[strongSwan] Strongswan connects, but times out immediately and passes no traffic

Alexander Hill alex at hill.net.au
Wed Jan 25 11:57:21 CET 2017


Hi Tobias, thanks for your advice.

I don't think anything's wrong with my configuration because this worked
fine before and after this incident, and also on many other devices with
the same configuration.

I'll have to wait until next time this happens to do any traffic analysis -
I already restarted the problem client.

The exact point that traffic stopped flowing also seemed to differ between
connection attempts, but auth and address assignment always succeeded.

So what I'm looking for is a problem that
a) happens while a system is running, possibly as a result of interface ups
or downs
b) doesn't affect normal network traffic
c) doesn't affect strongswan auth but does affect subsequent traffic
d) is not fixed by an IPsec restart but is fixed by a reboot

Until next time...

Alex
On Wed, 25 Jan 2017 at 6:37 pm, Tobias Brunner <tobias at strongswan.org>
wrote:

> Hi Alexander,
>
> > I've attached a chunk of the log which hopefully shows what was
> happening.
>
> It shows that DPDs do not get through in one direction (response from
> the peer).  So maybe other traffic in that direction is also affected.
> You also seem to use an IP from the remote subnet inside the tunnel so
> maybe that is a problem too (see [1]), but this should not affect IKE
> traffic.  Try to check with e.g. tcpdump/Wireshark how traffic flows and
> where it might get dropped.
>
> Regards,
> Tobias
>
> [1]
>
> https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170125/9eac38fb/attachment-0001.html>


More information about the Users mailing list