[strongSwan] multiple tunnels established for one connection (IKEv2)
Andreas Steffen
andreas.steffen at strongswan.org
Tue Oct 19 20:46:37 CEST 2010
Hi Matthias,
I just see from your log, that ipsec starter initiates the connection
several times in a row:
> Oct 19 17:04:43 tanzplatz charon: 05[CFG] received stroke: initiate
'tanzplatz-h3x2'
> Oct 19 17:05:01 tanzplatz charon: 08[CFG] received stroke: initiate
> 'tanzplatz-h3x2'
> Oct 19 17:10:01 tanzplatz charon: 15[CFG] received stroke: initiate
> 'tanzplatz-h3x2'
I actually don't understand what you are doing because starter should
initiate the connection only once.
Regards
Andreas
On 19.10.2010 19:19, Matthias Läßig wrote:
> Hi all,
>
> I have strongswan 4.3.5 working between two Linux 2.6 gateways, routing
> etc. is working perfectly. When looking at the established connections
> I'm getting:
>
> 000 Status of IKEv1 pluto daemon (strongSwan 4.3.5):
> 000 interface lo/lo ::1:500
> 000 interface lo/lo 127.0.0.1:4500
> 000 interface lo/lo 127.0.0.1:500
> 000 interface lo/lo 127.0.0.2:4500
> 000 interface lo/lo 127.0.0.2:500
> 000 interface eth0/eth0 10.0.0.252:4500
> 000 interface eth0/eth0 10.0.0.252:500
> 000 interface eth1/eth1 10.0.0.5:4500
> 000 interface eth1/eth1 10.0.0.5:500
> 000 %myid = '%any'
> 000 loaded plugins: curl aes des sha1 sha2 md5 random x509 pubkey pkcs1
> pgp dnskey pem hmac gmp
> 000 debug options: none
> 000
> Status of IKEv2 charon daemon (strongSwan 4.3.5):
> uptime: 117 seconds, since Oct 19 17:04:44 2010
> worker threads: 9 idle of 16, job queue load: 0, scheduled events: 4
> loaded plugins: curl aes des sha1 sha2 md5 fips-prf random x509 pubkey
> pkcs1 pgp dnskey pem xcbc hmac gmp kernel-netlink stroke updown attr
> resolve
> Listening IP addresses:
> 10.0.0.252
> 10.0.0.5
> Connections:
> tanzplatz-h3x2: 10.0.0.252...88.198.14.125
> tanzplatz-h3x2: local: [C=DE, ST=Bavaria, L=Unterschleissheim,
> O=apob.net, OU=Network Services, CN=elias.apob.net, E=info at apob.net]
> uses public key authentication
> tanzplatz-h3x2: cert: "C=DE, ST=Bavaria, L=Unterschleissheim,
> O=apob.net, OU=Network Services, CN=elias.apob.net, E=info at apob.net
> <mailto:E=info at apob.net>"
> tanzplatz-h3x2: remote: [C=DE, ST=Bavaria, L=Nuremberg, O=apob.net,
> OU=Network Services, CN=h3x2.apob.net, E=info at apob.net] uses any
> authentication
> tanzplatz-h3x2: cert: "C=DE, ST=Bavaria, L=Nuremberg, O=apob.net,
> OU=Network Services, CN=h3x2.apob.net, E=info at apob.net
> <mailto:E=info at apob.net>"
> tanzplatz-h3x2: child: 10.0.0.0/24 === 10.1.0.0/24 172.16.8.0/24
> Security Associations:
> tanzplatz-h3x2[1]: ESTABLISHED 114 seconds ago, 10.0.0.252[C=DE,
> ST=Bavaria, L=Unterschleissheim, O=apob.net, OU=Network Services,
> CN=elias.apob.net, E=info at apob.net]...88.198.14.125[C=DE, ST=Bavaria,
> L=Nuremberg, O=apob.net, OU=Network Services, CN=h3x2.apob.net,
> E=info at apob.net]
> tanzplatz-h3x2[1]: IKE SPIs: 80f47cac247b838c_i* a6eef15b1c4cafc5_r,
> public key reauthentication in 2 hours
> tanzplatz-h3x2[1]: IKE proposal:
> AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
> tanzplatz-h3x2{1}: INSTALLED, TUNNEL, ESP in UDP SPIs: cb001dde_i
> cb487bdb_o
> tanzplatz-h3x2{1}: AES_CBC_128/HMAC_SHA1_96, 152 bytes_i (15s ago), 0
> bytes_o, rekeying in 41 minutes
> tanzplatz-h3x2{1}: 10.0.0.0/24 === 10.1.0.0/24 172.16.8.0/24
> tanzplatz-h3x2{2}: INSTALLED, TUNNEL, ESP in UDP SPIs: ca0c17ef_i
> c24d0e02_o
> tanzplatz-h3x2{2}: AES_CBC_128/HMAC_SHA1_96, 17994 bytes_i (15s ago),
> 16661 bytes_o (14s ago), rekeying in 46 minutes
> tanzplatz-h3x2{2}: 10.0.0.0/24 === 10.1.0.0/24 172.16.8.0/24
>
> The longer the SA is up, the more tunnels I get. All of them are being
> rekeyed. After 24 hours there are hundreds of them up. Is there a way to
> prevent this as I don't think this is the expected behaviour?
>
> Here's my ipsec.conf:
>
> # /etc/ipsec.conf - Openswan IPsec configuration file
> # RCSID $Id: ipsec.conf.in,v 1.15.2.2 2005/11/14 20:10:27 paul Exp $
>
> # This file: /usr/share/doc/packages/openswan/ipsec.conf-sample
> #
> # Manual: ipsec.conf.5
>
>
> version 2.0 # conforms to second version of ipsec.conf specification
>
> # basic configuration
> config setup
> # plutodebug / klipsdebug = "all", "none" or a combation from below:
> # "raw crypt parsing emitting control klips pfkey natt x509 private"
> # eg:
> #plutodebug="all"
> #
> # Only enable klipsdebug=all if you are a developer
> #
> # NAT-TRAVERSAL support, see README.NAT-Traversal
> # nat_traversal=yes
> # virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12
> #
> # Certificate Revocation List handling:
> crlcheckinterval=600
> strictcrlpolicy=no
> #
> # Change rp_filter setting? (default is 0, disabled)
> # See also setting in the /etc/sysctl.conf file!
> #rp_filter=%unchanged
> #
> # Workaround to setup all tunnels immediately, since the new default
> # of "plutowait=no" causes "Resource temporarily unavailable" errors
> # for the first connect attempt over each tunnel, that is delayed to
> # be established later / on demand.
> #
> nat_traversal=yes
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
>
> conn %default
> # keyingtries default to %forever
> #keyingtries=3
> # Sig keys (default: %dnsondemand)
> leftrsasigkey=%cert
> rightrsasigkey=%cert
> # Lifetimes, defaults are 1h/8hrs
> #ikelifetime=20m
> #keylife=1h
> #rekeymargin=8m
>
> #Disable Opportunistic Encryption
> include /usr/local/etc/ipsec.d/examples/no_oe.conf
>
> ca apob.net <http://apob.net>
> cacert=apob.pem
> crluri=http://ca.apob.net/ca-crl.crl
> auto=add
>
> # Add connections here
>
> conn tanzplatz-h3x2
> authby=rsasig
> left=10.0.0.252
> leftcert=elias.pem
> leftsubnet=10.0.0.0/24
> right=88.198.14.125
> rightsubnet=10.1.0.0/24,172.16.8.0/24
> rightcert=h3x2.pem
> compress=no
> keyexchange=ikev2
> keyingtries=%forever
> rekeyfuzz = 100%
> pfs = yes
> mobike=no
> auto=start
>
> And all the charon messages from syslog:
>
> Oct 19 17:04:43 tanzplatz charon: 01[DMN] Starting IKEv2 charon daemon
> (strongSwan 4.3.5)
> Oct 19 17:04:43 tanzplatz charon: 01[KNL] listening on interfaces:
> Oct 19 17:04:43 tanzplatz charon: 01[KNL] eth0
> Oct 19 17:04:43 tanzplatz charon: 01[KNL] 10.0.0.252
> Oct 19 17:04:43 tanzplatz charon: 01[KNL] fe80::6ef0:49ff:fe13:64a7
> Oct 19 17:04:43 tanzplatz charon: 01[KNL] eth1
> Oct 19 17:04:43 tanzplatz charon: 01[KNL] 10.0.0.5
> Oct 19 17:04:43 tanzplatz charon: 01[KNL] fe80::21b:21ff:fe1b:f53d
> Oct 19 17:04:43 tanzplatz charon: 01[CFG] loading ca certificates from
> '/usr/local/etc/ipsec.d/cacerts'
> Oct 19 17:04:43 tanzplatz charon: 01[CFG] loaded ca certificate "C=DE,
> ST=Bavaria, L=Eching, O=apob.net, OU=Certification Services, CN=apob.net
> Certification Authority, E=info at ca.apob.net <mailto:E=info at ca.apob.net>"
> from '/usr/local/etc/ipsec.d/cacerts/apob.pem'
> Oct 19 17:04:43 tanzplatz charon: 01[CFG] loading aa certificates from
> '/usr/local/etc/ipsec.d/aacerts'
> Oct 19 17:04:43 tanzplatz charon: 01[CFG] loading ocsp signer
> certificates from '/usr/local/etc/ipsec.d/ocspcerts'
> Oct 19 17:04:43 tanzplatz charon: 01[CFG] loading attribute certificates
> from '/usr/local/etc/ipsec.d/acerts'
> Oct 19 17:04:43 tanzplatz charon: 01[CFG] loading crls from
> '/usr/local/etc/ipsec.d/crls'
> Oct 19 17:04:43 tanzplatz charon: 01[CFG] loading secrets from
> '/usr/local/etc/ipsec.secrets'
> Oct 19 17:04:43 tanzplatz charon: 01[CFG] loaded RSA private key from
> '/usr/local/etc/ipsec.d/private/elias.key'
> Oct 19 17:04:43 tanzplatz charon: 01[DMN] loaded plugins: curl aes des
> sha1 sha2 md5 fips-prf random x509 pubkey pkcs1 pgp dnskey pem xcbc hmac
> gmp kernel-netlink stroke updown attr resolve
> Oct 19 17:04:43 tanzplatz charon: 01[JOB] spawning 16 worker threads
> Oct 19 17:04:43 tanzplatz ipsec_starter[7194]: charon (7222) started
> after 20 ms
> Oct 19 17:04:43 tanzplatz charon: 05[CFG] received stroke: add ca 'apob.net'
> Oct 19 17:04:43 tanzplatz charon: 05[CFG] added ca 'apob.net'
> Oct 19 17:04:43 tanzplatz charon: 05[CFG] received stroke: add
> connection 'tanzplatz-h3x2'
> Oct 19 17:04:43 tanzplatz charon: 05[CFG] loaded certificate "C=DE,
> ST=Bavaria, L=Unterschleissheim, O=apob.net, OU=Network Services,
> CN=elias.apob.net, E=info at apob.net <mailto:E=info at apob.net>" from
> 'elias.pem'
> Oct 19 17:04:43 tanzplatz charon: 05[CFG] peerid 10.0.0.252 not
> confirmed by certificate, defaulting to subject DN: C=DE, ST=Bavaria,
> L=Unterschleissheim, O=apob.net, OU=Network Services, CN=elias.apob.net,
> E=info at apob.net <mailto:E=info at apob.net>
> Oct 19 17:04:43 tanzplatz charon: 05[CFG] loaded certificate "C=DE,
> ST=Bavaria, L=Nuremberg, O=apob.net, OU=Network Services,
> CN=h3x2.apob.net, E=info at apob.net <mailto:E=info at apob.net>" from 'h3x2.pem'
> Oct 19 17:04:43 tanzplatz charon: 05[CFG] peerid 88.198.14.125 not
> confirmed by certificate, defaulting to subject DN: C=DE, ST=Bavaria,
> L=Nuremberg, O=apob.net, OU=Network Services, CN=h3x2.apob.net,
> E=info at apob.net <mailto:E=info at apob.net>
> Oct 19 17:04:43 tanzplatz charon: 05[CFG] added configuration
> 'tanzplatz-h3x2'
> Oct 19 17:04:43 tanzplatz charon: 05[CFG] received stroke: initiate
> 'tanzplatz-h3x2'
> Oct 19 17:04:43 tanzplatz charon: 05[IKE] initiating IKE_SA
> tanzplatz-h3x2[1] to 88.198.14.125
> Oct 19 17:04:43 tanzplatz charon: 05[IKE] initiating IKE_SA
> tanzplatz-h3x2[1] to 88.198.14.125
> Oct 19 17:04:43 tanzplatz charon: 05[ENC] generating IKE_SA_INIT request
> 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
> Oct 19 17:04:43 tanzplatz charon: 05[NET] sending packet: from
> 10.0.0.252[500] to 88.198.14.125[500]
> Oct 19 17:04:44 tanzplatz charon: 14[NET] received packet: from
> 88.198.14.125[500] to 10.0.0.252[500]
> Oct 19 17:04:44 tanzplatz charon: 14[ENC] parsed IKE_SA_INIT response 0
> [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
> Oct 19 17:04:44 tanzplatz charon: 14[IKE] local host is behind NAT,
> sending keep alives
> Oct 19 17:04:44 tanzplatz charon: 14[IKE] received cert request for
> "C=DE, ST=Bavaria, L=Eching, O=apob.net, OU=Certification Services,
> CN=apob.net Certification Authority, E=info at ca.apob.net
> <mailto:E=info at ca.apob.net>"
> Oct 19 17:04:44 tanzplatz charon: 14[IKE] sending cert request for
> "C=DE, ST=Bavaria, L=Eching, O=apob.net, OU=Certification Services,
> CN=apob.net Certification Authority, E=info at ca.apob.net
> <mailto:E=info at ca.apob.net>"
> Oct 19 17:04:44 tanzplatz charon: 14[IKE] authentication of 'C=DE,
> ST=Bavaria, L=Unterschleissheim, O=apob.net, OU=Network Services,
> CN=elias.apob.net, E=info at apob.net <mailto:E=info at apob.net>' (myself)
> with RSA signature successful
> Oct 19 17:04:44 tanzplatz charon: 14[IKE] sending end entity cert "C=DE,
> ST=Bavaria, L=Unterschleissheim, O=apob.net, OU=Network Services,
> CN=elias.apob.net, E=info at apob.net <mailto:E=info at apob.net>"
> Oct 19 17:04:44 tanzplatz charon: 14[IKE] establishing CHILD_SA
> tanzplatz-h3x2
> Oct 19 17:04:44 tanzplatz charon: 14[IKE] establishing CHILD_SA
> tanzplatz-h3x2
> Oct 19 17:04:44 tanzplatz charon: 14[ENC] generating IKE_AUTH request 1
> [ IDi CERT CERTREQ IDr AUTH SA TSi TSr N(MULT_AUTH) ]
> Oct 19 17:04:44 tanzplatz charon: 14[NET] sending packet: from
> 10.0.0.252[4500] to 88.198.14.125[4500]
> Oct 19 17:04:46 tanzplatz charon: 17[NET] received packet: from
> 88.198.14.125[4500] to 10.0.0.252[4500]
> Oct 19 17:04:46 tanzplatz charon: 17[ENC] parsed IKE_AUTH response 1 [
> IDr CERT AUTH SA TSi TSr N(AUTH_LFT) ]
> Oct 19 17:04:46 tanzplatz charon: 17[IKE] received end entity cert
> "C=DE, ST=Bavaria, L=Nuremberg, O=apob.net, OU=Network Services,
> CN=h3x2.apob.net, E=info at apob.net <mailto:E=info at apob.net>"
> Oct 19 17:04:46 tanzplatz charon: 17[CFG] using trusted ca certificate
> "C=DE, ST=Bavaria, L=Eching, O=apob.net, OU=Certification Services,
> CN=apob.net Certification Authority, E=info at ca.apob.net
> <mailto:E=info at ca.apob.net>"
> Oct 19 17:04:46 tanzplatz charon: 17[CFG] checking certificate status of
> "C=DE, ST=Bavaria, L=Nuremberg, O=apob.net, OU=Network Services,
> CN=h3x2.apob.net, E=info at apob.net <mailto:E=info at apob.net>"
> Oct 19 17:04:46 tanzplatz charon: 17[CFG] fetching crl from
> 'http://ca.apob.net/ca-crl.crl' ...
> Oct 19 17:04:46 tanzplatz charon: 17[CFG] using trusted certificate
> "C=DE, ST=Bavaria, L=Eching, O=apob.net, OU=Certification Services,
> CN=apob.net Certification Authority, E=info at ca.apob.net
> <mailto:E=info at ca.apob.net>"
> Oct 19 17:04:46 tanzplatz charon: 17[CFG] crl correctly signed by
> "C=DE, ST=Bavaria, L=Eching, O=apob.net, OU=Certification Services,
> CN=apob.net Certification Authority, E=info at ca.apob.net
> <mailto:E=info at ca.apob.net>"
> Oct 19 17:04:46 tanzplatz charon: 17[CFG] crl is valid: until Oct 26
> 00:05:02 2010
> Oct 19 17:04:46 tanzplatz charon: 17[CFG] certificate status is good
> Oct 19 17:04:46 tanzplatz charon: 17[CFG] using trusted certificate
> "C=DE, ST=Bavaria, L=Nuremberg, O=apob.net, OU=Network Services,
> CN=h3x2.apob.net, E=info at apob.net <mailto:E=info at apob.net>"
> Oct 19 17:04:46 tanzplatz charon: 17[IKE] authentication of 'C=DE,
> ST=Bavaria, L=Nuremberg, O=apob.net, OU=Network Services,
> CN=h3x2.apob.net, E=info at apob.net <mailto:E=info at apob.net>' with RSA
> signature successful
> Oct 19 17:04:46 tanzplatz charon: 17[IKE] IKE_SA tanzplatz-h3x2[1]
> established between 10.0.0.252[C=DE, ST=Bavaria, L=Unterschleissheim,
> O=apob.net, OU=Network Services, CN=elias.apob.net,
> E=info at apob.net]...88.198.14.125[C=DE, ST=Bavaria, L=Nuremberg,
> O=apob.net, OU=Network Services, CN=h3x2.apob.net, E=info at apob.net]
> Oct 19 17:04:46 tanzplatz charon: 17[IKE] IKE_SA tanzplatz-h3x2[1]
> established between 10.0.0.252[C=DE, ST=Bavaria, L=Unterschleissheim,
> O=apob.net, OU=Network Services, CN=elias.apob.net,
> E=info at apob.net]...88.198.14.125[C=DE, ST=Bavaria, L=Nuremberg,
> O=apob.net, OU=Network Services, CN=h3x2.apob.net, E=info at apob.net]
> Oct 19 17:04:46 tanzplatz charon: 17[IKE] scheduling reauthentication in
> 9844s
> Oct 19 17:04:46 tanzplatz charon: 17[IKE] maximum IKE_SA lifetime 10384s
> Oct 19 17:04:46 tanzplatz charon: 17[IKE] CHILD_SA tanzplatz-h3x2{1}
> established with SPIs cb001dde_i cb487bdb_o and TS 10.0.0.0/24 ===
> 10.1.0.0/24 172.16.8.0/24
> Oct 19 17:04:46 tanzplatz charon: 17[IKE] CHILD_SA tanzplatz-h3x2{1}
> established with SPIs cb001dde_i cb487bdb_o and TS 10.0.0.0/24 ===
> 10.1.0.0/24 172.16.8.0/24
> Oct 19 17:04:46 tanzplatz charon: 17[IKE] received AUTH_LIFETIME of
> 9827s, scheduling reauthentication in 9287s
> Oct 19 17:05:01 tanzplatz charon: 08[CFG] received stroke: initiate
> 'tanzplatz-h3x2'
> Oct 19 17:05:01 tanzplatz charon: 13[IKE] establishing CHILD_SA
> tanzplatz-h3x2
> Oct 19 17:05:01 tanzplatz charon: 13[IKE] establishing CHILD_SA
> tanzplatz-h3x2
> Oct 19 17:05:01 tanzplatz charon: 13[ENC] generating CREATE_CHILD_SA
> request 2 [ SA No TSi TSr ]
> Oct 19 17:05:01 tanzplatz charon: 13[NET] sending packet: from
> 10.0.0.252[4500] to 88.198.14.125[4500]
> Oct 19 17:05:03 tanzplatz charon: 12[NET] received packet: from
> 88.198.14.125[4500] to 10.0.0.252[4500]
> Oct 19 17:05:03 tanzplatz charon: 12[ENC] parsed CREATE_CHILD_SA
> response 2 [ SA No TSi TSr ]
> Oct 19 17:05:03 tanzplatz charon: 12[IKE] CHILD_SA tanzplatz-h3x2{2}
> established with SPIs ca0c17ef_i c24d0e02_o and TS 10.0.0.0/24 ===
> 10.1.0.0/24 172.16.8.0/24
> Oct 19 17:05:03 tanzplatz charon: 12[IKE] CHILD_SA tanzplatz-h3x2{2}
> established with SPIs ca0c17ef_i c24d0e02_o and TS 10.0.0.0/24 ===
> 10.1.0.0/24 172.16.8.0/24
> Oct 19 17:06:16 tanzplatz charon: 15[IKE] sending keep alive
> Oct 19 17:06:16 tanzplatz charon: 15[NET] sending packet: from
> 10.0.0.252[4500] to 88.198.14.125[4500]
> Oct 19 17:06:46 tanzplatz charon: 09[IKE] sending keep alive
> Oct 19 17:06:46 tanzplatz charon: 09[NET] sending packet: from
> 10.0.0.252[4500] to 88.198.14.125[4500]
> Oct 19 17:07:19 tanzplatz charon: 15[IKE] sending keep alive
> Oct 19 17:07:19 tanzplatz charon: 15[NET] sending packet: from
> 10.0.0.252[4500] to 88.198.14.125[4500]
> Oct 19 17:07:39 tanzplatz charon: 13[IKE] sending keep alive
> Oct 19 17:07:39 tanzplatz charon: 13[NET] sending packet: from
> 10.0.0.252[4500] to 88.198.14.125[4500]
> Oct 19 17:08:15 tanzplatz charon: 10[IKE] sending keep alive
> Oct 19 17:08:15 tanzplatz charon: 10[NET] sending packet: from
> 10.0.0.252[4500] to 88.198.14.125[4500]
> Oct 19 17:09:19 tanzplatz charon: 05[IKE] sending keep alive
> Oct 19 17:09:19 tanzplatz charon: 05[NET] sending packet: from
> 10.0.0.252[4500] to 88.198.14.125[4500]
> Oct 19 17:09:45 tanzplatz charon: 16[IKE] sending keep alive
> Oct 19 17:09:45 tanzplatz charon: 16[NET] sending packet: from
> 10.0.0.252[4500] to 88.198.14.125[4500]
> Oct 19 17:10:01 tanzplatz charon: 15[CFG] received stroke: initiate
> 'tanzplatz-h3x2'
> Oct 19 17:10:01 tanzplatz charon: 12[IKE] establishing CHILD_SA
> tanzplatz-h3x2
> Oct 19 17:10:01 tanzplatz charon: 12[IKE] establishing CHILD_SA
> tanzplatz-h3x2
> Oct 19 17:10:01 tanzplatz charon: 12[ENC] generating CREATE_CHILD_SA
> request 3 [ SA No TSi TSr ]
> Oct 19 17:10:01 tanzplatz charon: 12[NET] sending packet: from
> 10.0.0.252[4500] to 88.198.14.125[4500]
> Oct 19 17:10:01 tanzplatz charon: 10[NET] received packet: from
> 88.198.14.125[4500] to 10.0.0.252[4500]
> Oct 19 17:10:01 tanzplatz charon: 10[ENC] parsed CREATE_CHILD_SA
> response 3 [ SA No TSi TSr ]
> Oct 19 17:10:01 tanzplatz charon: 10[IKE] CHILD_SA tanzplatz-h3x2{3}
> established with SPIs c8fcffcc_i cde77e67_o and TS 10.0.0.0/24 ===
> 10.1.0.0/24 172.16.8.0/24
> Oct 19 17:10:01 tanzplatz charon: 10[IKE] CHILD_SA tanzplatz-h3x2{3}
> established with SPIs c8fcffcc_i cde77e67_o and TS 10.0.0.0/24 ===
> 10.1.0.0/24 172.16.8.0/24
> Oct 19 17:10:32 tanzplatz charon: 05[IKE] sending keep alive
> Oct 19 17:10:32 tanzplatz charon: 05[NET] sending packet: from
> 10.0.0.252[4500] to 88.198.14.125[4500]
> Oct 19 17:10:52 tanzplatz charon: 09[IKE] sending keep alive
> Oct 19 17:10:52 tanzplatz charon: 09[NET] sending packet: from
> 10.0.0.252[4500] to 88.198.14.125[4500]
> Oct 19 17:11:12 tanzplatz charon: 16[IKE] sending keep alive
> Oct 19 17:11:12 tanzplatz charon: 16[NET] sending packet: from
> 10.0.0.252[4500] to 88.198.14.125[4500]
> Oct 19 17:12:13 tanzplatz charon: 15[IKE] sending keep alive
> Oct 19 17:12:13 tanzplatz charon: 15[NET] sending packet: from
> 10.0.0.252[4500] to 88.198.14.125[4500]
> Oct 19 17:12:47 tanzplatz charon: 08[IKE] sending keep alive
> Oct 19 17:12:47 tanzplatz charon: 08[NET] sending packet: from
> 10.0.0.252[4500] to 88.198.14.125[4500]
>
> I hope someone has a fix for this.
>
> KInd Regards,
> Matthias
>
> *Matthias Läßig* | certified it security specialist
> fon: +49.89.4209548370 | fax: +49.89.4209548379 | mobile: +49.162.2470635
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
--
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list