[strongSwan] Data transfer stops
Tobias Brunner
tobias at strongswan.org
Mon Aug 21 14:44:33 CEST 2017
Hi Yuri,
> I reproduced situation with our normal lifetimes
>
> ikelifetime=60m
> lifetime=20m
> margintime=3m
Something is just not right on your system(s) regarding the timings.
For instance, on the initiator, the CHILD_SA test1{4339} is established:
> Fri, 2017-08-18 13:44 15[IKE] <test1|1> CHILD_SA test1{4339} established with SPIs c0d6fa14_i c76d59f9_o and TS 10.0.0.1/32 192.168.22.0/24 === 10.0.1.1/32 192.168.23.0/24
And then the rekeying is triggered pretty much instantly:
> Fri, 2017-08-18 13:44 05[KNL] creating rekey job for CHILD_SA ESP/0xc76d59f9/10.76.7.129
> ...
> Fri, 2017-08-18 13:44 10[CHD] <test1|1> CHILD_SA test1{4339} state change: INSTALLED => REKEYING
So it seems something is either not configured properly, or there is a
problem with the time functions used here (in the kernel or userland).
Maybe an issue with your ancient kernel (2.6.54)?
Regards,
Tobias
More information about the Users
mailing list