[strongSwan] VPN connection issue on changing port speed to 10 Mbps (from 1000 Mbps)
Andreas Steffen
andreas.steffen at strongswan.org
Thu Jul 28 20:29:24 CEST 2011
Hello Vinay,
from the logs I see that strongSwan is trying to re-establish
the connection using the IKEv2 MOBIKE protocol after the interface
disappears and reappears but MOBIKE seems to fail. Could you either
disable MOBIKE (mobike=no) or upgrade to strongSwan 4.5.2 which has
a much improved MOBIKE behaviour?
Regards
Andreas
On 28.07.2011 19:56, Vinay Kalkoti wrote:
> When I restart the network service, I see the following message. eth2
> interface speed is set to 10 Mbps and is causing the network problem.
> I couldn't make much from the logs.
>
> 11[IKE] checking path 10.xx.xx.197[4500] - 128.221.252.65[4500]
> 11[NET] sending packet: from 10.xx.xx.197[4500] to 128.221.252.65[4500]
> 11[IKE] checking path 128.221.252.2[4500] - 128.221.252.2[4500]
> 11[NET] sending packet: from 128.221.252.2[4500] to 128.221.252.2[4500]
> 11[IKE] checking path 10.xx.xx.197[4500] - 10.xx.xx.207[4500]
> 11[NET] sending packet: from 10.xx.xx.197[4500] to 10.xx.xx.207[4500]
> 12[NET] received packet: from 10.xx.xx.207[4500] to 10.xx.xx.197[4500]
> 12[ENC] parsed INFORMATIONAL response 5 [ ]
> 05[KNL] fe80::215:17ff:xxxx:4409 appeared on eth2
> 05[KNL] 128.221.253.33 disappeared from eth0
> 05[KNL] fe80::215:17ff:xxxx:558a disappeared from eth0
> 05[KNL] interface eth0 deactivated
> 05[KNL] 128.221.252.2 disappeared from eth1
> 05[KNL] interface eth1 deactivated
> 05[KNL] 128.221.252.33 disappeared from eth2
> 05[KNL] fe80::215:17ff:fecc:4409 disappeared from eth2
> 05[KNL] interface eth2 deactivated
> 05[KNL] 10.xx.xx.197 disappeared from eth3
> 05[KNL] fe80::215:17ff:fecc:4408 disappeared from eth3
> 05[KNL] interface eth3 deactivated
> 13[IKE] requesting address change using MOBIKE
> 13[ENC] generating INFORMATIONAL request 6 [ N(NO_ADD_ADDR) ]
> 13[IKE] checking path 10.xx.xx.197[4500] - 10.xx.xx.207[4500]
> 13[NET] sending packet: from 10.xx.xx.197[4500] to 10.xx.xx.207[4500]
> 06[NET] error writing to socket: Invalid argument
> 14[IKE] requesting address change using MOBIKE
> 15[IKE] requesting address change using MOBIKE
> 05[KNL] interface eth0 activated
> 05[KNL] 128.221.253.33 appeared on eth0
> 16[IKE] requesting address change using MOBIKE
> 05[KNL] interface eth1 activated
> 05[KNL] 128.221.252.2 appeared on eth1
> 17[IKE] requesting address change using MOBIKE
> 05[KNL] interface eth2 activated
> 05[KNL] 128.221.252.33 appeared on eth2
> 08[IKE] requesting address change using MOBIKE
> 05[KNL] interface eth3 activated
> 05[KNL] 10.xx.xx.197 appeared on eth3
> 11[IKE] path probing attempt 1
> 11[IKE] checking path 10.xx.xx.197[4500] - 128.221.253.65[4500]
> 11[NET] sending packet: from 10.xx.xx.197[4500] to 128.221.253.65[4500]
> 11[IKE] checking path 10.xx.xx.197[4500] - 128.221.252.65[4500]
> 11[NET] sending packet: from 10.xx.xx.197[4500] to 128.221.252.65[4500]
> 11[IKE] checking path 128.221.252.2[4500] - 128.221.252.2[4500]
> 11[NET] sending packet: from 128.221.252.2[4500] to 128.221.252.2[4500]
> 11[IKE] checking path 10.xx.xx.197[4500] - 10.xx.xx.207[4500]
> 11[NET] sending packet: from 10.xx.xx.197[4500] to 10.xx.xx.207[4500]
> 12[NET] received packet: from 10.xx.xx.207[4500] to 10.xx.xx.197[4500]
> 12[ENC] parsed INFORMATIONAL response 6 [ ]
> 12[ENC] generating INFORMATIONAL request 7 [ N(ADD_4_ADDR)
> N(ADD_4_ADDR) N(ADD_4_ADDR) ]
> 12[IKE] checking path 10.xx.xx.197[4500] - 128.221.253.65[4500]
> 12[NET] sending packet: from 10.xx.xx.197[4500] to 128.221.253.65[4500]
> 12[IKE] checking path 10.xx.xx.197[4500] - 128.221.252.65[4500]
> 12[NET] sending packet: from 10.xx.xx.197[4500] to 128.221.252.65[4500]
> 12[IKE] checking path 128.221.252.2[4500] - 128.221.252.2[4500]
> 12[NET] sending packet: from 128.221.252.2[4500] to 128.221.252.2[4500]
> 12[IKE] checking path 10.xx.xx.197[4500] - 10.xx.xx.207[4500]
> 12[NET] sending packet: from 10.xx.xx.197[4500] to 10.xx.xx.207[4500]
> 14[NET] received packet: from 10.xx.xx.207[4500] to 10.xx.xx.197[4500]
> 14[ENC] parsed INFORMATIONAL response 7 [ ]
> 05[KNL] fe80::215:17ff:fecc:4408 appeared on eth3
> 05[KNL] fe80::215:17ff:fec9:558a appeared on eth0
> 05[KNL] fe80::215:17ff:fecc:4409 appeared on eth2
> 05[KNL] 128.221.253.33 disappeared from eth0
> 05[KNL] fe80::215:17ff:fec9:558a disappeared from eth0
> 05[KNL] interface eth0 deactivated
> 05[KNL] 128.221.252.2 disappeared from eth1
> 05[KNL] interface eth1 deactivated
> 05[KNL] 128.221.252.33 disappeared from eth2
> 05[KNL] fe80::215:17ff:fecc:4409 disappeared from eth2
> 05[KNL] interface eth2 deactivated
> 05[KNL] 10.xx.xx.197 disappeared from eth3
> 05[KNL] fe80::215:17ff:fecc:4408 disappeared from eth3
> 05[KNL] interface eth3 deactivated
> 16[IKE] requesting address change using MOBIKE
> 16[ENC] generating INFORMATIONAL request 8 [ N(NO_ADD_ADDR) ]
> 16[IKE] checking path 10.xx.xx.197[4500]
>
>
>
>
> On Thu, Jul 28, 2011 at 10:55 PM, Andreas Steffen
> <andreas.steffen at strongswan.org> wrote:
>> Hello Vinay,
>>
>> I'm not aware of any known bug. Does the interface go away
>> during the speed change? Does the strongSwan log show any
>> warnings that the interface disappeared and reappeared?
>>
>> BTW - strongSwan 4.2.17 is very ancient.
>>
>> Regards
>>
>> Andreas
>>
>> On 28.07.2011 19:20, Vinay Kalkoti wrote:
>>> Hi,
>>>
>>> I am facing a problem with my VPN connection. When the port speed is
>>> changed from 1000 Mbps to 10 Mbps, the remote systems connected
>>> through VPN are not pinging.
>>>
>>> But, if the VPN is restarted, then ping succeeds. I am using
>>> strongswan-4.2.17-1.
>>>
>>> I wanted to check if this is an expected behavior or is a bug (known)
>>> in strongswan.
>>>
>>> Thanks,
>>> Vinay
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list