[strongSwan] Strongswan Connection Drop after 60 Minutes
Godse, Vikram, Vodafone Group (External)
vikram.godse at vodafone.com
Tue Aug 18 18:43:12 CEST 2020
Hi Tobias,
Thanks for your reply. I guess it was related to inactivity at the Azure end. After an RDP session was established, the connection is now on for over 5 hours.
I did have a ping running from my end continuously to simulate some traffic, but that did not help.
Is there some config parameter to keep the session alive, Does it have to do with the "dpd_action=restart" what would "hold/clear" do.
Thanks & Regards,
VIkram
C2 General
-----Original Message-----
From: Tobias Brunner <tobias at strongswan.org>
Sent: 18 August 2020 15:44
To: Godse, Vikram, Vodafone Group (External) <vikram.godse at vodafone.com>; users at lists.strongswan.org
Subject: Re: [strongSwan] Strongswan Connection Drop after 60 Minutes
CYBER SECURITY WARNING: This email is from an external source - be careful of attachments and links. Please follow the Cyber Code and report suspicious emails.
Hi Vikram,
> The connection is established when the Strongswan service is started,
> but the connection drops approximately after 60 minutes.
That sounds like a rekeying issue (default CHILD_SA lifetime is 1h).
Possible culprits may be the DH groups in the ESP proposals if the peer doesn't expect a DH exchange there (even though you added the default proposal it might not be what the peer expects), see [1] for details.
Read the log to see what's actually going on.
Regards,
Tobias
[1] https://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey#IPsec
More information about the Users
mailing list