[strongSwan] Fwd: VPN tunnel up but not child_sas
christopher kamutumwa
chriskamutumwa at gmail.com
Wed Feb 24 18:26:40 CET 2016
Hi,
i have strongswan and the child nodes pings at times and stop pinging
randomly and dont ping anymore and this will happen again and again. below
is an example. please help as to why this happens. after child_sa establish
then lose connection. i have attached syslog to show when it connected
GW01>ping -a 172.25.48.36 192.168.200.177
PING 192.168.200.177: 56 data bytes, press CTRL_C to break
Request time out
Reply from 192.168.200.177: bytes=56 Sequence=2 ttl=64 time=204 ms
Reply from 192.168.200.177: bytes=56 Sequence=3 ttl=64 time=206 ms
Reply from 192.168.200.177: bytes=56 Sequence=4 ttl=64 time=204 ms
Reply from 192.168.200.177: bytes=56 Sequence=5 ttl=64 time=206 ms
--- 192.168.200.177 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 204/205/206 ms
GW01>ping -a 172.25.48.36 192.168.200.177
PING 192.168.200.177: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160224/38015816/attachment-0001.html>
-------------- next part --------------
Feb 24 07:24:00 localhost charon: 03[IKE] CHILD_SA MTN{1} established with SPIs c5bf2812_i 1c0032c9_o and TS 192.168.200.172/32 === 172.25.48.43/32
Feb 24 07:24:00 localhost vpn: + 41.223.117.190 172.25.48.43/32 == 41.223.117.190 -- 185.3.95.94 == 192.168.200.172/32
Feb 24 07:24:12 localhost charon: 09[NET] received packet: from 41.223.117.190[4500] to 185.3.95.94[4500] (164 bytes)
Feb 24 07:24:12 localhost charon: 09[ENC] parsed QUICK_MODE request 2936180826 [ HASH SA No ID ID ]
Feb 24 07:24:12 localhost charon: 09[IKE] received 1843200000 lifebytes, configured 0
Feb 24 07:24:12 localhost charon: 09[ENC] generating QUICK_MODE response 2936180826 [ HASH SA No ID ID ]
Feb 24 07:24:12 localhost charon: 09[NET] sending packet: from 185.3.95.94[4500] to 41.223.117.190[4500] (180 bytes)
Feb 24 07:24:12 localhost charon: 07[NET] received packet: from 41.223.117.190[4500] to 185.3.95.94[4500] (52 bytes)
Feb 24 07:24:12 localhost charon: 07[ENC] parsed QUICK_MODE request 2936180826 [ HASH ]
Feb 24 07:24:12 localhost charon: 07[IKE] CHILD_SA MTN{2} established with SPIs c5337dbc_i 1c000cf8_o and TS 192.168.200.177/32 === 172.25.48.43/32
Feb 24 07:24:12 localhost vpn: + 41.223.117.190 172.25.48.43/32 == 41.223.117.190 -- 185.3.95.94 == 192.168.200.177/32
Feb 24 07:24:12 localhost charon: 12[IKE] sending retransmit 3 of request message ID 2944856151, seq 4
Feb 24 07:24:12 localhost charon: 12[NET] sending packet: from 185.3.95.94[4500] to 41.223.117.190[4500] (76 bytes)
Feb 24 07:24:36 localhost charon: 02[IKE] sending retransmit 4 of request message ID 2944856151, seq 4
Feb 24 07:24:36 localhost charon: 02[NET] sending packet: from 185.3.95.94[4500] to 41.223.117.190[4500] (76 bytes)
Feb 24 07:25:01 localhost CRON[5958]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Feb 24 07:25:18 localhost charon: 11[IKE] sending retransmit 5 of request message ID 2944856151, seq 4
Feb 24 07:25:18 localhost charon: 11[NET] sending packet: from 185.3.95.94[4500] to 41.223.117.190[4500] (76 bytes)
Feb 24 07:26:33 localhost charon: 10[IKE] giving up after 5 retransmits
Feb 24 07:26:33 localhost charon: 10[IKE] initiating Main Mode IKE_SA MTN[249] to 41.223.117.190
Feb 24 07:26:33 localhost charon: 10[ENC] generating ID_PROT request 0 [ SA V V V V ]
Feb 24 07:26:33 localhost charon: 10[NET] sending packet: from 185.3.95.94[4500] to 41.223.117.190[4500] (184 bytes)
Feb 24 07:26:33 localhost vpn: - 41.223.117.190 172.25.48.43/32 == 41.223.117.190 -- 185.3.95.94 == 192.168.200.172/32
Feb 24 07:26:33 localhost vpn: - 41.223.117.190 172.25.48.43/32 == 41.223.117.190 -- 185.3.95.94 == 192.168.200.177/32
Feb 24 07:26:33 localhost charon: 02[NET] received packet: from 41.223.117.190[4500] to 185.3.95.94[4500] (100 bytes)
Feb 24 07:26:33 localhost charon: 02[ENC] parsed ID_PROT response 0 [ SA V ]
Feb 24 07:26:33 localhost charon: 02[ENC] received unknown vendor ID: 48:55:41:57:45:49:2d:49:4b:45:76:31:44:53:43:50
Feb 24 07:26:33 localhost charon: 02[ENC] generating ID_PROT request 0 [ KE No ]
Feb 24 07:26:33 localhost charon: 02[NET] sending packet: from 185.3.95.94[4500] to 41.223.117.190[4500] (196 bytes)
Feb 24 07:26:34 localhost charon: 04[NET] received packet: from 41.223.117.190[4500] to 185.3.95.94[4500] (196 bytes)
Feb 24 07:26:34 localhost charon: 04[ENC] parsed ID_PROT response 0 [ KE No ]
Feb 24 07:26:34 localhost charon: 04[ENC] generating ID_PROT request 0 [ ID HASH ]
Feb 24 07:26:34 localhost charon: 04[NET] sending packet: from 185.3.95.94[4500] to 41.223.117.190[4500] (68 bytes)
Feb 24 07:26:34 localhost charon: 01[NET] received packet: from 41.223.117.190[4500] to 185.3.95.94[4500] (68 bytes)
Feb 24 07:26:34 localhost charon: 01[ENC] parsed ID_PROT response 0 [ ID HASH ]
Feb 24 07:26:34 localhost charon: 01[IKE] IKE_SA MTN[249] established between 185.3.95.94[185.3.95.94]...41.223.117.190[41.223.117.190]
Feb 24 07:26:34 localhost charon: 01[IKE] scheduling reauthentication in 28225s
Feb 24 07:26:34 localhost charon: 01[IKE] maximum IKE_SA lifetime 28525s
Feb 24 07:26:34 localhost charon: 01[ENC] generating TRANSACTION request 1021874008 [ HASH CPRQ(ADDR DNS) ]
Feb 24 07:26:34 localhost charon: 01[NET] sending packet: from 185.3.95.94[4500] to 41.223.117.190[4500] (76 bytes)
Feb 24 07:26:38 localhost charon: 07[IKE] sending retransmit 1 of request message ID 1021874008, seq 4
Feb 24 07:26:38 localhost charon: 07[NET] sending packet: from 185.3.95.94[4500] to 41.223.117.190[4500] (76 bytes)
Feb 24 07:26:45 localhost charon: 13[IKE] sending retransmit 2 of request message ID 1021874008, seq 4
Feb 24 07:26:45 localhost charon: 13[NET] sending packet: from 185.3.95.94[4500] to 41.223.117.190[4500] (76 bytes)
Feb 24 07:26:58 localhost charon: 02[IKE] sending retransmit 3 of request message ID 1021874008, seq 4
Feb 24 07:26:58 localhost charon: 02[NET] sending packet: from 185.3.95.94[4500] to 41.223.117.190[4500] (76 bytes)
Feb 24 07:27:21 localhost charon: 01[IKE] sending retransmit 4 of request message ID 1021874008, seq 4
Feb 24 07:27:21 localhost charon: 01[NET] sending packet: from 185.3.95.94[4500] to 41.223.117.190[4500] (76 bytes)
Feb 24 07:28:03 localhost charon: 07[IKE] sending retransmit 5 of request message ID 1021874008, seq 4
Feb 24 07:28:03 localhost charon: 07[NET] sending packet: from 185.3.95.94[4500] to 41.223.117.190[4500] (76 bytes)
Feb 24 07:29:19 localhost charon: 02[IKE] giving up after 5 retransmits
Feb 24 07:29:19 localhost charon: 02[IKE] initiating Main Mode IKE_SA MTN[250] to 41.223.117.190
Feb 24 07:29:19 localhost charon: 02[ENC] generating ID_PROT request 0 [ SA V V V V ]
Feb 24 07:29:19 localhost charon: 02[NET] sending packet: from 185.3.95.94[4500] to 41.223.117.190[4500] (184 bytes)
Feb 24 07:29:19 localhost charon: 04[NET] received packet: from 41.223.117.190[4500] to 185.3.95.94[4500] (100 bytes)
Feb 24 07:29:19 localhost charon: 04[ENC] parsed ID_PROT response 0 [ SA V ]
Feb 24 07:29:19 localhost charon: 04[ENC] received unknown vendor ID: 48:55:41:57:45:49:2d:49:4b:45:76:31:44:53:43:50
Feb 24 07:29:19 localhost charon: 04[ENC] generating ID_PROT request 0 [ KE No ]
Feb 24 07:29:19 localhost charon: 04[NET] sending packet: from 185.3.95.94[4500] to 41.223.117.190[4500] (196 bytes)
Feb 24 07:29:19 localhost charon: 01[NET] received packet: from 41.223.117.190[4500] to 185.3.95.94[4500] (196 bytes)
Feb 24 07:29:19 localhost charon: 01[ENC] parsed ID_PROT response 0 [ KE No ]
Feb 24 07:29:19 localhost charon: 01[ENC] generating ID_PROT request 0 [ ID HASH ]
Feb 24 07:29:19 localhost charon: 01[NET] sending packet: from 185.3.95.94[4500] to 41.223.117.190[4500] (68 bytes)
Feb 24 07:29:19 localhost charon: 03[NET] received packet: from 41.223.117.190[4500] to 185.3.95.94[4500] (68 bytes)
Feb 24 07:29:19 localhost charon: 03[ENC] parsed ID_PROT response 0 [ ID HASH ]
Feb 24 07:29:19 localhost charon: 03[IKE] IKE_SA MTN[250] established between 185.3.95.94[185.3.95.94]...41.223.117.190[41.223.117.190]
Feb 24 07:29:19 localhost charon: 03[IKE] scheduling reauthentication in 28209
More information about the Users
mailing list