[strongSwan] Problems with IKEv1 Dead-Peer-Detection in 5.0.1

Dmitry Korzhevin dmitry.korzhevin at stidia.com
Wed Oct 24 14:26:27 CEST 2012 

I use next server side config:

/etc/ipsec.conf :

# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup
         uniqueids=never

conn macos
         authby=xauthpsk
         xauth=server
         left=176.9.1.119
         leftsubnet=0.0.0.0/0
         leftfirewall=yes
         right=%any
         rightsubnet=0.0.0.0/0
         rightsourceip=10.2.0.0/24
         auto=add


/etc/strongswan.conf

https://gist.github.com/3945801


24.10.2012 15:21, Dmitry Korzhevin пишет:
> Hello Martin
>
> Please, look at server log, i can't paste it because it verbose (4.5M):
>
> http://madsanity.kiev.ua/files/charon.log
>
> Look at ip: 89.252.56.204
>
> This user DPD problem start at 13:35 (1 hour difference between server
> log and client log)
>
> Client side log:
>
> https://gist.github.com/3945759
>
> I use Debian and strongSwan 5.0.1 on server side. I will provide any
> needed info to help detect source of this problem.
>
>
>
>
> 24.10.2012 11:34, Martin Willi пишет:
>> Hi,
>>
>>> IKEv1 Information-Notice: transmit success. (R-U-THERE?).
>>> IKEv1 Information-Notice: transmit success. (R-U-THERE?).
>>> IKEv1 Dead-Peer-Detection: maximum retransmits. (DPD maximum
>>> retransmits).
>>> IPSec Controller: IKE FAILED. phase 6, assert 0
>>
>> racoon sends DPD requests, but strongSwan does not seem to answer them.
>> What is the log output on strongSwan? Does it receive the DPD messages?
>>
>> Regards
>> Martin
>>
>
> Best Regards,
> Dmitry
>
> ---
> Dmitry KORZHEVIN
> System Administrator
> STIDIA S.A. - Luxembourg
>
> e: dmitry.korzhevin at stidia.com
> m: +38 093 874 5453
> w: http://www.stidia.com
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>

Best Regards,
Dmitry

---
Dmitry KORZHEVIN
System Administrator
STIDIA S.A. - Luxembourg

e: dmitry.korzhevin at stidia.com
m: +38 093 874 5453
w: http://www.stidia.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4488 bytes
Desc: ���������������������������������� �������������� S/MIME
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121024/10baa1f0/attachment.bin>

More information about the Users mailing list