[strongSwan] StrongSwan - Mac OS X IPsec tunnel stops forwarding traffic

Ken Nelson ken at cazena.com
Wed Mar 4 19:37:31 CET 2015


StrongSwan V5.2.0 is configured to be an IPsec VPN gateway on a Linux machine.  A Mac laptop connects to it using the native Mac OS X v10.10.2 Cisco IPsec VPN client.  The connection is established and works well for roughly 6,516 seconds (1 hour, 48 minutes, 36 seconds; or ~108 minutes) at which point the tunnel stops forwarding traffic.  There is no outward indication on the Mac side that anything is wrong except that traffic is no longer reaching its destination.

The test scenario is to initiate the IPsec tunnel on the Mac and then, from the Mac, ping a machine on the inside of the VPN gateway once per minute.  This work for roughly 108 minutes and then fails.  The failure is repeatable and has always stopped at about the 108 minute mark.

Attached files from the Linux machine are:

  *   linux-message.log - the message log file
  *   ipsec.conf file,
  *   status.txt - the output of “strongswan statusall” command executed while the tunnel was fully operation.

Attached from the Mac are:

  *   mac-system.log - the raccoon log file output from the Mac client.
  *   racoon.conf - the raccoon configuration file

In the Linux message log file, the tunnel started at timestamp 'Mar  4 14:45:05' and stopped forwarding traffic at roughly 'Mar  4 16:33:41'.  The Mac system log file has the entire duration of the connection, which was started & terminated manually.  The Mac timestamps are 7 hours different from the Linux ones, but otherwise the clocks were synchronized (within a second or so).

I have struggled with this for days, experimenting with a number of configurations, and can not even find a work-around.  Any help is very appreciated.


Ken


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150304/f6906358/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec.conf
Type: application/octet-stream
Size: 2268 bytes
Desc: ipsec.conf
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150304/f6906358/attachment-0004.obj>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150304/f6906358/attachment-0005.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: linux-message.log
Type: application/octet-stream
Size: 175159 bytes
Desc: linux-message.log
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150304/f6906358/attachment-0005.obj>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150304/f6906358/attachment-0006.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mac-system.log
Type: application/octet-stream
Size: 18072 bytes
Desc: mac-system.log
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150304/f6906358/attachment-0006.obj>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150304/f6906358/attachment-0007.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: racoon.conf
Type: application/octet-stream
Size: 2780 bytes
Desc: racoon.conf
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150304/f6906358/attachment-0007.obj>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150304/f6906358/attachment-0008.htm>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: status.txt
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150304/f6906358/attachment-0001.txt>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150304/f6906358/attachment-0009.htm>


More information about the Users mailing list