[strongSwan] how to force re-try if received NO_PROPOSAL_CHOSEN notify error

gowrishankar gowrishankar.m at linux.vnet.ibm.com
Thu Jul 5 19:28:20 CEST 2012 

On Thursday 05 July 2012 09:40 PM, Shukla, Sanjay wrote:
>
> I have a host to host configuration
>
> The initiator  tried to create a tunnel to the peer, however a 
> corresponding configuration was not found. Later on the peer updated 
> its configuration and ipsec was restarted on the peer.
>
> However for my requirement I need the initiator to keep trying but it 
> does not re-try if it receives  if received NO_PROPOSAL_CHOSEN notify 
> error for that connection.
>
> Are there any setting I can do for this.
>
> Initiator config.
>
> conn LocalIP_VIP_10.204.74.68
>
>                 left=10.204.74.189
>
>                 leftcert=ServLcl.pem
>
>                 leftsendcert=yes
>
>                 right=10.204.74.68
>
>                 rightid=%any
>
>                 keyexchange=ikev2
>
>                 type=transport
>
>                 reauth=no
>

Not very sure what could happened in initiator side. Can you enable 
verbose level 4
for charon.log and see what happens after ipsec is reastarted in peer.

http://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration


>                 dpddelay=5s
>
>                 dpdaction=restart
>
>                 closeaction=restart
>
Hope, ipsec is restarted with in /dpdtimeout /.

Regards,
Gowri Shankar
//
>
>                 keyingtries=%forever
>
>                 auto=start
>
> -sanjay
>
> //Please consider the environment before printing this email.//
>
>
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> DISCLAIMER: This e-mail may contain information that is confidential, 
> privileged or otherwise protected from disclosure. If you are not an 
> intended recipient of this e-mail, do not duplicate or redistribute it 
> by any means. Please delete it and any attachments and notify the 
> sender that you have received it in error. Unintended recipients are 
> prohibited from taking action on the basis of information in this 
> e-mail.E-mail messages may contain computer viruses or other defects, 
> may not be accurately replicated on other systems, or may be 
> intercepted, deleted or interfered with without the knowledge of the 
> sender or the intended recipient. If you are not comfortable with the 
> risks associated with e-mail messages, you may decide not to use 
> e-mail to communicate with IPC. IPC reserves the right, to the extent 
> and under circumstances permitted by applicable law, to retain, 
> monitor and intercept e-mail messages to and from its systems.
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120705/95db4f47/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1268 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120705/95db4f47/attachment.jpe>

More information about the Users mailing list