[strongSwan] Tunnel going down very frequently

sandeep dubey sandeep.sanash at gmail.com
Tue Aug 30 09:06:44 CEST 2016 

Hi,

I am using strongswan to establish a vpn tunnel across AWS regions
configured on EC2 instances. It was working fine for 2 month but facing
issues when i resized the instances to lower config last week. The changes
are reverted back to previous config for all the region when i started
facing this issue.

Issue - vpn tunnel is going down very frequently (twice in approx an hour).
This is happening in production env. and i am clueless what is happening.

Attaching the syslog and config for both ends. Have replaced left public ip
with LPUBLIC-IP and right ip with RPUBLIC-IP.

OS : Ubuntu 14.04 LTS
Version : 5.1.2-0ubuntu2.4

-- 
Regards,
Sandeep
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160830/2cdcc14d/attachment-0001.html>
-------------- next part --------------
# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
         strictcrlpolicy=yes
#        charondebug="ike 2, knl 3, cfg 0"
# Add connections here.

conn %default
  ikelifetime=60m
  keylife=20m
  rekeymargin=3m
  keyingtries=%forever
  keyexchange=ikev2

conn support-node-sa-east-1
        authby=secret
        auto=route [This value i replced with 'start']
        type=tunnel
        left=172.19.127.239
        leftid=LPUBLIC-IP
        leftsubnet=172.19.0.0/16
        leftauth=psk
        right=RPUBLIC-IP
        rightsubnet=10.121.0.0/16
        rightauth=psk
        ike=aes256ctr-sha256-modp1536
        esp=aes256ctr-sha256-modp1536

-------------- next part --------------
A non-text attachment was scrubbed...
Name: us-east-1-vpn.log
Type: text/x-log
Size: 3259 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160830/2cdcc14d/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sa-east-1-vpn.log
Type: text/x-log
Size: 649769 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160830/2cdcc14d/attachment-0003.bin>
-------------- next part --------------
# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
         strictcrlpolicy=yes

# Add connections here.

conn %default
  ikelifetime=60m
  keylife=20m
  rekeymargin=3m
  keyingtries=%forever
  keyexchange=ikev2

conn node-support
        authby=secret
        auto=route [This value i replced with 'start']
        type=tunnel
        left=10.121.26.84
        leftid=LPUBLIC-IP
        leftsubnet=10.121.0.0/16
        leftauth=psk
        right=RPUBLIC-IP
        rightsubnet=172.19.0.0/16
        rightauth=psk
        ike=aes256ctr-sha256-modp1536
        esp=aes256ctr-sha256-modp1536

More information about the Users mailing list