0, exchange INFORMATIONAL
Nov  2 20:37:35 charon: 12[IKE] retransmit 4 of request with message ID 0, exchange INFORMATIONAL
Nov  2 20:38:17 charon: 13[IKE] retransmit 5 of request with message ID 0, exchange INFORMATIONAL
Nov  2 20:39:33 charon: 12[IKE] retransmit 6 of request with message ID 0, exchange INFORMATIONAL
Nov  2 20:39:38 charon: 04[IKE] giving up after 6 retransmits of exchange INFORMATIONAL
Nov  2 20:39:38 charon: 04[KNL] received netlink error: File exists (17) for nlmsg_type=24
Nov  2 20:39:38 charon: 04[KNL] received netlink error: Returning ALREADY_DONE

Version:
Linux strongSwan U5.2.0/K3.10.49-perf
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.

Strongswan ipsec.conf snippet
	auto=add
        dpdaction=clear
        dpddelay=30s
        forceencaps=yes
        ike=XXXXXXXXXXX
        ikedscp=101110
        ikelifetime=24h
        keyexchange=ikev2
        keyingtries=1
        keylife=4h
        left=%any
        leftauth=pubkey
        leftnexthop=%defaultroute
        leftsourceip=%config
        leftsubnet=0.0.0.0/0
        leftupdown=/opt/alu/fbsr/app/ikem/ikem_updown.vx
        reauth=no
        rekey=yes
        rekeyfuzz=10%
        rekeymargin=10m
        rightauth=pubkey
        rightid=@XXXXXXX.XXX.XXXX
        rightsubnet=XXXXX.XX.XX.XX


Thanks
Suresh


More information about the Dev mailing list