[strongSwan] ipsec statusall: missing number of packets output
Marco Berizzi
pupilla at hotmail.com
Fri May 25 11:22:46 CEST 2018
Hi Tobias,
> The number of packets is printed if a last use time can be determined
> via the respective policy.
thanks for the explanation. Indeed that policy was problematic:
packets were going out, but not viceversa.
After an "ipsec down child_sa" and "ipsec up child_sa" traffic
was full duplex again. But I need to understand why this is
happening. This is an ikev2 tunnel to a CrapPoint R77.30:
every few days this problem is popping up.
> Check the log for errors regarding querying
> the inbound policy (you could increase the log level for knl to see a
> bit more about the interaction with the kernel).
this is my log configuration:
stderr {
# more detailed loglevel for a specific subsystem, overriding the
# default loglevel.
ike = 2
knl = 3
}
is it enough knl = 3 ?
More information about the Users
mailing list