[strongSwan] deleting half open IKE_SA after timeout

Denis Zinevich link at ngc.net.ua
Fri Feb 27 15:07:47 CET 2015


Hello,

I have several identicall servers (but in different datacenters), client can connect to any except one.
configs are completely identical (ensured by cfengine, tripple re-checked manually), so probably that's not configuration issue.
logs look like:

Feb 27 13:58:34 s04001011709 charon: 07[ENC] generating ID_PROT response 0 [ ID CERT SIG ]
Feb 27 13:58:34 s04001011709 charon: 07[NET] sending packet: from 179.179.179.179[4500] to 46.211.133.122[39592] (1660 bytes)
Feb 27 13:58:34 s04001011709 charon: 07[ENC] generating TRANSACTION request 2234314252 [ HASH CPRQ(X_USER X_PWD) ]
Feb 27 13:58:34 s04001011709 charon: 07[NET] sending packet: from 179.179.179.179[4500] to 46.211.133.122[39592] (76 bytes)
Feb 27 13:58:38 s04001011709 charon: 10[IKE] sending retransmit 1 of request message ID 2234314252, seq 1
Feb 27 13:58:38 s04001011709 charon: 10[NET] sending packet: from 179.179.179.179[4500] to 46.211.133.122[39592] (76 bytes)
Feb 27 13:58:38 s04001011709 charon: 12[NET] received packet: from 46.211.133.122[39592] to 179.179.179.179[4500] (1196 bytes)
Feb 27 13:58:38 s04001011709 charon: 12[IKE] received retransmit of request with ID 0, retransmitting response
Feb 27 13:58:38 s04001011709 charon: 12[NET] sending packet: from 179.179.179.179[4500] to 46.211.133.122[39592] (1660 bytes)
Feb 27 13:58:41 s04001011709 charon: 13[NET] received packet: from 46.211.133.122[39592] to 179.179.179.179[4500] (1196 bytes)
Feb 27 13:58:41 s04001011709 charon: 13[IKE] received retransmit of request with ID 0, retransmitting response
Feb 27 13:58:41 s04001011709 charon: 13[NET] sending packet: from 179.179.179.179[4500] to 46.211.133.122[39592] (1660 bytes)
Feb 27 13:58:44 s04001011709 charon: 15[NET] received packet: from 46.211.133.122[39592] to 179.179.179.179[4500] (1196 bytes)
Feb 27 13:58:44 s04001011709 charon: 15[IKE] received retransmit of request with ID 0, retransmitting response
Feb 27 13:58:44 s04001011709 charon: 15[NET] sending packet: from 179.179.179.179[4500] to 46.211.133.122[39592] (1660 bytes)
Feb 27 13:58:45 s04001011709 charon: 14[IKE] sending retransmit 2 of request message ID 2234314252, seq 1
Feb 27 13:58:45 s04001011709 charon: 14[NET] sending packet: from 179.179.179.179[4500] to 46.211.133.122[39592] (76 bytes)
Feb 27 13:58:57 s04001011709 charon: 05[NET] received packet: from 46.211.133.122[39592] to 179.179.179.179[4500] (1196 bytes)
Feb 27 13:58:57 s04001011709 charon: 05[IKE] received retransmit of request with ID 0, retransmitting response
Feb 27 13:58:57 s04001011709 charon: 05[NET] sending packet: from 179.179.179.179[4500] to 46.211.133.122[39592] (1660 bytes)
Feb 27 13:58:58 s04001011709 charon: 04[IKE] sending retransmit 3 of request message ID 2234314252, seq 1
Feb 27 13:58:58 s04001011709 charon: 04[NET] sending packet: from 179.179.179.179[4500] to 46.211.133.122[39592] (76 bytes)
Feb 27 13:59:02 s04001011709 charon: 07[JOB] deleting half open IKE_SA after timeout

That's it. setting log level for NET and IKE to "2" do not give more info. Have no idea how to debug/where to digg.
Help me please :)

--
Denis


More information about the Users mailing list