[strongSwan] Output hangs, eventually completes
Martin Willi
martin at strongswan.org
Mon Oct 20 09:14:40 CEST 2014
Hi,
> I have modified both sides of the VPN with ‘reauth=no’ and the problem persists.
> Oct 15 19:51:40 CloudOpsVpns charon: 12[IKE] IKE_SA vpn1[23] established between AAA.AA.AAA.AAA[dkaufman at iRise.com]...BB.BBB.BBB.BBB[host-us-west-1b]
> Oct 15 19:51:40 CloudOpsVpns charon: 12[IKE] scheduling rekeying in 9787s
> Oct 15 19:51:40 CloudOpsVpns charon: 12[IKE] maximum IKE_SA lifetime 10327s
> Oct 15 19:51:40 CloudOpsVpns charon: 12[IKE] installing new virtual IP 10.100.255.2
> Oct 15 19:51:40 CloudOpsVpns charon: 12[IKE] CHILD_SA vpn1{1} established with SPIs cb5d4d03_i c25d94db_o and TS 10.100.255.2/32 === 10.0.0.0/28
> Oct 15 19:51:40 CloudOpsVpns charon: 12[IKE] received AUTH_LIFETIME of 3381s, scheduling reauthentication in 2841s
In this log I see a re-authentication procedure. After establishing the
IKE_SA, the local host schedules re-authentication because it received
an AUTH_LIFETIME notify from the responder. So it looks like
re-authentication is still enabled on the peer.
Regards
Martin
More information about the Users
mailing list