[strongSwan] internal_address_failure after dpd tiemout
Ike Testing
ikev2testing at gmail.com
Wed Jul 2 17:23:29 CEST 2014
Hi all,
I'm having issues with some responders when my initiator tries to establish
a new sa after a dpd timeout.
Responder rejects connection with an internal_address_failure due to
initiator is sending the last assigned inner ip as internal_ip4_address
attribute in ike_auth configuration payload.
Initiator has this relevant configuration:
ipsec.conf
dpdaction=restart
closeaction=restart
keyingtries=%forever
leftsourceip=%config
auto=start
keyexchange=ikev2
reauth=no
strongswan.conf
close_ike_on_child_failure = yes
When I restart ipsec, connection can be established succesfully as
initiator sends this attribute empty.
Should initiatior act in this way when it tries to create a new sa after
dpd timeout? If yes, can this behaviour be modified?
Many thanks.
Best regards,
Nacho.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140702/3b123e63/attachment.html>
More information about the Users
mailing list