[strongSwan] Connection dropped on rekeying

Tobias Brunner tobias at strongswan.org
Tue Apr 18 14:40:50 CEST 2017


Hi Gilles,

> charon: 06[KNL] creating rekey job for CHILD_SA ESP/0xzzzzzzzz/yy.yy.yy.yy
> charon: 08[IKE] queueing CHILD_REKEY task
> ...
> charon: 08[ENC] generating CREATE_CHILD_SA request 0 [ N(REKEY_SA) SA No TSi TSr ]
> charon: 08[NET] sending packet: from 192.168.0.230[4500] to yy.yy.yy.yy[45075] (332 bytes)
> ...
> charon: 15[NET] received packet: from yy.yy.yy.yy[45075] to 192.168.0.230[4500] (76 bytes)
> charon: 15[ENC] parsed INFORMATIONAL request 2 [ D ]
> charon: 15[IKE] received DELETE for IKE_SA IPSec-IKEv2[1]
> charon: 15[IKE] deleting IKE_SA IPSec-IKEv2[1] between 192.168.0.230[hostname]…yy.yy.yy.yy[user at hostname]

Hm, that looks like the other peer doesn't like CHILD_SA rekeyings and
just deletes the whole IKE_SA if it receives one.  Please check the log
on the other end for details.  What implementation is running there?
Since you are the responder you might want to consider letting the
initiator rekey the connection (if it supports that) by setting `rekey=no`.

Regards,
Tobias



More information about the Users mailing list