[strongSwan] aborting connections since upgrading to 4.5.0

Andreas Steffen andreas.steffen at strongswan.org
Sun Jan 23 21:24:32 CET 2011

Hello Christoph,

the only difference I'm seeing is that the peer side initiates the
IKE_SA rekeying:

01/22/11 18:02:10 05[IKE] <1> is initiating an IKE_SA

but apparently the old IKE_SA is not that there are now two SAs.
I don't know to which IKE_SA the existing CHILD_SA is now attached
but Martin should know.



On 23.01.2011 17:59, Christoph Anton Mitterer wrote:
> Hi
> I have two servers (with static IP and static connection), that have set
> up an IPsec tunnel between them using charon.
> Always one server initiates the connection (auto=start) and the other
> one adds it only (auto=add).
> dpdaction is also restart on the first one, and rekey=yes and reauth=no
> (as of the - still unsolved? - bug I've reported here
> https://lists.strongswan.org/pipermail/users/2010-October/005343.html)
> All this happens on Debian sid.
> Since I've upgraded to 4.5.0 (from 4.4.1) I now have the problem that
> after some time (below a day), the connection aborts and is not
> correctly restarted.
> (I've attached some log messages.)
> When I do an ipsec restart, than the connection is created again
> correctly.
> Any ideas? (If you need further data, please ask.)
> Thanks,
> Chris.

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list