[strongSwan] charon keeps sending "keep alive"

Achim Vollhardt avollhar at physik.uzh.ch
Mon Jan 4 11:57:57 CET 2016 

Charon and ipsec continue to send "keep alive" messages after the VPN
client has disconnected. This is going on now for over 30 minutes and I
am uncertain if this is supposed to happen or just a misconfiguration on
my side. I have attached syslog and ipsec.conf, I hope this is sufficient.

Thank you,
Achim Vollhardt



=================================
/var/log/syslog:
Jan  4 10:25:52 vpnpi ipsec[7882]: 11[KNL] interface ppp0 activated
Jan  4 10:25:52 vpnpi ipsec[7882]: 06[KNL] 172.16.1.1 appeared on ppp0
Jan  4 10:25:52 vpnpi ipsec[7882]: 07[KNL] 172.16.1.1 disappeared from ppp0
Jan  4 10:25:52 vpnpi ipsec[7882]: 09[KNL] 172.16.1.1 appeared on ppp0
Jan  4 10:25:52 vpnpi ipsec[7882]: 16[KNL] interface ppp0 deactivated
Jan  4 10:25:52 vpnpi ipsec[7882]: 14[KNL] 172.16.1.1 disappeared from ppp0
Jan  4 10:25:54 vpnpi ntpd[2691]: Deleting interface #6 ppp0,
172.16.1.1#123, interface stats: received=0, sent=0, dropped=0,
active_time=65 secs
Jan  4 10:25:54 vpnpi ntpd[2691]: peers refreshed
Jan  4 10:25:57 vpnpi xl2tpd[790]: Unable to deliver closing message for
tunnel 23563. Destroying anyway.
Jan  4 10:26:16 vpnpi charon: 10[IKE] sending keep alive to
178.197.228.201[16385]
Jan  4 10:26:36 vpnpi charon: 06[IKE] sending keep alive to
178.197.228.201[16385]
Jan  4 10:26:56 vpnpi charon: 07[IKE] sending keep alive to
178.197.228.201[16385]
Jan  4 10:27:16 vpnpi charon: 13[IKE] sending keep alive to
178.197.228.201[16385]
Jan  4 10:27:36 vpnpi charon: 15[IKE] sending keep alive to
178.197.228.201[16385]
Jan  4 10:27:56 vpnpi charon: 06[IKE] sending keep alive to
178.197.228.201[16385]

(seems to continue forever with the 20sec period..)



===============================================================================000000



ipsec.conf:

# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
        # strictcrlpolicy=yes
        # uniqueids = no

# Add connections here.

# Sample VPN connections

#conn sample-self-signed
#      leftsubnet=10.1.0.0/16
#      leftcert=selfCert.der
#      leftsendcert=never
#      right=192.168.0.2
#      rightsubnet=10.2.0.0/16
#      rightcert=peerCert.der
#      auto=start

#conn sample-with-ca-cert
#      leftsubnet=10.1.0.0/16
#      leftcert=myCert.pem
#      right=192.168.0.2
#      rightsubnet=10.2.0.0/16
#      rightid="C=CH, O=Linux strongSwan CN=peer name"
#      auto=start

include /var/lib/strongswan/ipsec.conf.inc

conn vpnserver
        type=transport
        authby=secret
        pfs=no
        rekey=no
        keyingtries=1
	left=%any
        leftprotoport=udp/l2tp
        leftid=@XXX.XXX.com            #removed for mail
        right=%any
        rightprotoport=udp/%any
        auto=add

More information about the Users mailing list