[strongSwan] Frequent childsa close and open

Naveen Neelakanta naveen.b.neelakanta at gmail.com
Thu Aug 15 18:29:14 CEST 2019


Hi

I am seeing this continuous close and create for the childsa. My logs are
overrun, any clue on what might cause this and any way to prevent this from
happening?.


2019-08-11T05:43:45.275Z inf charon local1         @dGzD9B text:14[IKE]
<sl3|5792> CHILD_SA sl3childsa{300113} established with SPIs a4efb19d_i
094e6541_o and TS 0.0.0.0/0 === 0.0.0.0/0
2019-08-11T05:43:45.526Z inf charon local1         @9xFYmB text:07[IKE]
<sl3|5792> closing CHILD_SA sl3childsa{300112} with SPIs 925920ac_i (40
bytes) 0c3067c2_o (40 bytes) and TS 0.0.0.0/0 === 0.0.0.0/0
2019-08-11T05:43:45.577Z inf charon local1         @cxVdKB text:08[IKE]
<sl3|5792> CHILD_SA sl3childsa{300114} established with SPIs 9fb40275_i
08aab039_o and TS 0.0.0.0/0 === 0.0.0.0/0
2019-08-11T05:43:45.768Z inf charon local1         @Or8ri text:12[IKE]
<sl3|5792> closing CHILD_SA sl3childsa{300113} with SPIs a4efb19d_i (118
bytes) 094e6541_o (80 bytes) and TS 0.0.0.0/0 === 0.0.0.0/0
2019-08-11T05:43:45.819Z inf charon local1         @rzhCjC text:07[IKE]
<sl3|5792> CHILD_SA sl3childsa{300115} established with SPIs 9c191940_i
09933911_o and TS 0.0.0.0/0 === 0.0.0.0/0
2019-08-11T05:43:46.173Z inf charon local1         @7Mh7WB text:11[IKE]
<sl3|5792> closing CHILD_SA sl3childsa{300114} with SPIs 9fb40275_i (166
bytes) 08aab039_o (80 bytes) and TS 0.0.0.0/0 === 0.0.0.0/0
2019-08-11T05:43:46.219Z inf charon local1         @8aPAC text:06[IKE]
<sl3|5792> CHILD_SA sl3childsa{300116} established with SPIs 92827d7f_i
0aa37fd0_o and TS 0.0.0.0/0 === 0.0.0.0/0
2019-08-11T05:43:46.340Z inf charon local1         @v3IcGD text:13[IKE]
<sl3|5792> closing CHILD_SA sl3childsa{300115} with SPIs 9c191940_i (269
bytes) 09933911_o (1882 bytes) and TS 0.0.0.0/0 === 0.0.0.0/0
2019-08-11T05:43:46.398Z inf charon local1         @lkT2O text:14[IKE]
<sl3|5792> CHILD_SA sl3childsa{300117} established with SPIs 7cd063e0_i
002cea3f_o and TS 0.0.0.0/0 === 0.0.0.0/0
2019-08-11T05:43:46.522Z inf charon local1         @SZB5P text:06[IKE]
<sl3|5792> closing CHILD_SA sl3childsa{300116} with SPIs 92827d7f_i (309
bytes) 0aa37fd0_o (1815 bytes) and TS 0.0.0.0/0 === 0.0.0.0/0
2019-08-11T05:43:46.571Z inf charon local1         @4hJI2C text:07[IKE]
<sl3|5792> CHILD_SA sl3childsa{300118} established with SPIs 814927ac_i
06c97028_o and TS 0.0.0.0/0 === 0.0.0.0/0
2019-08-11T05:43:47.177Z inf charon local1         @P0vCN text:14[IKE]
<sl3|5792> closing CHILD_SA sl3childsa{300117} with SPIs 7cd063e0_i (113
bytes) 002cea3f_o (80 bytes) and TS 0.0.0.0/0 === 0.0.0.0/0
2019-08-11T05:43:47.225Z inf charon local1         @l7zl7B text:12[IKE]
<sl3|5792> CHILD_SA sl3childsa{300119} established with SPIs 8469ef1d_i
0faab34b_o and TS 0.0.0.0/0 === 0.0.0.0/0
2019-08-11T05:43:47.350Z inf charon local1         @nS9xmC text:06[IKE]
<sl3|5792> closing CHILD_SA sl3childsa{300118} with SPIs 814927ac_i (309
bytes) 06c97028_o (1378 bytes) and TS 0.0.0.0/0 === 0.0.0.0/0
2019-08-11T05:43:47.401Z inf charon local1         @13NLhB text:09[IKE]
<sl3|5792> CHILD_SA sl3childsa{300120} established with SPIs a0a0820d_i
09e1ebf5_o and TS 0.0.0.0/0 === 0.0.0.0/0
2019-08-11T05:43:47.951Z inf charon local1         @pGxtx text:14[IKE]
<sl3|5792> closing CHILD_SA sl3childsa{300119} with SPIs 8469ef1d_i (453
bytes) 0faab34b_o (386 bytes) and TS 0.0.0.0/0 === 0.0.0.0/0
2019-08-11T05:43:47.998Z inf charon local1         @PwvBS text:07[IKE]
<sl3|5792> CHILD_SA sl3childsa{300121} established with SPIs 6b54047d_i
0195131c_o and TS 0.0.0.0/0 === 0.0.0.0/0
2019-08-11T05:43:48.119Z inf charon local1         @vU02x text:11[IKE]
<sl3|5792> closing CHILD_SA sl3childsa{300120} with SPIs a0a0820d_i (72
bytes) 09e1ebf5_o (488 bytes) and TS 0.0.0.0/0 === 0.0.0.0/0
2019-08-11T05:43:48.167Z inf charon local1         @statc text:12[IKE]
<sl3|5792> CHILD_SA sl3childsa{300122} established with SPIs 7f4a4ad2_i
0f4abf4d_o and TS 0.0.0.0/0 === 0.0.0.0/0
2019-08-11T05:43:48.736Z inf charon local1         @9uAQz text:16[IKE]
<sl3|5792> closing CHILD_SA sl3childsa{300121} with SPIs 6b54047d_i (76
bytes) 0195131c_o (40 bytes) and TS 0.0.0.0/0 === 0.0.0.0/0
2019-08-11T05:43:48.786Z inf charon local1         @xQ7RwD text:09[IKE]
<sl3|5792> CHILD_SA sl3childsa{300123} established with SPIs 84f46abf_i
0357fe8e_o and TS 0.0.0.0/0 === 0.0.0.0/0
2019-08-11T05:43:49.080Z inf charon local1         @xFhBM text:11[IKE]
<sl3|5792> closing CHILD_SA sl3childsa{300122} with SPIs 7f4a4ad2_i (40
bytes) 0f4abf4d_o (40 bytes) and TS 0.0.0.0/0 === 0.0.0.0/0
2019-08-11T05:43:49.127Z inf charon local1         @2uGYbD text:05[IKE]
<sl3|5792> CHILD_SA sl3childsa{300124} established with SPIs 6ce77105_i
02c2e8e9_o and TS 0.0.0.0/0 === 0.0.0.0/0
2019-08-11T05:43:50.131Z inf charon local1         @rV0kPC text:14[IKE]
<sl3|5792> closing CHILD_SA sl3childsa{300123} with SPIs 84f46abf_i (167
bytes) 0357fe8e_o (154 bytes) and TS 0.0.0.0/0 === 0.0.0.0/0


There where multiple childsa session up when is issue the command ipsec
statusall

Security Associations (5 up, 0 connecting):
         sl3[6271]: ESTABLISHED 13 minutes ago,
12.106.228.130[15649831767440254_1146 at naveen
]...104.129.196.33[104.129.196.33]
         sl3[6271]: IKEv1 SPIs: 5db65fe91de02e3c_i* ab821bd1aa0aa87f_r,
rekeying in 23 hours
         sl3[6271]: IKE proposal:
AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
  sl3childsa{300743}:  INSTALLED, TUNNEL, reqid 5969, ESP SPIs: 95e36438_i
0262bc4c_o
  sl3childsa{300743}:  NULL/HMAC_MD5_96, 25007561 bytes_i, 15656981 bytes_o
(38921 pkts, 1s ago), rekeying in 7 hours
  sl3childsa{300743}:   0.0.0.0/0 === 0.0.0.0/0
         sl3[6270]: ESTABLISHED 13 minutes ago,
12.106.228.130[15649831767440254_1146 at naveen
]...104.129.196.33[104.129.196.33]
         sl3[6270]: IKEv1 SPIs: 7e711527dbc9b5b9_i* 0d192df60de9451c_r,
rekeying in 22 hours
         sl3[6270]: IKE proposal:
AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
  sl3childsa{300741}:  INSTALLED, TUNNEL, reqid 5969, ESP SPIs: ae5ec511_i
002d5ecd_o
  sl3childsa{300741}:  NULL/HMAC_MD5_96, 120 bytes_i, 135 bytes_o (2 pkts,
780s ago), rekeying in 7 hours
  sl3childsa{300741}:   0.0.0.0/0 === 0.0.0.0/0
  sl3childsa{300742}:  INSTALLED, TUNNEL, reqid 5969, ESP SPIs: 6c0a74ff_i
0c863034_o
  sl3childsa{300742}:  NULL/HMAC_MD5_96, 0 bytes_i, 60 bytes_o (1 pkt, 780s
ago), rekeying in 7 hours
  sl3childsa{300742}:   0.0.0.0/0 === 0.0.0.0/0
         sl3[6269]: ESTABLISHED 13 minutes ago,
12.106.228.130[15649831767440254_1146 at naveen
]...104.129.196.33[104.129.196.33]
         sl3[6269]: IKEv1 SPIs: 80e2c60f6de350c6_i* 4360522f2aa976a9_r,
rekeying in 22 hours
         sl3[6269]: IKE proposal:
AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
  sl3childsa{300740}:  INSTALLED, TUNNEL, reqid 5969, ESP SPIs: 70f10ba6_i
0ca6520c_o
  sl3childsa{300740}:  NULL/HMAC_MD5_96, 0 bytes_i, 0 bytes_o, rekeying in
7 hours
  sl3childsa{300740}:   0.0.0.0/0 === 0.0.0.0/0

Thanks,
Naveen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190815/637f9739/attachment.html>


More information about the Users mailing list