[strongSwan] Failed to connect peer after "DELETE for ESP CHILD_SA"
Nimo
gnimozyu at gmail.com
Mon Jun 8 03:20:51 CEST 2015
Hi,
I'm using strongSwan5.3.1 with Linux. I connected peer with ipsec.conf as
attached. When I execute ping from my site(192.168.101.0/24) to peer site(
10.200.10.0/24), it works fine. Then "ipsec status" shows below:
--------------------------------
Routed Connections:
test-site{1}: ROUTED, TUNNEL, reqid 1
test-site{1}: 192.168.101.0/24 === 10.200.10.0/24
Security Associations (1 up, 0 connecting):
test-site[1]: ESTABLISHED 28 seconds ago,
192.168.101.75[AAA.BBB.85.30]...XXX.YYY.50.68[XXX.YYY.50.68]
test-site{2}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: ccdf13a6_i
8c5c115a_o
test-site{2}: 192.168.101.0/24 === 10.200.10.0/24
--------------------------------
After a few minutes later, our strongSwan received "DELETE for ESP
CHILD_SA" from peer. Then "ipsec status" shows below, and ping from our
site to peer site fails. I also attached strongswan.log around the
"DELETE". During the few minutes, only DPD packets are sent/rececived.
--------------------------------
Routed Connections:
test-site{1}: ROUTED, TUNNEL, reqid 1
test-site{1}: 192.168.101.0/24 === 10.200.10.0/24
Security Associations (1 up, 0 connecting):
test-site[1]: ESTABLISHED 6 minutes ago,
192.168.101.75[AAA.BBB.85.30]...XXX.YYY.50.68[XXX.YYY.50.68]
--------------------------------
I want to re-connect our site to peer site after that again.
1) Is there any connection parameters to avoid this issue ?
2) How can I re-connect sites automatically when I executing ping from our
site ?
thanks,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150608/66a73569/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec.conf
Type: application/octet-stream
Size: 952 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150608/66a73569/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: strongswan.log
Type: application/octet-stream
Size: 2560 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150608/66a73569/attachment-0001.obj>
More information about the Users
mailing list