[strongSwan] Retry after failure

noel.kuntze+strongswan-users-ml at thermi.consulting noel.kuntze+strongswan-users-ml at thermi.consulting
Sun Oct 11 20:34:50 CEST 2020 

keyingtries

Am October 11, 2020 4:56:59 PM UTC schrieb Volodymyr Litovka <doka.ua at gmx.com>:
>Colleagues,
>
>how to configure strongSwan to continuously try to reconnect in case of
>network failure?
>
>My current settings are:
>
>charon {
>     close_ike_on_child_failure = yes
>     retry_initiate_interval = 30
>     retransmit_base = 1.2
>     retransmit_limit = 30
>     retransmit_timeout = 2
>     retransmit_tries = 3
>}
>
>and, in case of network failure, strongSwan behaves in the following
>way
>- it tries to reestablish connection 3 times and then finally gives up:
>
>16:34:28 2020 daemon.info : 07[IKE] sending DPD request
>16:34:28 2020 daemon.info : 07[ENC] generating INFORMATIONAL request 2
>[ N(NATD_S_IP) N(NATD_D_IP) ]
>16:34:28 2020 daemon.info : 07[NET] sending packet: from
>192.168.2.212[4500] to xx.xx.xx.xx[4500] (113 bytes)
>16:34:30 2020 daemon.info : 08[IKE] retransmit 1 of request with
>message ID 2
>16:34:30 2020 daemon.info : 08[NET] sending packet: from
>192.168.2.212[4500] to xx.xx.xx.xx[4500] (113 bytes)
>16:34:32 2020 daemon.info : 09[IKE] retransmit 2 of request with
>message ID 2
>16:34:32 2020 daemon.info : 09[NET] sending packet: from
>192.168.2.212[4500] to xx.xx.xx.xx[4500] (113 bytes)
>16:34:35 2020 daemon.info : 10[IKE] retransmit 3 of request with
>message ID 2
>16:34:35 2020 daemon.info : 10[NET] sending packet: from
>192.168.2.212[4500] to xx.xx.xx.xx[4500] (113 bytes)
>16:34:39 2020 daemon.info : 11[IKE] giving up after 3 retransmits
>16:34:39 2020 daemon.info : 11[IKE] restarting CHILD_SA rc
>16:34:39 2020 daemon.info : 11[IKE] initiating IKE_SA rc[2] to
>xx.xx.xx.xx
>16:34:39 2020 daemon.info : 11[ENC] generating IKE_SA_INIT request 0 [
>SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP)
>]
>16:34:39 2020 daemon.info : 11[NET] sending packet: from
>192.168.2.212[500] to xx.xx.xx.xx[500] (1084 bytes)
>16:34:39 2020 daemon.info : 11[CHD] updown: Processing ''
>16:34:41 2020 daemon.info : 13[IKE] retransmit 1 of request with
>message ID 0
>16:34:41 2020 daemon.info : 13[NET] sending packet: from
>192.168.2.212[500] to xx.xx.xx.xx[500] (1084 bytes)
>16:34:43 2020 daemon.info : 14[IKE] retransmit 2 of request with
>message ID 0
>16:34:43 2020 daemon.info : 14[NET] sending packet: from
>192.168.2.212[500] to xx.xx.xx.xx[500] (1084 bytes)
>16:34:46 2020 daemon.info : 15[IKE] retransmit 3 of request with
>message ID 0
>16:34:46 2020 daemon.info : 15[NET] sending packet: from
>192.168.2.212[500] to xx.xx.xx.xx[500] (1084 bytes)
>16:34:49 2020 daemon.info : 16[IKE] giving up after 3 retransmits
>16:34:49 2020 daemon.info : 16[IKE] peer not responding, trying again
>(2/3)
>16:34:49 2020 daemon.info : 16[IKE] initiating IKE_SA rc[2] to
>xx.xx.xx.xx
>16:34:49 2020 daemon.info : 16[ENC] generating IKE_SA_INIT request 0 [
>SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP)
>]
>16:34:49 2020 daemon.info : 16[NET] sending packet: from
>192.168.2.212[500] to xx.xx.xx.xx[500] (1084 bytes)
>16:34:51 2020 daemon.info : 05[IKE] retransmit 1 of request with
>message ID 0
>16:34:51 2020 daemon.info : 05[NET] sending packet: from
>192.168.2.212[500] to xx.xx.xx.xx[500] (1084 bytes)
>16:34:54 2020 daemon.info : 08[IKE] retransmit 2 of request with
>message ID 0
>16:34:54 2020 daemon.info : 08[NET] sending packet: from
>192.168.2.212[500] to xx.xx.xx.xx[500] (1084 bytes)
>16:34:57 2020 daemon.info : 09[IKE] retransmit 3 of request with
>message ID 0
>16:34:57 2020 daemon.info : 09[NET] sending packet: from
>192.168.2.212[500] to xx.xx.xx.xx[500] (1084 bytes)
>16:35:00 2020 daemon.info : 06[IKE] giving up after 3 retransmits
>16:35:00 2020 daemon.info : 06[IKE] peer not responding, trying again
>(3/3)
>16:35:00 2020 daemon.info : 06[IKE] initiating IKE_SA rc[2] to
>xx.xx.xx.xx
>16:35:00 2020 daemon.info : 06[ENC] generating IKE_SA_INIT request 0 [
>SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP)
>]
>16:35:00 2020 daemon.info : 06[NET] sending packet: from
>192.168.2.212[500] to xx.xx.xx.xx[500] (1084 bytes)
>16:35:02 2020 daemon.info : 10[IKE] retransmit 1 of request with
>message ID 0
>16:35:02 2020 daemon.info : 10[NET] sending packet: from
>192.168.2.212[500] to xx.xx.xx.xx[500] (1084 bytes)
>16:35:05 2020 daemon.info : 11[IKE] retransmit 2 of request with
>message ID 0
>16:35:05 2020 daemon.info : 11[NET] sending packet: from
>192.168.2.212[500] to xx.xx.xx.xx[500] (1084 bytes)
>16:35:07 2020 daemon.info : 13[IKE] retransmit 3 of request with
>message ID 0
>16:35:07 2020 daemon.info : 13[NET] sending packet: from
>192.168.2.212[500] to xx.xx.xx.xx[500] (1084 bytes)
>16:35:11 2020 daemon.info : 12[IKE] giving up after 3 retransmits
>16:35:11 2020 daemon.info : 12[IKE] establishing IKE_SA failed, peer
>not responding
>
>Is there way to make it try continuously in order to establish
>connection as soon as network will be available again?
>
>In case it's essential, my environment is:
>
>- OS: OpenWRT 19.07.3
>- strongSwan: 5.8.2 (5.8.2_2)
>
>Thank you.
>
>
>--
>Volodymyr Litovka
>   "Vision without Execution is Hallucination." -- Thomas Edison

Sent from mobile
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20201011/9212c9b5/attachment.html>

More information about the Users mailing list