[strongSwan] GRE over IPSec dual connections from road warriors strange behavior
Tobias Brunner
tobias at strongswan.org
Fri Apr 1 11:43:41 CEST 2022
Hi John,
> I have looked at the logs and they list only information about the IPSec tunnels(which
> typically work) and nothing about the GRE.
That's mainly because GRE tunnels, without key/seq, are basically
stateless (nothing is negotiated, if there are transmit errors you'd see
that only in the link/tunnel stats, if at all).
> The main issue is the IPSec tunnels come
> up fine but the GRE tunnels cannot send data. Either one or both GRE tunnels cannot send data.
You should check the traffic stats for the IPsec tunnels and GRE
interfaces (`ip -s ...`) to see what exactly is sent/received, if
possible also on the other end.
> The debug logs from the Cisco end show that the tunnels come up and are torn down by the
> strongswan end.
Due to DPD? Or what's the reason they are torn down?
> The dropped packets all happen at the RUT-950 end
How did you determine that?
Regards,
Tobias
More information about the Users
mailing list