[strongSwan] Problems with StrongSwan 5.x and Cisco
Ali Masoudi
masoudi1983 at gmail.com
Sun Dec 1 06:53:16 CET 2013
Hi
If you can post your logs here, that will be helpful.
Best wishes
Ali
On Sun, Dec 1, 2013 at 12:37 AM, Matus Straka <straka at ischemaview.com>wrote:
>
>
> Dear all,
>
>
>
> I would like to ask for help/advice with StrongSWAN and Cisco VPN Devices:
>
>
>
> We have had a setup with Centos 6.4 64bit Linux and Strongswan 4.6.4,
> other sites have Cisco gateways. I was able to configure the VPN tunnels
> just fine, using the examples on internet and parameters/PSK provided by
> our partners.
>
> The setup worked fine for many months, with some occasional glitches
> (freezing of a tunnel).
>
>
>
> Today, I tried to upgrade to StrongSWAN 5.0.4 (packaged in Centos 6.4
> repositories), and ended up with non-functioning system as described below.
> I tried then to upgrade to StrongSWAN 5.1.1 built from source, with the
> same results.
>
> In the end, I downgraded back to StrongSWAN 4.6.4. and the setup works
> again.
>
>
>
> *Our problems:*
>
> *With StrongSWAN 5.0.4 and 5.1.1, upon (re)starting the StrongSwan daemon,
> the creation of the tunnels stops at a certain point, and “ipsec statusall”
> says: “Tasks queued: QUICK_MODE” and it never gets past that point. The log
> files then indicate that after 5 unsuccessful attempts the tunnel creation
> is stopped. *With 4.6.4 it works without any issues.
>
>
>
> To the extent of my knowledge and expertise I tried to change/modify the
> parameters in the ipsec.conf file, and reviewed the log files available
> (pluto.log and charon.log), without any success.
>
>
>
> As my attempt to find any relevant information on internet failed (similar
> issues, configuration changes), I would like to kindly ask for help and
> assistance.
>
> As the problem is straightly present for all 6 our remote sites, I suspect
> it is related to our side/configuration, and not to the other side (likely
> using different Cisco devices).
>
>
>
> We will be thankful for any information.
>
> Best regards,
>
>
> ------------------------------
>
> *Matus Straka, PhD*
>
> *iSchemaView*
>
>
>
> E-Mail: mailto:straka at ischemaview.com <straka at ischemaview.com>
>
> iSchemaView, Inc., 323 Olmsted Rd, Stanford, CA 94305, USA
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131201/7bfc82e7/attachment.html>
More information about the Users
mailing list