[strongSwan] Still a bit baffled by daily failures of rekey
Paul Theodoropoulos
paul at anastrophe.com
Fri May 31 20:59:10 CEST 2013
Setup/Config: Debian Squeeze, 64 bit, strongSwan 5.0.4 talking to Cisco
3925 on the other side. Here is my current configuration (to which I've
been doing various tweaks and adjustments over the weeks to try to gain
control of stability).
root at m50-aws-strongSwan: ~ # cat /usr/local/etc/ipsec.conf
config setup
uniqueids=yes
conn %default
ikelifetime=28800s
lifetime=7557s
margintime=2m
keyingtries=%forever
keyexchange=ikev1
ike=3des-sha1-modp1024!
esp=3des-sha1!
type=transport
dpdaction=restart
rightauth=psk
leftauth=psk
leftid=33.33.33.33
left=10.55.55.250
leftsubnet=10.55.55.0/24
leftfirewall=yes
lefthostaccess=yes
conn aws-mia
right=111.111.111.111
rightid=111.111.111.111
rightsubnet=10.238.0.0/15
auto=add
conn aws-cjr
right=222.222.222.222
rightid=222.222.222.222
rightsubnet=10.238.0.0/15
auto=ignore
(The cisco does not answer appropriately to our DPD requests, so
dpdaction automatically switches to disabled on startup)
The system will run for a day or so, successfully stepping through IKE
rekeys, as well as ESP CHILD_SA rekeys. Then, seemingly at random, an
ESP rekey will fail as follows (including some logging from 'good' state
before it begins failing):
May 31 07:55:22 m50-aws-strongSwan charon: 11[IKE] sending keep alive to
111.111.111.111[4500]
May 31 07:55:42 m50-aws-strongSwan charon: 13[IKE] sending keep alive to
111.111.111.111[4500]
May 31 07:56:22 m50-aws-strongSwan charon: 15[IKE] sending keep alive to
111.111.111.111[4500]
May 31 07:56:42 m50-aws-strongSwan charon: 16[IKE] sending keep alive to
111.111.111.111[4500]
May 31 07:57:01 m50-aws-strongSwan charon: 17[NET] received packet: from
111.111.111.111[4500] to 10.55.55.250[4500] (92 bytes)
May 31 07:57:01 m50-aws-strongSwan charon: 17[ENC] parsed
INFORMATIONAL_V1 request 3179819735 [ HASH N(DPD) ]
May 31 07:57:01 m50-aws-strongSwan charon: 17[ENC] generating
INFORMATIONAL_V1 request 1546506389 [ HASH N(DPD_ACK) ]
May 31 07:57:01 m50-aws-strongSwan charon: 17[NET] sending packet: from
10.55.55.250[4500] to 111.111.111.111[4500] (92 bytes)
May 31 07:57:22 m50-aws-strongSwan charon: 02[IKE] sending keep alive to
111.111.111.111[4500]
May 31 07:57:42 m50-aws-strongSwan charon: 19[IKE] sending keep alive to
111.111.111.111[4500]
May 31 07:58:22 m50-aws-strongSwan charon: 22[IKE] sending keep alive to
111.111.111.111[4500]
May 31 07:58:42 m50-aws-strongSwan charon: 21[IKE] sending keep alive to
111.111.111.111[4500]
May 31 07:59:02 m50-aws-strongSwan charon: 23[IKE] sending keep alive to
111.111.111.111[4500]
May 31 07:59:03 m50-aws-strongSwan charon: 24[NET] received packet: from
111.111.111.111[4500] to 10.55.55.250[4500] (92 bytes)
May 31 07:59:03 m50-aws-strongSwan charon: 24[ENC] parsed
INFORMATIONAL_V1 request 3429124245 [ HASH N(DPD) ]
May 31 07:59:03 m50-aws-strongSwan charon: 24[ENC] generating
INFORMATIONAL_V1 request 3609536683 [ HASH N(DPD_ACK) ]
May 31 07:59:03 m50-aws-strongSwan charon: 24[NET] sending packet: from
10.55.55.250[4500] to 111.111.111.111[4500] (92 bytes)
May 31 07:59:23 m50-aws-strongSwan charon: 26[IKE] sending keep alive to
111.111.111.111[4500]
May 31 07:59:43 m50-aws-strongSwan charon: 27[IKE] sending keep alive to
111.111.111.111[4500]
May 31 08:00:13 m50-aws-strongSwan charon: 05[KNL] creating rekey job
for ESP CHILD_SA with SPI b7123e4f and reqid {8}
May 31 08:00:13 m50-aws-strongSwan charon: 29[ENC] generating QUICK_MODE
request 3342525294 [ HASH SA No ID ID NAT-OA NAT-OA ]
May 31 08:00:13 m50-aws-strongSwan charon: 29[NET] sending packet: from
10.55.55.250[4500] to 111.111.111.111[4500] (196 bytes)
May 31 08:00:13 m50-aws-strongSwan charon: 32[NET] received packet: from
111.111.111.111[4500] to 10.55.55.250[4500] (84 bytes)
May 31 08:00:13 m50-aws-strongSwan charon: 32[ENC] parsed
INFORMATIONAL_V1 request 1088404155 [ HASH N(NO_PROP) ]
May 31 08:00:13 m50-aws-strongSwan charon: 32[IKE] received
NO_PROPOSAL_CHOSEN error notify
May 31 08:00:37 m50-aws-strongSwan charon: 01[IKE] sending keep alive to
111.111.111.111[4500]
May 31 08:00:57 m50-aws-strongSwan charon: 12[IKE] sending keep alive to
111.111.111.111[4500]
May 31 08:01:01 m50-aws-strongSwan charon: 11[NET] received packet: from
111.111.111.111[4500] to 10.55.55.250[4500] (92 bytes)
May 31 08:01:01 m50-aws-strongSwan charon: 11[ENC] parsed
INFORMATIONAL_V1 request 1115222760 [ HASH N(DPD) ]
May 31 08:01:01 m50-aws-strongSwan charon: 11[ENC] generating
INFORMATIONAL_V1 request 584931265 [ HASH N(DPD_ACK) ]
May 31 08:01:01 m50-aws-strongSwan charon: 11[NET] sending packet: from
10.55.55.250[4500] to 111.111.111.111[4500] (92 bytes)
May 31 08:01:22 m50-aws-strongSwan charon: 14[IKE] sending keep alive to
111.111.111.111[4500]
May 31 08:01:23 m50-aws-strongSwan charon: 05[KNL] creating rekey job
for ESP CHILD_SA with SPI c908682a and reqid {8}
May 31 08:01:42 m50-aws-strongSwan charon: 18[IKE] sending keep alive to
111.111.111.111[4500]
May 31 08:02:22 m50-aws-strongSwan charon: 19[IKE] sending keep alive to
111.111.111.111[4500]
May 31 08:02:42 m50-aws-strongSwan charon: 20[IKE] sending keep alive to
111.111.111.111[4500]
May 31 08:03:02 m50-aws-strongSwan charon: 22[NET] received packet: from
111.111.111.111[4500] to 10.55.55.250[4500] (92 bytes)
May 31 08:03:02 m50-aws-strongSwan charon: 22[ENC] parsed
INFORMATIONAL_V1 request 3826083630 [ HASH N(DPD) ]
May 31 08:03:02 m50-aws-strongSwan charon: 22[ENC] generating
INFORMATIONAL_V1 request 3152773781 [ HASH N(DPD_ACK) ]
May 31 08:03:02 m50-aws-strongSwan charon: 22[NET] sending packet: from
10.55.55.250[4500] to 111.111.111.111[4500] (92 bytes)
May 31 08:03:22 m50-aws-strongSwan charon: 23[IKE] sending keep alive to
111.111.111.111[4500]
May 31 08:03:42 m50-aws-strongSwan charon: 24[IKE] sending keep alive to
111.111.111.111[4500]
May 31 08:04:00 m50-aws-strongSwan charon: 05[KNL] creating delete job
for ESP CHILD_SA with SPI b7123e4f and reqid {8}
May 31 08:04:00 m50-aws-strongSwan charon: 05[KNL] creating delete job
for ESP CHILD_SA with SPI c908682a and reqid {8}
May 31 08:04:00 m50-aws-strongSwan charon: 25[IKE] closing expired
CHILD_SA aws-mia{8} with SPIs c908682a_i b7123e4f_o and TS 10.55.55.0/24
=== 10.238.0.0/15
May 31 08:04:00 m50-aws-strongSwan charon: 25[IKE] sending DELETE for
ESP CHILD_SA with SPI c908682a
May 31 08:04:00 m50-aws-strongSwan charon: 25[ENC] generating
INFORMATIONAL_V1 request 2852154893 [ HASH D ]
May 31 08:04:00 m50-aws-strongSwan charon: 25[NET] sending packet: from
10.55.55.250[4500] to 111.111.111.111[4500] (76 bytes)
May 31 08:04:00 m50-aws-strongSwan charon: 25[JOB] CHILD_SA with reqid 8
not found for delete
May 31 08:04:02 m50-aws-strongSwan charon: 28[NET] received packet: from
111.111.111.111[4500] to 10.55.55.250[4500] (428 bytes)
May 31 08:04:02 m50-aws-strongSwan charon: 28[ENC] parsed QUICK_MODE
request 2462387570 [ HASH SA No ID ID ]
May 31 08:04:02 m50-aws-strongSwan charon: 28[IKE] received 28800s
lifetime, configured 7557s
May 31 08:04:02 m50-aws-strongSwan charon: 28[IKE] received 4608000000
lifebytes, configured 0
May 31 08:04:02 m50-aws-strongSwan charon: 28[ENC] generating QUICK_MODE
response 2462387570 [ HASH SA No ID ID ]
May 31 08:04:02 m50-aws-strongSwan charon: 28[NET] sending packet: from
10.55.55.250[4500] to 111.111.111.111[4500] (188 bytes)
May 31 08:04:02 m50-aws-strongSwan charon: 29[NET] received packet: from
111.111.111.111[4500] to 10.55.55.250[4500] (84 bytes)
May 31 08:04:02 m50-aws-strongSwan charon: 29[ENC] parsed
INFORMATIONAL_V1 request 3047370345 [ HASH N(NO_PROP) ]
May 31 08:04:02 m50-aws-strongSwan charon: 29[IKE] received
NO_PROPOSAL_CHOSEN error notify
May 31 08:04:27 m50-aws-strongSwan charon: 31[IKE] sending keep alive to
111.111.111.111[4500]
May 31 08:04:32 m50-aws-strongSwan charon: 01[NET] received packet: from
111.111.111.111[4500] to 10.55.55.250[4500] (428 bytes)
May 31 08:04:32 m50-aws-strongSwan charon: 01[ENC] parsed QUICK_MODE
request 483109687 [ HASH SA No ID ID ]
May 31 08:04:32 m50-aws-strongSwan charon: 01[IKE] received 28800s
lifetime, configured 7557s
May 31 08:04:32 m50-aws-strongSwan charon: 01[IKE] received 4608000000
lifebytes, configured 0
May 31 08:04:32 m50-aws-strongSwan charon: 01[ENC] generating QUICK_MODE
response 483109687 [ HASH SA No ID ID ]
May 31 08:04:32 m50-aws-strongSwan charon: 01[NET] sending packet: from
10.55.55.250[4500] to 111.111.111.111[4500] (188 bytes)
May 31 08:04:32 m50-aws-strongSwan charon: 12[NET] received packet: from
111.111.111.111[4500] to 10.55.55.250[4500] (84 bytes)
May 31 08:04:32 m50-aws-strongSwan charon: 12[ENC] parsed
INFORMATIONAL_V1 request 2232717815 [ HASH N(NO_PROP) ]
May 31 08:04:32 m50-aws-strongSwan charon: 12[IKE] received
NO_PROPOSAL_CHOSEN error notify
May 31 08:04:57 m50-aws-strongSwan charon: 16[IKE] sending keep alive to
111.111.111.111[4500]
May 31 08:05:17 m50-aws-strongSwan charon: 17[IKE] sending keep alive to
111.111.111.111[4500]
May 31 08:05:37 m50-aws-strongSwan charon: 18[IKE] sending keep alive to
111.111.111.111[4500]
May 31 08:05:57 m50-aws-strongSwan charon: 02[IKE] sending keep alive to
111.111.111.111[4500]
May 31 08:06:01 m50-aws-strongSwan charon: 19[NET] received packet: from
111.111.111.111[4500] to 10.55.55.250[4500] (428 bytes)
May 31 08:06:01 m50-aws-strongSwan charon: 19[ENC] parsed QUICK_MODE
request 1317659073 [ HASH SA No ID ID ]
May 31 08:06:01 m50-aws-strongSwan charon: 19[IKE] received 28800s
lifetime, configured 7557s
May 31 08:06:01 m50-aws-strongSwan charon: 19[IKE] received 4608000000
lifebytes, configured 0
May 31 08:06:01 m50-aws-strongSwan charon: 19[ENC] generating QUICK_MODE
response 1317659073 [ HASH SA No ID ID ]
May 31 08:06:01 m50-aws-strongSwan charon: 19[NET] sending packet: from
10.55.55.250[4500] to 111.111.111.111[4500] (188 bytes)
May 31 08:06:01 m50-aws-strongSwan charon: 20[NET] received packet: from
111.111.111.111[4500] to 10.55.55.250[4500] (84 bytes)
May 31 08:06:01 m50-aws-strongSwan charon: 20[ENC] parsed
INFORMATIONAL_V1 request 1849798747 [ HASH N(NO_PROP) ]
May 31 08:06:01 m50-aws-strongSwan charon: 20[IKE] received
NO_PROPOSAL_CHOSEN error notify
May 31 08:06:25 m50-aws-strongSwan charon: 23[IKE] sending keep alive to
111.111.111.111[4500]
May 31 08:06:31 m50-aws-strongSwan charon: 24[NET] received packet: from
111.111.111.111[4500] to 10.55.55.250[4500] (428 bytes)
May 31 08:06:31 m50-aws-strongSwan charon: 24[ENC] parsed QUICK_MODE
request 2767516641 [ HASH SA No ID ID ]
May 31 08:06:31 m50-aws-strongSwan charon: 24[IKE] received 28800s
lifetime, configured 7557s
May 31 08:06:31 m50-aws-strongSwan charon: 24[IKE] received 4608000000
lifebytes, configured 0
May 31 08:06:31 m50-aws-strongSwan charon: 24[ENC] generating QUICK_MODE
response 2767516641 [ HASH SA No ID ID ]
May 31 08:06:31 m50-aws-strongSwan charon: 24[NET] sending packet: from
10.55.55.250[4500] to 111.111.111.111[4500] (188 bytes)
May 31 08:06:31 m50-aws-strongSwan charon: 25[NET] received packet: from
111.111.111.111[4500] to 10.55.55.250[4500] (84 bytes)
May 31 08:06:31 m50-aws-strongSwan charon: 25[ENC] parsed
INFORMATIONAL_V1 request 1820100041 [ HASH N(NO_PROP) ]
May 31 08:06:31 m50-aws-strongSwan charon: 25[IKE] received
NO_PROPOSAL_CHOSEN error notify
May 31 08:06:55 m50-aws-strongSwan charon: 32[IKE] sending keep alive to
111.111.111.111[4500]
May 31 08:07:02 m50-aws-strongSwan charon: 30[NET] received packet: from
111.111.111.111[4500] to 10.55.55.250[4500] (428 bytes)
May 31 08:07:02 m50-aws-strongSwan charon: 30[ENC] parsed QUICK_MODE
request 1428916151 [ HASH SA No ID ID ]
May 31 08:07:02 m50-aws-strongSwan charon: 30[IKE] received 28800s
lifetime, configured 7557s
May 31 08:07:02 m50-aws-strongSwan charon: 30[IKE] received 4608000000
lifebytes, configured 0
May 31 08:07:02 m50-aws-strongSwan charon: 30[ENC] generating QUICK_MODE
response 1428916151 [ HASH SA No ID ID ]
May 31 08:07:02 m50-aws-strongSwan charon: 30[NET] sending packet: from
10.55.55.250[4500] to 111.111.111.111[4500] (188 bytes)
May 31 08:07:02 m50-aws-strongSwan charon: 31[NET] received packet: from
111.111.111.111[4500] to 10.55.55.250[4500] (84 bytes)
May 31 08:07:02 m50-aws-strongSwan charon: 31[ENC] parsed
INFORMATIONAL_V1 request 78006912 [ HASH N(NO_PROP) ]
May 31 08:07:02 m50-aws-strongSwan charon: 31[IKE] received
NO_PROPOSAL_CHOSEN error notify
May 31 08:07:27 m50-aws-strongSwan charon: 13[IKE] sending keep alive to
111.111.111.111[4500]
May 31 08:07:32 m50-aws-strongSwan charon: 11[NET] received packet: from
111.111.111.111[4500] to 10.55.55.250[4500] (428 bytes)
May 31 08:07:32 m50-aws-strongSwan charon: 11[ENC] parsed QUICK_MODE
request 2963864971 [ HASH SA No ID ID ]
May 31 08:07:32 m50-aws-strongSwan charon: 11[IKE] received 28800s
lifetime, configured 7557s
May 31 08:07:32 m50-aws-strongSwan charon: 11[IKE] received 4608000000
lifebytes, configured 0
May 31 08:07:32 m50-aws-strongSwan charon: 11[ENC] generating QUICK_MODE
response 2963864971 [ HASH SA No ID ID ]
May 31 08:07:32 m50-aws-strongSwan charon: 11[NET] sending packet: from
10.55.55.250[4500] to 111.111.111.111[4500] (188 bytes)
May 31 08:07:32 m50-aws-strongSwan charon: 14[NET] received packet: from
111.111.111.111[4500] to 10.55.55.250[4500] (84 bytes)
May 31 08:07:32 m50-aws-strongSwan charon: 14[ENC] parsed
INFORMATIONAL_V1 request 1933256433 [ HASH N(NO_PROP) ]
May 31 08:07:32 m50-aws-strongSwan charon: 14[IKE] received
NO_PROPOSAL_CHOSEN error notify
May 31 08:07:57 m50-aws-strongSwan charon: 17[IKE] sending keep alive to
111.111.111.111[4500]
May 31 08:08:17 m50-aws-strongSwan charon: 18[IKE] sending keep alive to
111.111.111.111[4500]
May 31 08:08:37 m50-aws-strongSwan charon: 20[IKE] sending keep alive to
111.111.111.111[4500]
May 31 08:08:57 m50-aws-strongSwan charon: 22[IKE] sending keep alive to
111.111.111.111[4500]
May 31 08:09:02 m50-aws-strongSwan charon: 21[NET] received packet: from
111.111.111.111[4500] to 10.55.55.250[4500] (428 bytes)
May 31 08:09:02 m50-aws-strongSwan charon: 21[ENC] parsed QUICK_MODE
request 306220597 [ HASH SA No ID ID ]
May 31 08:09:02 m50-aws-strongSwan charon: 21[IKE] received 28800s
lifetime, configured 7557s
May 31 08:09:02 m50-aws-strongSwan charon: 21[IKE] received 4608000000
lifebytes, configured 0
May 31 08:09:02 m50-aws-strongSwan charon: 21[ENC] generating QUICK_MODE
response 306220597 [ HASH SA No ID ID ]
May 31 08:09:02 m50-aws-strongSwan charon: 21[NET] sending packet: from
10.55.55.250[4500] to 111.111.111.111[4500] (188 bytes)
May 31 08:09:02 m50-aws-strongSwan charon: 23[NET] received packet: from
111.111.111.111[4500] to 10.55.55.250[4500] (84 bytes)
May 31 08:09:02 m50-aws-strongSwan charon: 23[ENC] parsed
INFORMATIONAL_V1 request 1230897943 [ HASH N(NO_PROP) ]
May 31 08:09:02 m50-aws-strongSwan charon: 23[IKE] received
NO_PROPOSAL_CHOSEN error notify
May 31 08:09:26 m50-aws-strongSwan charon: 27[IKE] sending keep alive to
111.111.111.111[4500]
May 31 08:09:32 m50-aws-strongSwan charon: 26[NET] received packet: from
111.111.111.111[4500] to 10.55.55.250[4500] (428 bytes)
May 31 08:09:32 m50-aws-strongSwan charon: 26[ENC] parsed QUICK_MODE
request 3014147266 [ HASH SA No ID ID ]
May 31 08:09:32 m50-aws-strongSwan charon: 26[IKE] received 28800s
lifetime, configured 7557s
May 31 08:09:32 m50-aws-strongSwan charon: 26[IKE] received 4608000000
lifebytes, configured 0
May 31 08:09:32 m50-aws-strongSwan charon: 26[ENC] generating QUICK_MODE
response 3014147266 [ HASH SA No ID ID ]
May 31 08:09:32 m50-aws-strongSwan charon: 26[NET] sending packet: from
10.55.55.250[4500] to 111.111.111.111[4500] (188 bytes)
May 31 08:09:32 m50-aws-strongSwan charon: 28[NET] received packet: from
111.111.111.111[4500] to 10.55.55.250[4500] (84 bytes)
May 31 08:09:32 m50-aws-strongSwan charon: 28[ENC] parsed
INFORMATIONAL_V1 request 426631805 [ HASH N(NO_PROP) ]
May 31 08:09:32 m50-aws-strongSwan charon: 28[IKE] received
NO_PROPOSAL_CHOSEN error notify
May 31 08:09:56 m50-aws-strongSwan charon: 30[IKE] sending keep alive to
111.111.111.111[4500]
May 31 08:10:02 m50-aws-strongSwan charon: 31[NET] received packet: from
111.111.111.111[4500] to 10.55.55.250[4500] (428 bytes)
May 31 08:10:02 m50-aws-strongSwan charon: 31[ENC] parsed QUICK_MODE
request 2589082521 [ HASH SA No ID ID ]
May 31 08:10:02 m50-aws-strongSwan charon: 31[IKE] received 28800s
lifetime, configured 7557s
May 31 08:10:02 m50-aws-strongSwan charon: 31[IKE] received 4608000000
lifebytes, configured 0
May 31 08:10:02 m50-aws-strongSwan charon: 31[ENC] generating QUICK_MODE
response 2589082521 [ HASH SA No ID ID ]
May 31 08:10:02 m50-aws-strongSwan charon: 31[NET] sending packet: from
10.55.55.250[4500] to 111.111.111.111[4500] (188 bytes)
May 31 08:10:02 m50-aws-strongSwan charon: 01[NET] received packet: from
111.111.111.111[4500] to 10.55.55.250[4500] (84 bytes)
Repeating until I log into the server and issue an ipsec restart, after
which it resumes a happy session.
May 31 08:17:48 m50-aws-strongSwan charon: 00[DMN] signal of type SIGINT
received. Shutting down
May 31 08:17:48 m50-aws-strongSwan charon: 00[IKE] deleting IKE_SA
aws-mia[3] between
10.55.55.250[33.33.33.33]...111.111.111.111[111.111.111.111]
May 31 08:17:48 m50-aws-strongSwan charon: 00[IKE] sending DELETE for
IKE_SA aws-mia[3]
May 31 08:17:48 m50-aws-strongSwan charon: 00[ENC] generating
INFORMATIONAL_V1 request 3808362594 [ HASH D ]
May 31 08:17:48 m50-aws-strongSwan charon: 00[NET] sending packet: from
10.55.55.250[4500] to 111.111.111.111[4500] (84 bytes)
May 31 08:17:51 m50-aws-strongSwan charon: 00[DMN] Starting IKE charon
daemon (strongSwan 5.0.4, Linux 2.6.32-5-xen-amd64, x86_64)
{etc.}
This is a different failure from what I was experiencing a few weeks
back with the 'sa payload missing' errors which no longer occur.
Does anything stand out as obviously wrong in my config? Or is this yet
another edge case in connecting to a Cisco?
Oh, lastly, example of existing, happy connection:
root at m50-aws-strongSwan: ~ # ipsec statusall
Status of IKE charon daemon (strongSwan 5.0.4, Linux 2.6.32-5-xen-amd64,
x86_64):
uptime: 3 hours, since May 31 08:17:52 2013
malloc: sbrk 401408, mmap 0, used 246128, free 155280
worker threads: 23 of 32 idle, 8/1/0/0 working, job queue: 0/0/0/0,
scheduled: 3
loaded plugins: charon aes des sha1 sha2 md5 random nonce x509
revocation constraints pubkey pkcs1 pkcs8 pgp dnskey pem fips-prf gmp
xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown
xauth-generic duplicheck
Listening IP addresses:
10.55.55.250
Connections:
aws-mia: 10.55.55.250...111.111.111.111 IKEv1, dpddelay=30s
aws-mia: local: [33.33.33.33] uses pre-shared key authentication
aws-mia: remote: [111.111.111.111] uses pre-shared key
authentication
aws-mia: child: 10.55.55.0/24 === 10.238.0.0/15 TRANSPORT,
dpdaction=restart
Security Associations (1 up, 0 connecting):
aws-mia[1]: ESTABLISHED 3 hours ago,
10.55.55.250[33.33.33.33]...111.111.111.111[111.111.111.111]
aws-mia[1]: IKEv1 SPIs: 1c0cb1cd39f64b3d_i 19da2677bd51fbad_r*,
pre-shared key reauthentication in 4 hours
aws-mia[1]: IKE proposal:
3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
aws-mia{2}: INSTALLED, TUNNEL, ESP in UDP SPIs: ce0c19a6_i 46563499_o
aws-mia{2}: 3DES_CBC/HMAC_SHA1_96, 17724 bytes_i (211 pkts, 41s
ago), 17724 bytes_o (211 pkts, 41s ago), rekeying in 37 minutes
aws-mia{2}: 10.55.55.0/24 === 10.238.0.0/15
--
Paul Theodoropoulos
www.anastrophe.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130531/cc95abf1/attachment.html>
More information about the Users
mailing list