[strongSwan] ipsec statusall: missing number of packets output

Marco Berizzi pupilla at hotmail.com
Fri May 25 11:22:46 CEST 2018

Hi Tobias,

> The number of packets is printed if a last use time can be determined
> via the respective policy.

thanks for the explanation. Indeed that policy was problematic:
packets were going out, but not viceversa.
After an "ipsec down child_sa" and "ipsec up child_sa" traffic
was full duplex again. But I need to understand why this is
happening. This is an ikev2 tunnel to a CrapPoint R77.30:
every few days this problem is popping up.

> Check the log for errors regarding querying
> the inbound policy (you could increase the log level for knl to see a
> bit more about the interaction with the kernel).

this is my log configuration:

        stderr {
            # more detailed loglevel for a specific subsystem, overriding the
            # default loglevel.
            ike = 2
            knl = 3

is it enough knl = 3 ?

More information about the Users mailing list