[strongSwan] aborting connections since upgrading to 4.5.0

Christoph Anton Mitterer calestyo at scientia.net
Sat Jan 29 16:32:27 CET 2011


Hey..

Any more ideas with respect to this issue?
strongswan is pretty much unusable this way (for me)...

Cheers,
Chris.

On Sun, 2011-01-23 at 21:24 +0100, Andreas Steffen wrote:
> Hello Christoph,
> 
> the only difference I'm seeing is that the peer side initiates the
> IKE_SA rekeying:
> 
> 01/22/11 18:02:10 05[IKE] <1> 84.16.235.61 is initiating an IKE_SA
> 
> but apparently the old IKE_SA is not that there are now two SAs.
> I don't know to which IKE_SA the existing CHILD_SA is now attached
> but Martin should know.
> 
> Regards
> 
> Andreas
> 
> On 23.01.2011 17:59, Christoph Anton Mitterer wrote:
> > Hi
> > 
> > I have two servers (with static IP and static connection), that have set
> > up an IPsec tunnel between them using charon.
> > 
> > Always one server initiates the connection (auto=start) and the other
> > one adds it only (auto=add).
> > dpdaction is also restart on the first one, and rekey=yes and reauth=no
> > (as of the - still unsolved? - bug I've reported here
> > https://lists.strongswan.org/pipermail/users/2010-October/005343.html)
> > 
> > All this happens on Debian sid.
> > 
> > 
> > Since I've upgraded to 4.5.0 (from 4.4.1) I now have the problem that
> > after some time (below a day), the connection aborts and is not
> > correctly restarted.
> > (I've attached some log messages.)
> > 
> > When I do an ipsec restart, than the connection is created again
> > correctly.
> > 
> > 
> > Any ideas? (If you need further data, please ask.)
> > 
> > 
> > Thanks,
> > Chris.
> 
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5677 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110129/b628cb4d/attachment.bin>


More information about the Users mailing list