[strongSwan] Gateway stops receiving end entity cert from a particular client

Banio aau at mncarpenters.net
Mon Jan 19 21:56:11 CET 2015

I have 7 gateways (all set up the same) and many clients (all configured 
in the same manner), some on multiple gateways.  The gateways use certs 
for authentication.  Clients and gateways are all on amazon aws.  I 
periodically see the follow issue:

Client connects fine to gateway for weeks, then stops being able to 
connect.  Other clients continue to connect without issue to gateway.  
The two can communicate and get to the point where they both send their 
respective "request for cert", and the client sends it's end entity 
cert, but the gateway never seems to receive it. The client continues to 
retransmit until 5 are sent and it times out.  If I destroy the virtual 
server and redeploy, the new client, with the same hostname and same 
configuration, can connect without issue.

Here is the meta info (versions and OS are the same on gateway and client):

OS: Centos 6.6
strongswan version: 5.2.0
Gateway config: http://ur1.ca/jh5g7
Client config: http://ur1.ca/jh5go
Gateway log: http://ur1.ca/jh5h4
Client log: http://ur1.ca/jh5hn

Please let me know if you need more info.

More information about the Users mailing list