[strongSwan] tunnel gets deleted after new CHILD_SA (strongswan 5.1.1-1)
Axel Zöllich
a.zoellich at kirsch.zoellich.de
Tue Jan 7 15:07:12 CET 2014
This tunnel terminates after keylifetime:
conn jung
ikelifetime=86400
keylife=21600
left=80.152.162.192
leftsubnet=192.168.222.0/24
leftid=217.86.157.103
leftfirewall=yes
right=217.86.157.103
rightsubnet=192.168.1.0/24
rightid=%any
auto=start
Jan 6 21:46:41 08[CFG] received stroke: add connection 'jung'
Jan 6 21:46:41 08[CFG] added configuration 'jung'
Jan 6 21:46:41 04[CFG] received stroke: initiate 'jung'
Jan 6 21:46:41 04[IKE] initiating Main Mode IKE_SA jung[3] to 217.86.157.103
Jan 6 21:46:42 10[IKE] IKE_SA jung[3] established between 80.152.162.192[217.86.157.103]...217.86.157.103[217.86.157.103]
Jan 6 21:46:42 08[IKE] CHILD_SA jung{3} established with SPIs c5e479fd_i 43d756e0_o and TS 192.168.222.0/24 === 192.168.1.0/24
EVERY 30 seconds:
Jan 7 02:14:11 01[IKE] sending DPD request
Jan 7 02:14:11 01[ENC] generating INFORMATIONAL_V1 request 1701154480 [ HASH N(DPD) ]
Jan 7 02:14:11 01[NET] sending packet: from 80.152.162.192[500] to 217.86.157.103[500] (92 bytes)
Jan 7 02:14:11 10[NET] received packet: from 217.86.157.103[500] to 80.152.162.192[500] (92 bytes)
Jan 7 02:14:11 10[ENC] parsed INFORMATIONAL_V1 request 2191206639 [ HASH N(DPD_ACK) ]
[...]
Jan 7 03:41:00 10[IKE] CHILD_SA jung{3} established with SPIs ced7011d_i 43d756e7_o and TS 192.168.222.0/24 === 192.168.1.0/24
Jan 7 03:46:42 16[IKE] closing expired CHILD_SA jung{3} with SPIs c5e479fd_i 43d756e0_o and TS 192.168.222.0/24 === 192.168.1.0/24
Jan 7 05:47:59 05[IKE] received DELETE for IKE_SA jung[3]
Jan 7 05:47:59 05[IKE] deleting IKE_SA jung[3] between 80.152.162.192[217.86.157.103]...217.86.157.103[217.86.157.103]
what happens during the rekeying and where are all this DPD request comming from?
Axel
More information about the Users
mailing list