[strongSwan] ipsec status hangs if the peer is not responding

Joern Mewes joern.mewes at gmx.net
Sun Jun 16 14:42:48 CEST 2013


Hi all,

My problem looks similar to the one already reported in https://lists.strongswan.org/pipermail/users/2012-May/007590.html, thus I are wondering if there is already a solution I am currently not aware of.

I am using strongswan 5.0.3 on Ubuntu 12.0.4 to simulate hundreds of VPNs to test our central security gateways. Each of my test-systems simulates multiple VPNs toward the same gateway, separated by different left, leftsubnet, and rightsubnet parameters. Please find an example config attached to this email. The connection entries are getting started and monitored by an external script.

The setup as such is working fine, however I noticed that the command “ipsec status” I am using to monitor the vpns hangs, if the connection entries are getting started and the peer is not responding for whatever reason. The charon log does not indicate any problem; it is just showing the retransmissions which are somehow expected as the peer is not available.

Once the gateway is back and starts responding the requests “ipsec status” resumes and shows the expected output.

Any idea what I can do to avoid this hanging commands?

Thanks for your help and have a nice day.

Best regards,
Joern
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec.conf
Type: application/octet-stream
Size: 2969 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130616/cf49db83/attachment.obj>


More information about the Users mailing list