[strongSwan] Tunnel with Cisco stuck but DPD seems to says it's all fine

Adam Cecile acecile at le-vert.net
Tue Aug 20 11:33:00 CEST 2019


Hello Strongswan people,


Under heavy load, my site-to-site tunnel get stuck but according to the 
log file (see attachment), DPD seems to say it's all good.

Restarting ipsec service bring the tunnel back to life.


Aug 20 11:13:57 rtr ipsec[1223]: 15[NET] received packet: from 
1.1.1.1[500] to 2.2.2.2[500] (92 bytes)
Aug 20 11:13:57 rtr ipsec[1223]: 15[ENC] parsed INFORMATIONAL_V1 request 
4081866472 [ HASH N(DPD) ]
Aug 20 11:13:57 rtr ipsec[1223]: 15[IKE] queueing ISAKMP_DPD task
Aug 20 11:13:57 rtr ipsec[1223]: 15[IKE] activating new tasks
Aug 20 11:13:57 rtr ipsec[1223]: 15[IKE]   activating ISAKMP_DPD task
Aug 20 11:13:57 rtr ipsec[1223]: 15[ENC] generating INFORMATIONAL_V1 
request 518131961 [ HASH N(DPD_ACK) ]
Aug 20 11:14:49 rtr ipsec[1223]: 15[NET] sending packet: from 
2.2.2.2[500] to 1.1.1.1[500] (92 bytes)
Aug 20 11:14:49 rtr ipsec[1223]: 15[IKE] activating new tasks
Aug 20 11:14:49 rtr ipsec[1223]: 15[IKE] nothing to initiate


Can you please help figure out what's going on ?


Thanks in advance,

Best regards, Adam.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: strongswan.log
Type: text/x-log
Size: 25749 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190820/a6b30f66/attachment.bin>


More information about the Users mailing list