[strongSwan] Intermittent drop-out of VPN connection

Noel Kuntze noel.kuntze at thermi.consulting
Sat Oct 17 15:35:07 CEST 2020


Configure your own side with lower reauth and rekey times than the other peer.
Currently the other peer tries to reauth which fails because you're using the insecure aggressive mode. strongSwan by default rejects other peers' authentication requests if they're using aggressive mode.
A reauthentication is basically creating a new IKE_SA from scratch, so that behavior applies.

Just configure your client with lower rekey and reauth times. That's simpler than globally enabling aggressive mode.

Kind regards


Am October 16, 2020 11:09:29 AM UTC schrieb Chris Smith <space.dandy at icloud.com>:
>[re-sending with trimmed down charon.log to fit mailing list size
>I have a VPN connection which is generally stable, but occasionally
>(2-3 times per day) will drop out for a short period after what seems
>to be some disagreement between client and server.  The logs attached
>show an example of this, where the connection fails around 18:24:35 and
>is restored around a minute later.
>I’m using strongSwan 5.7.2 on the client.  I have no information or
>control over what is running on the server.
>I’d be grateful for any clues as to exactly what is happening and how
>to correct it.
>>Chris Smith <space.dandy at icloud.com>

Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20201017/84b0e52d/attachment.html>

More information about the Users mailing list