[strongSwan] Frequent childsa close and open

Jafar Al-Gharaibeh jafar at atcorp.com
Thu Aug 15 20:23:09 CEST 2019 

You haven't shared any configuration to tell but we have seen this
behavior over and over again. Check

https://wiki.strongswan.org/issues/2636

Probably  your issue is the same and the solution is explained on the
same page.

--Jafar


On 8/15/19 11:29 AM, Naveen Neelakanta wrote:
> Hi 
>
> I am seeing this continuous close and create for the childsa. My logs
> are overrun, any clue on what might cause this and any way to prevent
> this from happening?.
>
>
> 2019-08-11T05:43:45.275Z inf charon local1         @dGzD9B
> text:14[IKE] <sl3|5792> CHILD_SA sl3childsa{300113} established with
> SPIs a4efb19d_i 094e6541_o and TS 0.0.0.0/0 <http://0.0.0.0/0> ===
> 0.0.0.0/0 <http://0.0.0.0/0>
> 2019-08-11T05:43:45.526Z inf charon local1         @9xFYmB
> text:07[IKE] <sl3|5792> closing CHILD_SA sl3childsa{300112} with SPIs
> 925920ac_i (40 bytes) 0c3067c2_o (40 bytes) and TS 0.0.0.0/0
> <http://0.0.0.0/0> === 0.0.0.0/0 <http://0.0.0.0/0>
> 2019-08-11T05:43:45.577Z inf charon local1         @cxVdKB
> text:08[IKE] <sl3|5792> CHILD_SA sl3childsa{300114} established with
> SPIs 9fb40275_i 08aab039_o and TS 0.0.0.0/0 <http://0.0.0.0/0> ===
> 0.0.0.0/0 <http://0.0.0.0/0>
> 2019-08-11T05:43:45.768Z inf charon local1         @Or8ri text:12[IKE]
> <sl3|5792> closing CHILD_SA sl3childsa{300113} with SPIs a4efb19d_i
> (118 bytes) 094e6541_o (80 bytes) and TS 0.0.0.0/0 <http://0.0.0.0/0>
> === 0.0.0.0/0 <http://0.0.0.0/0>
> 2019-08-11T05:43:45.819Z inf charon local1         @rzhCjC
> text:07[IKE] <sl3|5792> CHILD_SA sl3childsa{300115} established with
> SPIs 9c191940_i 09933911_o and TS 0.0.0.0/0 <http://0.0.0.0/0> ===
> 0.0.0.0/0 <http://0.0.0.0/0>
> 2019-08-11T05:43:46.173Z inf charon local1         @7Mh7WB
> text:11[IKE] <sl3|5792> closing CHILD_SA sl3childsa{300114} with SPIs
> 9fb40275_i (166 bytes) 08aab039_o (80 bytes) and TS 0.0.0.0/0
> <http://0.0.0.0/0> === 0.0.0.0/0 <http://0.0.0.0/0>
> 2019-08-11T05:43:46.219Z inf charon local1         @8aPAC text:06[IKE]
> <sl3|5792> CHILD_SA sl3childsa{300116} established with SPIs
> 92827d7f_i 0aa37fd0_o and TS 0.0.0.0/0 <http://0.0.0.0/0> ===
> 0.0.0.0/0 <http://0.0.0.0/0>
> 2019-08-11T05:43:46.340Z inf charon local1         @v3IcGD
> text:13[IKE] <sl3|5792> closing CHILD_SA sl3childsa{300115} with SPIs
> 9c191940_i (269 bytes) 09933911_o (1882 bytes) and TS 0.0.0.0/0
> <http://0.0.0.0/0> === 0.0.0.0/0 <http://0.0.0.0/0>
> 2019-08-11T05:43:46.398Z inf charon local1         @lkT2O text:14[IKE]
> <sl3|5792> CHILD_SA sl3childsa{300117} established with SPIs
> 7cd063e0_i 002cea3f_o and TS 0.0.0.0/0 <http://0.0.0.0/0> ===
> 0.0.0.0/0 <http://0.0.0.0/0>
> 2019-08-11T05:43:46.522Z inf charon local1         @SZB5P text:06[IKE]
> <sl3|5792> closing CHILD_SA sl3childsa{300116} with SPIs 92827d7f_i
> (309 bytes) 0aa37fd0_o (1815 bytes) and TS 0.0.0.0/0
> <http://0.0.0.0/0> === 0.0.0.0/0 <http://0.0.0.0/0>
> 2019-08-11T05:43:46.571Z inf charon local1         @4hJI2C
> text:07[IKE] <sl3|5792> CHILD_SA sl3childsa{300118} established with
> SPIs 814927ac_i 06c97028_o and TS 0.0.0.0/0 <http://0.0.0.0/0> ===
> 0.0.0.0/0 <http://0.0.0.0/0>
> 2019-08-11T05:43:47.177Z inf charon local1         @P0vCN text:14[IKE]
> <sl3|5792> closing CHILD_SA sl3childsa{300117} with SPIs 7cd063e0_i
> (113 bytes) 002cea3f_o (80 bytes) and TS 0.0.0.0/0 <http://0.0.0.0/0>
> === 0.0.0.0/0 <http://0.0.0.0/0>
> 2019-08-11T05:43:47.225Z inf charon local1         @l7zl7B
> text:12[IKE] <sl3|5792> CHILD_SA sl3childsa{300119} established with
> SPIs 8469ef1d_i 0faab34b_o and TS 0.0.0.0/0 <http://0.0.0.0/0> ===
> 0.0.0.0/0 <http://0.0.0.0/0>
> 2019-08-11T05:43:47.350Z inf charon local1         @nS9xmC
> text:06[IKE] <sl3|5792> closing CHILD_SA sl3childsa{300118} with SPIs
> 814927ac_i (309 bytes) 06c97028_o (1378 bytes) and TS 0.0.0.0/0
> <http://0.0.0.0/0> === 0.0.0.0/0 <http://0.0.0.0/0>
> 2019-08-11T05:43:47.401Z inf charon local1         @13NLhB
> text:09[IKE] <sl3|5792> CHILD_SA sl3childsa{300120} established with
> SPIs a0a0820d_i 09e1ebf5_o and TS 0.0.0.0/0 <http://0.0.0.0/0> ===
> 0.0.0.0/0 <http://0.0.0.0/0>
> 2019-08-11T05:43:47.951Z inf charon local1         @pGxtx text:14[IKE]
> <sl3|5792> closing CHILD_SA sl3childsa{300119} with SPIs 8469ef1d_i
> (453 bytes) 0faab34b_o (386 bytes) and TS 0.0.0.0/0 <http://0.0.0.0/0>
> === 0.0.0.0/0 <http://0.0.0.0/0>
> 2019-08-11T05:43:47.998Z inf charon local1         @PwvBS text:07[IKE]
> <sl3|5792> CHILD_SA sl3childsa{300121} established with SPIs
> 6b54047d_i 0195131c_o and TS 0.0.0.0/0 <http://0.0.0.0/0> ===
> 0.0.0.0/0 <http://0.0.0.0/0>
> 2019-08-11T05:43:48.119Z inf charon local1         @vU02x text:11[IKE]
> <sl3|5792> closing CHILD_SA sl3childsa{300120} with SPIs a0a0820d_i
> (72 bytes) 09e1ebf5_o (488 bytes) and TS 0.0.0.0/0 <http://0.0.0.0/0>
> === 0.0.0.0/0 <http://0.0.0.0/0>
> 2019-08-11T05:43:48.167Z inf charon local1         @statc text:12[IKE]
> <sl3|5792> CHILD_SA sl3childsa{300122} established with SPIs
> 7f4a4ad2_i 0f4abf4d_o and TS 0.0.0.0/0 <http://0.0.0.0/0> ===
> 0.0.0.0/0 <http://0.0.0.0/0>
> 2019-08-11T05:43:48.736Z inf charon local1         @9uAQz text:16[IKE]
> <sl3|5792> closing CHILD_SA sl3childsa{300121} with SPIs 6b54047d_i
> (76 bytes) 0195131c_o (40 bytes) and TS 0.0.0.0/0 <http://0.0.0.0/0>
> === 0.0.0.0/0 <http://0.0.0.0/0>
> 2019-08-11T05:43:48.786Z inf charon local1         @xQ7RwD
> text:09[IKE] <sl3|5792> CHILD_SA sl3childsa{300123} established with
> SPIs 84f46abf_i 0357fe8e_o and TS 0.0.0.0/0 <http://0.0.0.0/0> ===
> 0.0.0.0/0 <http://0.0.0.0/0>
> 2019-08-11T05:43:49.080Z inf charon local1         @xFhBM text:11[IKE]
> <sl3|5792> closing CHILD_SA sl3childsa{300122} with SPIs 7f4a4ad2_i
> (40 bytes) 0f4abf4d_o (40 bytes) and TS 0.0.0.0/0 <http://0.0.0.0/0>
> === 0.0.0.0/0 <http://0.0.0.0/0>
> 2019-08-11T05:43:49.127Z inf charon local1         @2uGYbD
> text:05[IKE] <sl3|5792> CHILD_SA sl3childsa{300124} established with
> SPIs 6ce77105_i 02c2e8e9_o and TS 0.0.0.0/0 <http://0.0.0.0/0> ===
> 0.0.0.0/0 <http://0.0.0.0/0>
> 2019-08-11T05:43:50.131Z inf charon local1         @rV0kPC
> text:14[IKE] <sl3|5792> closing CHILD_SA sl3childsa{300123} with SPIs
> 84f46abf_i (167 bytes) 0357fe8e_o (154 bytes) and TS 0.0.0.0/0
> <http://0.0.0.0/0> === 0.0.0.0/0 <http://0.0.0.0/0>
>
>
> There where multiple childsa session up when is issue the command
> ipsec statusall
>
> Security Associations (5 up, 0 connecting):
>          sl3[6271]: ESTABLISHED 13 minutes ago,
> 12.106.228.130[15649831767440254_1146 at naveen]...104.129.196.33[104.129.196.33]
>          sl3[6271]: IKEv1 SPIs: 5db65fe91de02e3c_i*
> ab821bd1aa0aa87f_r, rekeying in 23 hours
>          sl3[6271]: IKE proposal:
> AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
>   sl3childsa{300743}:  INSTALLED, TUNNEL, reqid 5969, ESP SPIs:
> 95e36438_i 0262bc4c_o
>   sl3childsa{300743}:  NULL/HMAC_MD5_96, 25007561 bytes_i, 15656981
> bytes_o (38921 pkts, 1s ago), rekeying in 7 hours
>   sl3childsa{300743}:   0.0.0.0/0 <http://0.0.0.0/0> === 0.0.0.0/0
> <http://0.0.0.0/0>
>          sl3[6270]: ESTABLISHED 13 minutes ago,
> 12.106.228.130[15649831767440254_1146 at naveen]...104.129.196.33[104.129.196.33]
>          sl3[6270]: IKEv1 SPIs: 7e711527dbc9b5b9_i*
> 0d192df60de9451c_r, rekeying in 22 hours
>          sl3[6270]: IKE proposal:
> AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
>   sl3childsa{300741}:  INSTALLED, TUNNEL, reqid 5969, ESP SPIs:
> ae5ec511_i 002d5ecd_o
>   sl3childsa{300741}:  NULL/HMAC_MD5_96, 120 bytes_i, 135 bytes_o (2
> pkts, 780s ago), rekeying in 7 hours
>   sl3childsa{300741}:   0.0.0.0/0 <http://0.0.0.0/0> === 0.0.0.0/0
> <http://0.0.0.0/0>
>   sl3childsa{300742}:  INSTALLED, TUNNEL, reqid 5969, ESP SPIs:
> 6c0a74ff_i 0c863034_o
>   sl3childsa{300742}:  NULL/HMAC_MD5_96, 0 bytes_i, 60 bytes_o (1 pkt,
> 780s ago), rekeying in 7 hours
>   sl3childsa{300742}:   0.0.0.0/0 <http://0.0.0.0/0> === 0.0.0.0/0
> <http://0.0.0.0/0>
>          sl3[6269]: ESTABLISHED 13 minutes ago,
> 12.106.228.130[15649831767440254_1146 at naveen]...104.129.196.33[104.129.196.33]
>          sl3[6269]: IKEv1 SPIs: 80e2c60f6de350c6_i*
> 4360522f2aa976a9_r, rekeying in 22 hours
>          sl3[6269]: IKE proposal:
> AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
>   sl3childsa{300740}:  INSTALLED, TUNNEL, reqid 5969, ESP SPIs:
> 70f10ba6_i 0ca6520c_o
>   sl3childsa{300740}:  NULL/HMAC_MD5_96, 0 bytes_i, 0 bytes_o,
> rekeying in 7 hours
>   sl3childsa{300740}:   0.0.0.0/0 <http://0.0.0.0/0> === 0.0.0.0/0
> <http://0.0.0.0/0>
>
> Thanks,
> Naveen
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190815/988dd662/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4770 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190815/988dd662/attachment-0001.bin>

More information about the Users mailing list