[strongSwan] Gateway stops receiving end entity cert from a particular client
Banio
aau at mncarpenters.net
Mon Jan 19 21:56:11 CET 2015
I have 7 gateways (all set up the same) and many clients (all configured
in the same manner), some on multiple gateways. The gateways use certs
for authentication. Clients and gateways are all on amazon aws. I
periodically see the follow issue:
Client connects fine to gateway for weeks, then stops being able to
connect. Other clients continue to connect without issue to gateway.
The two can communicate and get to the point where they both send their
respective "request for cert", and the client sends it's end entity
cert, but the gateway never seems to receive it. The client continues to
retransmit until 5 are sent and it times out. If I destroy the virtual
server and redeploy, the new client, with the same hostname and same
configuration, can connect without issue.
Here is the meta info (versions and OS are the same on gateway and client):
OS: Centos 6.6
strongswan version: 5.2.0
Gateway config: http://ur1.ca/jh5g7
Client config: http://ur1.ca/jh5go
Gateway log: http://ur1.ca/jh5h4
Client log: http://ur1.ca/jh5hn
Please let me know if you need more info.
More information about the Users
mailing list