[strongSwan] reauthentication errors in log
Arun G Nair
arungnair at gmail.com
Wed Oct 24 10:38:28 CEST 2012
Hello,
I see errors like "unable to reauthenticate IKE_SA, no CHILD_SA to
recreate" and "initiator did not reauthenticate as requested" in the
log. I've attached the log and the ipsec.conf to this mail. The peer
has the same timeout values configured. Peer is a Fortinet device. I
talked to ecdsa on the IRC channel and he mentioned something about
the strongswan letting a previous IKE SA time out after creating a new
one.
He also suggested that I set uniqueness=never after getting "deleting
duplicate IKE_SA for peer 'xx.xx.xx.13' due to uniqueness policy"
error and tunnel going down. Since then tunnel has not gone down but I
see the above mentioned errors/warnings in the logs.
Can someone help me understand what's going on and if there's anything
that I need to change in my config.
Thanks,
Arun G Nair
--
::: Keep Smiling :::
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec.conf
Type: application/octet-stream
Size: 623 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121024/952df5fb/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: log
Type: application/octet-stream
Size: 23591 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121024/952df5fb/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: status
Type: application/octet-stream
Size: 1752 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121024/952df5fb/attachment-0002.obj>
More information about the Users
mailing list