[strongSwan] remote initiating Main Mode IKE_SA in logging

Conor McMaugh conor at sensorlog.ie
Tue Feb 18 00:32:31 CET 2020


In a site to site VPN with both IKE_SA and CHILD_SAs established
I get the following squence of logging messages regularly occurring in
syslog (where xxx.xxx.xxx.xxx is the remote public ip address)

I'm unable to work out the meaning of them from the documentation.
Are these something to worry about?


Feb 17 23:11:52 ip-10-0-1-7 charon: 14[ENC] parsed ID_PROT request 0 [ SA V
]
Feb 17 23:11:52 ip-10-0-1-7 charon: 14[IKE] received DPD vendor ID
Feb 17 23:11:52 ip-10-0-1-7 charon: 14[IKE] xxx.xxx.xxx.xxx is initiating a
Main Mode IKE_SA
Feb 17 23:11:52 ip-10-0-1-7 charon: 14[ENC] generating ID_PROT response 0 [
SA V V ]
Feb 17 23:11:52 ip-10-0-1-7 charon: 14[NET] sending packet: from
10.0.1.7[500] to 85.205.30.143[500] (128 bytes)
Feb 17 23:11:57 ip-10-0-1-7 charon: 16[NET] received packet: from
xxx.xxx.xxx.xxx[500] to 10.0.1.7[500] (116 bytes)
Feb 17 23:11:57 ip-10-0-1-7 charon: 16[IKE] received retransmit of request
with ID 0, retransmitting response
Feb 17 23:11:57 ip-10-0-1-7 charon: 16[NET] sending packet: from
10.0.1.7[500] to xxx.xxx.xxx.xxx[500] (128 bytes)
Feb 17 23:12:07 ip-10-0-1-7 charon: 15[NET] received packet: from
xxx.xxx.xxx.xxx[500] to 10.0.1.7[500] (116 bytes)
Feb 17 23:12:07 ip-10-0-1-7 charon: 15[IKE] received retransmit of request
with ID 0, retransmitting response
Feb 17 23:12:07 ip-10-0-1-7 charon: 15[NET] sending packet: from
10.0.1.7[500] to xxx.xxx.xxx.xxx[500] (128 bytes)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200217/fd3cc4e3/attachment.html>


More information about the Users mailing list