[strongSwan] Strongswan connects, but times out immediately and passes no traffic
Alexander Hill
alex at hill.net.au
Wed Jan 25 11:57:21 CET 2017
Hi Tobias, thanks for your advice.
I don't think anything's wrong with my configuration because this worked
fine before and after this incident, and also on many other devices with
the same configuration.
I'll have to wait until next time this happens to do any traffic analysis -
I already restarted the problem client.
The exact point that traffic stopped flowing also seemed to differ between
connection attempts, but auth and address assignment always succeeded.
So what I'm looking for is a problem that
a) happens while a system is running, possibly as a result of interface ups
or downs
b) doesn't affect normal network traffic
c) doesn't affect strongswan auth but does affect subsequent traffic
d) is not fixed by an IPsec restart but is fixed by a reboot
Until next time...
Alex
On Wed, 25 Jan 2017 at 6:37 pm, Tobias Brunner <tobias at strongswan.org>
wrote:
> Hi Alexander,
>
> > I've attached a chunk of the log which hopefully shows what was
> happening.
>
> It shows that DPDs do not get through in one direction (response from
> the peer). So maybe other traffic in that direction is also affected.
> You also seem to use an IP from the remote subnet inside the tunnel so
> maybe that is a problem too (see [1]), but this should not affect IKE
> traffic. Try to check with e.g. tcpdump/Wireshark how traffic flows and
> where it might get dropped.
>
> Regards,
> Tobias
>
> [1]
>
> https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170125/9eac38fb/attachment-0001.html>
More information about the Users
mailing list