[strongSwan] Problems with StrongSwan 5.x and Cisco

Matus Straka straka at ischemaview.com
Sat Nov 30 22:07:33 CET 2013 

 
Dear all,
 
I would like to ask for help/advice with StrongSWAN and Cisco VPN Devices:
 
We have had a setup with Centos 6.4 64bit Linux and Strongswan 4.6.4, other
sites have Cisco gateways. I was able to configure the VPN tunnels just
fine, using the examples on internet and parameters/PSK provided by our
partners.
The setup worked fine for many months, with some occasional glitches
(freezing of a tunnel).
 
Today, I tried to upgrade to StrongSWAN 5.0.4 (packaged in Centos 6.4
repositories), and ended up with non-functioning system as described below.
I tried then to upgrade to StrongSWAN 5.1.1 built from source, with the same
results.
In the end, I downgraded back to StrongSWAN 4.6.4. and the setup works
again.
 
Our problems:
With StrongSWAN 5.0.4 and 5.1.1, upon (re)starting the StrongSwan daemon,
the creation of the tunnels stops at a certain point, and "ipsec statusall"
says: "Tasks queued: QUICK_MODE" and it never gets past that point. The log
files then indicate that after 5 unsuccessful attempts the tunnel creation
is stopped. With 4.6.4 it works without any issues.
 
To the extent of my knowledge and expertise I tried to change/modify the
parameters in the ipsec.conf file, and reviewed the log files available
(pluto.log and charon.log), without any success.
 
As my attempt to find any relevant information on internet failed (similar
issues, configuration changes), I would like to kindly ask for help and
assistance.
As the problem is straightly present for all 6 our remote sites, I suspect
it is related to our side/configuration, and not to the other side (likely
using different Cisco devices).
 
We will be thankful for any information.
Best regards,
 
  _____  

Matus Straka, PhD
iSchemaView
 
E-Mail:  <mailto:straka at ischemaview.com> mailto:straka at ischemaview.com
iSchemaView, Inc., 323 Olmsted Rd, Stanford, CA 94305, USA
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131130/5f453b23/attachment.html>

More information about the Users mailing list