[strongSwan] Problems with IKEv1 Dead-Peer-Detection in 5.0.1

Dmitry Korzhevin dmitry.korzhevin at stidia.com
Wed Oct 24 15:00:58 CEST 2012 


24.10.2012 15:51, Martin Willi пишет:
>
>> Please, look at server log, i can't paste it because it verbose (4.5M):
>
> Please use the standard loglevels to debug in a first step. They are
> usually sufficient, but way easier to review.

Ok, thank you for advice.

>
>> This user DPD problem start at 13:35 (1 hour difference between server
>> log and client log)
>
>  From what I can see, strongSwan does not have a Main Mode anymore for
> these DPDs. It tried to rekey the quick mode around 13:32, but the
> client did not respond. Hence it closed the SA.


So, this is client problem? Because on client side log i see:

24/10/12 14:35:24,383 racoon[1619]: IKE Packet: transmit success. 
(Information message).
24/10/12 14:35:24,383 racoon[1619]: IKEv1 Information-Notice: transmit 
success. (R-U-THERE?).
24/10/12 14:35:24,384 racoon[1619]: IKEv1 Dead-Peer-Detection: request 
transmitted. (Initiator DPD Request).
24/10/12 14:35:25,682 racoon[1619]: IPSec Phase2 started (Initiated by me).
24/10/12 14:35:25,683 racoon[1619]: IKE Packet: transmit success. 
(Initiator, Quick-Mode message 1).
24/10/12 14:35:28,693 racoon[1619]: IKE Packet: transmit success. 
(Phase2 Retransmit).
24/10/12 14:35:29,695 racoon[1619]: IKE Packet: transmit success. 
(Information message).
24/10/12 14:35:29,695 racoon[1619]: IKEv1 Information-Notice: transmit 
success. (R-U-THERE?).
24/10/12 14:35:29,695 racoon[1619]: IKEv1 Dead-Peer-Detection: request 
retransmitted. (Initiator DPD Request).
24/10/12 14:35:31,696 racoon[1619]: IKE Packet: transmit success. 
(Phase2 Retransmit).
24/10/12 14:35:34,699 racoon[1619]: IKE Packet: transmit success. 
(Information message).
24/10/12 14:35:34,699 racoon[1619]: IKEv1 Information-Notice: transmit 
success. (R-U-THERE?).

Racoon problem?

>
> Regards
> Martin
>

Best Regards,
Dmitry

---
Dmitry KORZHEVIN
System Administrator
STIDIA S.A. - Luxembourg

e: dmitry.korzhevin at stidia.com
m: +38 093 874 5453
w: http://www.stidia.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4488 bytes
Desc: ���������������������������������� �������������� S/MIME
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121024/23974f12/attachment.bin>

More information about the Users mailing list