[strongSwan] aborting connections since upgrading to 4.5.0

Christoph Anton Mitterer calestyo at scientia.net
Sun Jan 23 17:59:13 CET 2011


Hi

I have two servers (with static IP and static connection), that have set
up an IPsec tunnel between them using charon.

Always one server initiates the connection (auto=start) and the other
one adds it only (auto=add).
dpdaction is also restart on the first one, and rekey=yes and reauth=no
(as of the - still unsolved? - bug I've reported here
https://lists.strongswan.org/pipermail/users/2010-October/005343.html)

All this happens on Debian sid.


Since I've upgraded to 4.5.0 (from 4.4.1) I now have the problem that
after some time (below a day), the connection aborts and is not
correctly restarted.
(I've attached some log messages.)

When I do an ipsec restart, than the connection is created again
correctly.


Any ideas? (If you need further data, please ask.)


Thanks,
Chris.
-------------- next part --------------
01/22/11 12:34:33 12[IKE] <hostB.com|1> initiating IKE_SA hostB.com[1] to 77.37.6.134
01/22/11 12:34:33 02[IKE] <hostB.com|1> establishing CHILD_SA hostB.com
01/22/11 12:34:33 01[IKE] <hostB.com|1> IKE_SA hostB.com[1] established between 84.16.235.61[CN=hostA.com]...77.37.6.134[CN=hostB.com]
01/22/11 12:34:33 01[IKE] <hostB.com|1> CHILD_SA hostB.com{1} established with SPIs c4943f7a_i c662ccea_o and TS 84.16.235.61/32 === 77.37.6.134/32
01/22/11 13:16:06 15[IKE] <hostB.com|1> CHILD_SA hostB.com{1} established with SPIs c5263099_i cbe2ebc7_o and TS 84.16.235.61/32 === 77.37.6.134/32
01/22/11 13:16:07 03[IKE] <hostB.com|1> closing CHILD_SA hostB.com{1} with SPIs c4943f7a_i (142233 bytes) c662ccea_o (304909 bytes) and TS 84.16.235.61/32 === 77.37.6.134/32
01/22/11 13:57:47 01[IKE] <hostB.com|1> CHILD_SA hostB.com{1} established with SPIs c0433e9a_i c3e5105d_o and TS 84.16.235.61/32 === 77.37.6.134/32
01/22/11 13:57:47 13[IKE] <hostB.com|1> closing CHILD_SA hostB.com{1} with SPIs c5263099_i (31312 bytes) cbe2ebc7_o (38617 bytes) and TS 84.16.235.61/32 === 77.37.6.134/32
01/22/11 14:38:56 12[IKE] <hostB.com|1> establishing CHILD_SA hostB.com{1}
01/22/11 14:38:56 02[IKE] <hostB.com|1> CHILD_SA hostB.com{1} established with SPIs c666a3ee_i cb387c3d_o and TS 84.16.235.61/32 === 77.37.6.134/32
01/22/11 14:38:56 02[IKE] <hostB.com|1> closing CHILD_SA hostB.com{1} with SPIs c0433e9a_i (32709 bytes) c3e5105d_o (44915 bytes) and TS 84.16.235.61/32 === 77.37.6.134/32
01/22/11 15:17:47 15[IKE] <hostB.com|1> 77.37.6.134 is initiating an IKE_SA
01/22/11 15:17:47 15[IKE] <hostB.com|1> IKE_SA hostB.com[2] established between 84.16.235.61[CN=hostA.com]...77.37.6.134[CN=hostB.com]
01/22/11 15:17:47 03[IKE] <hostB.com|1> deleting IKE_SA hostB.com[1] between 84.16.235.61[CN=hostA.com]...77.37.6.134[CN=hostB.com]
01/22/11 15:17:47 03[IKE] <hostB.com|1> IKE_SA deleted
01/22/11 15:21:36 02[IKE] <hostB.com|2> establishing CHILD_SA hostB.com{1}
01/22/11 15:21:36 01[IKE] <hostB.com|2> CHILD_SA hostB.com{1} established with SPIs ce4d00d2_i caf57b71_o and TS 84.16.235.61/32 === 77.37.6.134/32
01/22/11 15:21:36 01[IKE] <hostB.com|2> closing CHILD_SA hostB.com{1} with SPIs c666a3ee_i (33661 bytes) cb387c3d_o (43627 bytes) and TS 84.16.235.61/32 === 77.37.6.134/32
01/22/11 16:04:05 14[IKE] <hostB.com|2> establishing CHILD_SA hostB.com{1}
01/22/11 16:04:05 15[IKE] <hostB.com|2> CHILD_SA hostB.com{1} established with SPIs cd00e56c_i c703f0e3_o and TS 84.16.235.61/32 === 77.37.6.134/32
01/22/11 16:04:05 15[IKE] <hostB.com|2> closing CHILD_SA hostB.com{1} with SPIs ce4d00d2_i (32021 bytes) caf57b71_o (40251 bytes) and TS 84.16.235.61/32 === 77.37.6.134/32
01/22/11 16:44:29 14[IKE] <hostB.com|2> CHILD_SA hostB.com{1} established with SPIs c97c349a_i c0ae3944_o and TS 84.16.235.61/32 === 77.37.6.134/32
01/22/11 16:44:29 15[IKE] <hostB.com|2> closing CHILD_SA hostB.com{1} with SPIs cd00e56c_i (32233 bytes) c703f0e3_o (41475 bytes) and TS 84.16.235.61/32 === 77.37.6.134/32













01/22/11 13:16:30 15[IKE] <hostA.com|2> CHILD_SA hostA.com{2} established with SPIs cbe2ebc7_i c5263099_o and TS 77.37.6.134/32 === 84.16.235.61/32 
01/22/11 13:16:30 15[IKE] <hostA.com|2> closing CHILD_SA hostA.com{2} with SPIs c662ccea_i (304568 bytes) c4943f7a_o (142293 bytes) and TS 77.37.6.134/32 === 84.16.235.61/32 
01/22/11 13:58:10 01[IKE] <hostA.com|2> establishing CHILD_SA hostA.com{2} 
01/22/11 13:58:10 15[IKE] <hostA.com|2> CHILD_SA hostA.com{2} established with SPIs c3e5105d_i c0433e9a_o and TS 77.37.6.134/32 === 84.16.235.61/32 
01/22/11 13:58:10 15[IKE] <hostA.com|2> closing CHILD_SA hostA.com{2} with SPIs cbe2ebc7_i (38453 bytes) c5263099_o (31312 bytes) and TS 77.37.6.134/32 === 84.16.235.61/32 
01/22/11 14:39:19 11[IKE] <hostA.com|2> CHILD_SA hostA.com{2} established with SPIs cb387c3d_i c666a3ee_o and TS 77.37.6.134/32 === 84.16.235.61/32 
01/22/11 14:39:19 04[IKE] <hostA.com|2> closing CHILD_SA hostA.com{2} with SPIs c3e5105d_i (44915 bytes) c0433e9a_o (32709 bytes) and TS 77.37.6.134/32 === 84.16.235.61/32
01/22/11 15:18:10 02[IKE] <hostA.com|2> initiating IKE_SA hostA.com[3] to 84.16.235.61
01/22/11 15:18:10 01[IKE] <hostA.com|2> IKE_SA hostA.com[3] established between 77.37.6.134[CN=hostB.com]...84.16.235.61[CN=hostA.com]
01/22/11 15:18:10 01[IKE] <hostA.com|2> deleting IKE_SA hostA.com[2] between 77.37.6.134[CN=hostB.com]...84.16.235.61[CN=hostA.com]
01/22/11 15:18:10 15[IKE] <hostA.com|2> IKE_SA deleted
01/22/11 15:21:59 14[IKE] <hostA.com|3> CHILD_SA hostA.com{2} established with SPIs caf57b71_i ce4d00d2_o and TS 77.37.6.134/32 === 84.16.235.61/32 
01/22/11 15:21:59 03[IKE] <hostA.com|3> closing CHILD_SA hostA.com{2} with SPIs cb387c3d_i (43627 bytes) c666a3ee_o (33661 bytes) and TS 77.37.6.134/32 === 84.16.235.61/32  
01/22/11 16:04:28 03[IKE] <hostA.com|3> CHILD_SA hostA.com{2} established with SPIs c703f0e3_i cd00e56c_o and TS 77.37.6.134/32 === 84.16.235.61/32 
01/22/11 16:04:28 02[IKE] <hostA.com|3> closing CHILD_SA hostA.com{2} with SPIs caf57b71_i (40195 bytes) ce4d00d2_o (32021 bytes) and TS 77.37.6.134/32 === 84.16.235.61/32 
01/22/11 16:44:52 05[IKE] <hostA.com|3> establishing CHILD_SA hostA.com{2}
01/22/11 16:44:52 11[IKE] <hostA.com|3> CHILD_SA hostA.com{2} established with SPIs c0ae3944_i c97c349a_o and TS 77.37.6.134/32 === 84.16.235.61/32 
01/22/11 16:44:52 11[IKE] <hostA.com|3> closing CHILD_SA hostA.com{2} with SPIs c703f0e3_i (41475 bytes) cd00e56c_o (32233 bytes) and TS 77.37.6.134/32 === 84.16.235.61/32 
01/22/11 17:26:22 05[IKE] <hostA.com|3> establishing CHILD_SA hostA.com{2} 
01/22/11 17:26:22 11[IKE] <hostA.com|3> CHILD_SA hostA.com{2} established with SPIs c1d4e109_i c90748e6_o and TS 77.37.6.134/32 === 84.16.235.61/32 
01/22/11 17:26:22 11[IKE] <hostA.com|3> closing CHILD_SA hostA.com{2} with SPIs c0ae3944_i (36648 bytes) c97c349a_o (30404 bytes) and TS 77.37.6.134/32 === 84.16.235.61/32 
01/22/11 18:02:10 05[IKE] <1> 84.16.235.61 is initiating an IKE_SA
01/22/11 18:02:10 11[IKE] <hostA.com|1> IKE_SA hostA.com[1] established between 77.37.6.134[CN=hostB.com]...84.16.235.61[CN=hostA.com]

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5677 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110123/cc30b8b4/attachment.bin>


More information about the Users mailing list