[strongSwan] Dynamic client hangs up randomly.

[Gary Smith]

I use the work randomly, but I think it was around midnight this time. It happened other times during the day last week.

This is my home office that had connections to all 3 segments of the 3 segment ipsec cloud. The cloud itself is working flawlessly now (after migrating the final openswan to strongSwan). On the home office when I do an ipsec start, the tunnels come up just fine. At some point they can no longer talk to the 3 segment vpn servers and it just stops. I'm not sure why. Last night it appared to happen at around midnight, so I thought I'd look at that as a possible trigger. The home office is on a dynamic IP which hasn't changed in several months (since I logged it last -- maybe a year+).

Here is the dump from the log file where it actually dies:

Mar  2 00:03:20 charon: 03[KNL] creating rekey job for ESP CHILD_SA with SPI ca7282eb and reqid {5}
Mar  2 00:03:20 charon: 06[IKE] establishing CHILD_SA fre-ben{5}
Mar  2 00:03:20 charon: 06[IKE] establishing CHILD_SA fre-ben{5}
Mar  2 00:03:20 charon: 06[ENC] generating CREATE_CHILD_SA request 4 [ N(REKEY_SA) SA No TSi TSr ]
... First sending/retrans happens right after rekey 00:03:20
Mar  2 00:04:49 hsbenfiw01 charon: 13[IKE] retransmit 5 of request with message ID 4
Mar  2 00:04:49 hsbenfiw01 charon: 13[NET] sending packet: from HOMEOFFICE[500] to REMOTENETWORK[500]
Mar  2 00:06:05 charon: 03[KNL] creating delete job for ESP CHILD_SA with SPI ccdb20b0 and reqid {5}
Mar  2 00:06:05 charon: 12[IKE] giving up after 5 retransmits
Mar  2 00:06:05 vpn: - ...
Mar  2 00:06:05 charon: 12[KNL] received netlink error: No such process (3)
Mar  2 00:06:05 charon: 12[KNL] unable to delete SAD entry with SPI ccdb20b0

What's my best course at this time?

Gary Smith