[strongSwan] Keeps building connections (2 up, 670 connecting)
strongswan.org at it-beheer.eu
strongswan.org at it-beheer.eu
Wed Nov 18 11:46:46 CET 2020
Good morning all,
I have a Ubuntu server 20.04 with two Strongswan connections. One is
fine and up all the time. The second is a copy of the first config with
other IP addresses and an other secret and is all the time connecting
even it has already established one connection working. Found one person
that had something similar witch had something to do with set dpdaction
and closeaction but after a few tries didn't get result and bringing
down the connection all the time gave to much interruptions for the
client. So basically i have a working connection and only get
interruptions when it is being reestablished.
Hope someone can tell me what i am doing wrong or if this is a problem
at the other end or can me give me some pointers to debugging.
===== Conn1 ====
conn Conn1
left=31.3.111.111
right=77.94.111.111
leftsubnet=10.33.3.0/24
rightsubnet=172.31.1.0/24
ike=aes256-sha1-modp1024
keyexchange=ikev2
reauth=no
ikelifetime=86400s
compress=no
authby=secret
esp=aes256-sha1-modp1024
type=tunnel
auto=start
keyingtries=%forever
dpdaction=restart
closeaction=restart
===== ipsec.secrects =====
# This file holds shared secrets or RSA private keys for authentication.
# RSA private key for this host, authenticating it to any other host
# which knows the public part.
%any 77.94.111.111 : PSK "<sec1>"
%any 90.145.222.222 : PSK "<sec2>"
Output from /sudo ipsec status
=========================/
Security Associations (2 up, 670 connecting):
Conn1[2466]: ESTABLISHED 16 minutes ago,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]
Conn1{5461231}: INSTALLED, TUNNEL, reqid 637, ESP SPIs: c1f5asdf_i
725asdf_o
Conn1{5461231}: 10.33.3.0/24 === 172.31.1.0/24
Conn1[2464]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]
Conn1[2460]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]
Conn1[2457]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]
Conn1[2455]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]
OtherConnection[2454]: ESTABLISHED 6 hours ago,
31.3.111.111[31.3.111.111]...90.145.222.222[90.145.222.222]
OtherConnection{5459235}: INSTALLED, TUNNEL, reqid 634, ESP SPIs:
c38asdff_i c919asdf_o
OtherConnection{5459235}: 10.33.3.0/24 === 100.222.222.0/21
Conn1[2451]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]
Conn1[2447]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]
Conn1[2440]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]
Conn1[2439]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]
Conn1[2437]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]
Conn1[2434]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]
Conn1[2432]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]
Conn1[2430]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]
Conn1[2429]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]
Conn1[2426]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]
Conn1[2425]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]
Conn1[2422]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]
Conn1[2421]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]
Conn1[2418]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]
Conn1[2412]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]
Conn1[2411]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]
Conn1[2409]: CONNECTING,
31.3.111.111[31.3.111.111]...77.94.111.111[77.94.111.111]
============================
--
Met vriendelijke groet,
Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20201118/8453ede4/attachment.html>
More information about the Users
mailing list