[strongSwan] Windows 7 connection dies after a few minutes, but the client never notices
Martin Willi
martin at strongswan.org
Fri Sep 13 10:29:44 CEST 2013
Hi Micah,
> The server notices and drops it, but the client thinks it's still
> connected
> 20130911-174615 01[IKE] giving up after 5 retransmits
> 20130911-174616 01[IKE] unable to reestablish IKE_SA due to asymmetric setup
The server tries to initiate an exchange, but the client does not
respond to it. After five retransmits, the server has to assume the
client is dead and closes the tunnel. Probably because of a DPD action
it tries to re-establish the IKE_SA, but it cant: Because EAP
authentication is asymmetric, only the client can re-initiate the
tunnel.
The interesting question is what exchange the server sends, and why the
client does not respond. Maybe it is related to
> 20130911-174604 06[KNL] NAT mappings of ESP CHILD_SA with SPI
> c593df3b and reqid {1} changed, queuing update job
but the exchange itself is not part of your log. The part of the log
that shows the exchange that times out would help.
Regards
Martin
More information about the Users
mailing list