[strongSwan] Tunnel with Cisco stuck but DPD seems to says it's all fine
Adam Cecile
acecile at le-vert.net
Tue Aug 20 15:18:29 CEST 2019
Hello,
According to what I see in tcpdump, packet are sent from the box running
Strongswan but never receive any response from the Cisco side.
In few words: "I cannot ping remote network, nor doing any other type of
calls"
Adam.
On 8/20/19 1:36 PM, Noel Kuntze wrote:
> Hello Adam,
>
>> Under heavy load, my site-to-site tunnel get stuck
> What do you mean with that? What exactly is the problem that occurs?
>
> Kind regards
>
> Noel
>
> Am 20.08.19 um 11:33 schrieb Adam Cecile:
>> Hello Strongswan people,
>>
>>
>> Under heavy load, my site-to-site tunnel get stuck but according to the log file (see attachment), DPD seems to say it's all good.
>>
>> Restarting ipsec service bring the tunnel back to life.
>>
>>
>> Aug 20 11:13:57 rtr ipsec[1223]: 15[NET] received packet: from 1.1.1.1[500] to 2.2.2.2[500] (92 bytes)
>> Aug 20 11:13:57 rtr ipsec[1223]: 15[ENC] parsed INFORMATIONAL_V1 request 4081866472 [ HASH N(DPD) ]
>> Aug 20 11:13:57 rtr ipsec[1223]: 15[IKE] queueing ISAKMP_DPD task
>> Aug 20 11:13:57 rtr ipsec[1223]: 15[IKE] activating new tasks
>> Aug 20 11:13:57 rtr ipsec[1223]: 15[IKE] activating ISAKMP_DPD task
>> Aug 20 11:13:57 rtr ipsec[1223]: 15[ENC] generating INFORMATIONAL_V1 request 518131961 [ HASH N(DPD_ACK) ]
>> Aug 20 11:14:49 rtr ipsec[1223]: 15[NET] sending packet: from 2.2.2.2[500] to 1.1.1.1[500] (92 bytes)
>> Aug 20 11:14:49 rtr ipsec[1223]: 15[IKE] activating new tasks
>> Aug 20 11:14:49 rtr ipsec[1223]: 15[IKE] nothing to initiate
>>
>>
>> Can you please help figure out what's going on ?
>>
>>
>> Thanks in advance,
>>
>> Best regards, Adam.
>>
More information about the Users
mailing list