[strongSwan] Failed to connect peer after "DELETE for ESP CHILD_SA"

Nimo gnimozyu at gmail.com
Mon Jun 8 03:20:51 CEST 2015


Hi,

I'm using strongSwan5.3.1 with Linux. I connected peer with ipsec.conf as
attached. When I execute ping from my site(192.168.101.0/24) to peer site(
10.200.10.0/24), it works fine. Then "ipsec status" shows below:

--------------------------------
Routed Connections:
   test-site{1}:  ROUTED, TUNNEL, reqid 1
   test-site{1}:   192.168.101.0/24 === 10.200.10.0/24
Security Associations (1 up, 0 connecting):
   test-site[1]: ESTABLISHED 28 seconds ago,
192.168.101.75[AAA.BBB.85.30]...XXX.YYY.50.68[XXX.YYY.50.68]
   test-site{2}:  INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: ccdf13a6_i
8c5c115a_o
   test-site{2}:   192.168.101.0/24 === 10.200.10.0/24
--------------------------------


After a few minutes later, our strongSwan received "DELETE for ESP
CHILD_SA" from peer.  Then "ipsec status" shows below, and ping from our
site to peer site fails. I also attached strongswan.log around the
"DELETE". During the few minutes, only DPD packets are sent/rececived.

--------------------------------
Routed Connections:
   test-site{1}:  ROUTED, TUNNEL, reqid 1
   test-site{1}:   192.168.101.0/24 === 10.200.10.0/24
Security Associations (1 up, 0 connecting):
   test-site[1]: ESTABLISHED 6 minutes ago,
192.168.101.75[AAA.BBB.85.30]...XXX.YYY.50.68[XXX.YYY.50.68]
--------------------------------

I want to re-connect our site to peer site after that again.

1) Is there any connection parameters to avoid this issue ?
2) How can I re-connect sites automatically when I executing ping from our
site ?

thanks,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150608/66a73569/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec.conf
Type: application/octet-stream
Size: 952 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150608/66a73569/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: strongswan.log
Type: application/octet-stream
Size: 2560 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150608/66a73569/attachment-0001.obj>


More information about the Users mailing list