[strongSwan] infinite loop for ipsec up/down command

Marco Berizzi pupilla at hotmail.com
Mon Mar 26 09:34:19 CEST 2018


Marco Berizzi wrote:
 
Tobias Brunner wrote:
 
> Hi Marco,
>
> > I'm running strongswan 5.6.2 on Slackware linux 64 bit
>
> Check the current master.  It includes fixes for issues like these (see
> [1]).

Just for record: when I issue for the 2nd time the ipsec up command
strongswan will not loop anymore:

establishing CHILD_SA customer-10.14.143.0{3323}
generating CREATE_CHILD_SA request 2 [ SA No KE TSi TSr ]
sending packet: from 205.223.229.254[4500] to 193.104.231.4[4500] (320 bytes)
received packet: from 193.104.231.4[4500] to 205.223.229.254[4500] (80 bytes)
parsed CREATE_CHILD_SA response 2 [ N(INVAL_KE) ]
peer didn't accept DH group ECP_384, it requested ECP_384
establishing CHILD_SA customer-10.14.143.0{3324}
generating CREATE_CHILD_SA request 3 [ SA No KE TSi TSr ]
sending packet: from 205.223.229.254[4500] to 193.104.231.4[4500] (320 bytes)
received packet: from 193.104.231.4[4500] to 205.223.229.254[4500] (80 bytes)
parsed CREATE_CHILD_SA response 3 [ N(INVAL_KE) ]
already retried with DH group ECP_384, ignorerequested ECP_384
failed to establish CHILD_SA, keeping IKE_SA
^C

but I must press ^C to get again the bash prompt.


More information about the Users mailing list