[strongSwan] Tunnel gets disconnected
Matthias Henze
lists at mhcsoftware.de
Tue Jul 19 15:57:09 CEST 2016
Hi Tobias,
Am 14.07.2016 um 10:08 schrieb Tobias Brunner:
> Hi Matthias,
>
>> I've peers where some (all, 2 of 8, etc.) tunnels get disconnected after
>> some time.
>
> How? Is there a delete sent? If so, by whom?
Now I managed to get decent logs, and the remote site sends a disconnect.
2016-07-19 10:59:28 14[NET] <skste|25> received packet: from
1.2.3.4[500] to 5.6.7.8[500] (76 bytes)
2016-07-19 10:59:28 14[ENC] <skste|25> parsed INFORMATIONAL_V1 request
3728486586 [ HASH D ]
2016-07-19 10:59:28 14[IKE] <skste|25> received DELETE for ESP CHILD_SA
with SPI 1efa0295
2016-07-19 10:59:28 14[IKE] <skste|25> closing CHILD_SA skste{37} with
SPIs c385ec17_i (268 bytes) 1efa0295_o (1593 bytes) and TS
192.168.120.1/32 === 10.30.16.89/32
>
>> Is there a way to configure StrongSwan to keep all tunnel up all the
>> time without DPD?
>
> auto=route is definitely the best way to ensure the tunnel is created
> (or recreated) automatically and no plaintext traffic leaves the host.
I've tested this with one peer by now, and it seems to work.
>> Why does StrongSwan shut down tunnels?
>
> Why do you think strongSwan does so? Did you check the logs for what's
> actually going on?
Now I've seen in the logs that the remote site requested shut down.
Thanks for your help
cheers
Matthias
--
MHC SoftWare GmbH
Fichtera 17
96274 Itzgrund/Germany
voice: +49-(0)9533-92006-0
fax: +49-(0)9533-92006-6
e-mail: info at mhcsoftware.de
HR Coburg: B2242
Geschaeftsfuehrer: Matthias Henze
More information about the Users
mailing list