[strongSwan] Tunnel with Cisco stuck but DPD seems to says it's all fine

[Noel Kuntze]

Hello Adam,

> Under heavy load, my site-to-site tunnel get stuck

What do you mean with that? What exactly is the problem that occurs?

Kind regards

Noel

Am 20.08.19 um 11:33 schrieb Adam Cecile:
> Hello Strongswan people,
>
>
> Under heavy load, my site-to-site tunnel get stuck but according to the log file (see attachment), DPD seems to say it's all good.
>
> Restarting ipsec service bring the tunnel back to life.
>
>
> Aug 20 11:13:57 rtr ipsec[1223]: 15[NET] received packet: from 1.1.1.1[500] to 2.2.2.2[500] (92 bytes)
> Aug 20 11:13:57 rtr ipsec[1223]: 15[ENC] parsed INFORMATIONAL_V1 request 4081866472 [ HASH N(DPD) ]
> Aug 20 11:13:57 rtr ipsec[1223]: 15[IKE] queueing ISAKMP_DPD task
> Aug 20 11:13:57 rtr ipsec[1223]: 15[IKE] activating new tasks
> Aug 20 11:13:57 rtr ipsec[1223]: 15[IKE]   activating ISAKMP_DPD task
> Aug 20 11:13:57 rtr ipsec[1223]: 15[ENC] generating INFORMATIONAL_V1 request 518131961 [ HASH N(DPD_ACK) ]
> Aug 20 11:14:49 rtr ipsec[1223]: 15[NET] sending packet: from 2.2.2.2[500] to 1.1.1.1[500] (92 bytes)
> Aug 20 11:14:49 rtr ipsec[1223]: 15[IKE] activating new tasks
> Aug 20 11:14:49 rtr ipsec[1223]: 15[IKE] nothing to initiate
>
>
> Can you please help figure out what's going on ?
>
>
> Thanks in advance,
>
> Best regards, Adam.
>

-- 
Noel Kuntze
IT security consultant

GPG Key ID: 0x0739AD6C
Fingerprint: 3524 93BE B5F7 8E63 1372 AF2D F54E E40B 0739 AD6C


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190820/687893c1/attachment.sig>