[strongSwan] Problem after upgrade 5.5.0->5.5.1

Dusan Ilic dusan at comhem.se
Thu Apr 13 22:54:25 CEST 2017


Hi Tobias

Could below be the cause?

Apr 13 20:49:40 R6250 daemon.info charon: 04[CFG] DHCP DISCOVER timed out
Apr 13 20:49:40 R6250 daemon.info charon: 04[IKE] no virtual IP found 
for %any requested by 'dulemis'
Apr 13 20:49:40 R6250 daemon.info charon: 04[IKE] peer requested virtual 
IP %any6
Apr 13 20:49:40 R6250 daemon.info charon: 04[IKE] no virtual IP found 
for %any6 requested by 'dulemis'
Apr 13 20:49:40 R6250 daemon.info charon: 04[IKE] no virtual IP found, 
sending INTERNAL_ADDRESS_FAILURE
Apr 13 20:49:40 R6250 daemon.info charon: 04[IKE] configuration payload 
negotiation failed, no CHILD_SA built
Apr 13 20:49:40 R6250 daemon.info charon: 04[IKE] failed to establish 
CHILD_SA, keeping IKE_SA

This is strange, I just upgraded Strongswan and nothing else. Any idea 
why DHCP lease isn't aquired?


On 2017-04-13 18:41, Tobias Brunner wrote:
> Hi Dusan,
>
>> Apr 13 18:25:33 06[ENC] parsed IKE_AUTH response 4 [ EAP/SUCC ]
>> Apr 13 18:25:33 06[IKE] EAP method EAP_MSCHAPV2 succeeded, MSK established
>> Apr 13 18:25:33 06[IKE] authentication of 'user1' (myself) with EAP
>> Apr 13 18:25:33 06[ENC] generating IKE_AUTH request 5 [ AUTH ]
>> Apr 13 18:25:33 06[NET] sending packet: from 10.4.90.238[41574] to
>> 85.24.240.96[4500] (112 bytes)
>> Apr 13 18:25:35 14[IKE] retransmit 1 of request with message ID 5
>> Apr 13 18:25:35 14[NET] sending packet: from 10.4.90.238[41574] to
>> 85.24.240.96[4500] (112 bytes)
>> Apr 13 18:25:37 13[IKE] retransmit 2 of request with message ID 5
>> Apr 13 18:25:37 13[NET] sending packet: from 10.4.90.238[41574] to
>> 85.24.240.96[4500] (112 bytes)
>> Apr 13 18:25:41 15[IKE] retransmit 3 of request with message ID 5
>> Apr 13 18:25:41 15[NET] sending packet: from 10.4.90.238[41574] to
>> 85.24.240.96[4500] (112 bytes)
>> Apr 13 18:25:47 12[IKE] giving up after 3 retransmits
>> Apr 13 18:25:47 12[IKE] peer not responding, trying again (2/0)
> You need to read the server log to see why it does not respond to that
> IKE_AUTH request (or whether it actually receives it).
>
> Regards,
> Tobias
>



More information about the Users mailing list