[strongSwan] tunnel re-authentication.

Alexandre Chapellon a.chapellon at horoa.net
Mon Sep 12 15:14:08 CEST 2011 

Hello,

I have a little problem with my strongswan setup.
I originally used strongswan 4.4.1 with 2.6.32-5-xen kernel (from Debian).
For some reasons, totally unrelated to strongswan, I had to switch to 
kernel 3.0.3.
Since I did, the tunnel reauthentications fails...

the tunnel has  dpdaction set to 'restart'. And nothing but kernel 
changed (if I boot using old kernel tunnel is stable).

Is there a chance I forgot something while compiling kernel or do I have 
to use another version of strongswan with kernel 3.x?
Which one?

here are log snippets:
Sep 12 13:37:39 shire charon: 10[NET] sending packet: from 
172.17.2.200[4500] to 27.12.53.29[4500]
Sep 12 13:37:44 shire charon: 01[KNL] creating delete job for ESP 
CHILD_SA with SPI c4ea51ee and reqid {7}
Sep 12 13:37:44 shire charon: 01[KNL] creating delete job for ESP 
CHILD_SA with SPI c62c0a34 and reqid {7}
Sep 12 13:37:44 shire charon: 11[JOB] CHILD_SA with reqid 7 not found 
for delete
Sep 12 13:37:44 shire charon: 11[JOB] CHILD_SA with reqid 7 not found 
for delete
Sep 12 13:37:44 shire charon: 13[NET] received packet: from 
27.12.53.29[4500] to 172.17.2.200[4500]
Sep 12 13:37:44 shire charon: 13[ENC] parsed CREATE_CHILD_SA request 214 
[ N(REKEY_SA) SA No TSi TSr ]
Sep 12 13:37:44 shire charon: 13[IKE] unable to rekey, CHILD_SA not found
Sep 12 13:37:44 shire charon: 13[ENC] generating CREATE_CHILD_SA 
response 214 [ N(NO_PROP) ]
Sep 12 13:37:44 shire charon: 13[NET] sending packet: from 
172.17.2.200[4500] to 217.112.53.229[4500]
Sep 12 13:37:48 shire charon: 14[IKE] deleting IKE_SA horoalan2lan[1] 
between 172.17.2.200[shire]...217.112.53.229[domain.tld]
Sep 12 13:37:48 shire charon: 14[IKE] sending DELETE for IKE_SA 
horoalan2lan[1]
Sep 12 13:37:48 shire charon: 14[ENC] generating INFORMATIONAL request 2 
[ D ]
Sep 12 13:37:48 shire charon: 14[NET] sending packet: from 
172.17.2.200[4500] to 27.12.53.29[4500]
Sep 12 13:37:48 shire charon: 15[NET] received packet: from 
27.12.53.29[4500] to 172.17.2.200[4500]
Sep 12 13:37:48 shire charon: 15[ENC] parsed INFORMATIONAL response 2 [ ]
Sep 12 13:37:48 shire charon: 15[IKE] IKE_SA deleted
Sep 12 13:37:48 shire charon: 15[IKE] unable to reauthenticate IKE_SA, 
no CHILD_SA to recreate


Best regards.
-- 
<http://www.horoa.net>

Alexandre Chapellon

Ingénierie des systèmes open sources et réseaux.
Follow me on twitter: @alxgomz <http://www.twitter.com/alxgomz>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: a_chapellon.vcf
Type: text/x-vcard
Size: 373 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110912/4fc0d839/attachment.vcf>

More information about the Users mailing list