Actually, I might be ending here : https://wiki.strongswan.org/issues/2446
It looks really familiar.
Le 05/12/2017 à 16:26, Hoggins! a écrit :
> Hello Tobias,
>
> Le 05/12/2017 à 15:54, Tobias Brunner a écrit :
>> Using auto=start on both ends in combination with uniqueids=yes and
>> closeaction=r
Hello Tobias,
Le 05/12/2017 à 15:54, Tobias Brunner a écrit :
> Using auto=start on both ends in combination with uniqueids=yes and
> closeaction=restart is a bad idea. If a duplicate SA is created and
> that's detected and the duplicate is then closed this deletion will
> again trigger another S
Using auto=start on both ends in combination with uniqueids=yes and
closeaction=restart is a bad idea. If a duplicate SA is created and
that's detected and the duplicate is then closed this deletion will
again trigger another SA, causing another duplicate and so on.
Regards,
Tobias
Thank you Rajiv,
Unfortunately, this changed nothing. Now I have mobike=no on both sides,
and I still experience the same reconnection issues.
Le 05/12/2017 à 06:55, Rajiv Kulkarni a écrit :
> mobike=no is missing in node2...i think thats whats causing the
> rekeys/deletes...i may be wrong...but
So after a bit of configuration cleaning as suggested by Tobias, both
nodes have been restarted, and I still experience oddities.
The former "/bin/sh ipsec not found" error was due to an issue in the
lookup $PATH as my StrongSwan installation on NODE1 is in /usr/local.
Anyway, I just had to symlink
Hello Tobias,
Le 30/11/2017 à 18:16, Tobias Brunner a écrit :
> Hi,
>
> Combining reauthentication with closeaction=restart is a bad idea. Note
> that reauth=no does not disable reauthentication if the other peer has
> reauth=yes configured, see [1].
Yes, I removed the reauth=no option. It had b
Hi,
Combining reauthentication with closeaction=restart is a bad idea. Note
that reauth=no does not disable reauthentication if the other peer has
reauth=yes configured, see [1].
Regards,
Tobias
[1]
https://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey#IKEv2-Responder-Behavior
Hello Noel,
Thanks for these insights !
Le 28/11/2017 à 23:30, Noel Kuntze a écrit :
> Hi,
>
>> Nov 28 16:52:29 yomama charon: 06[KNL] creating delete job for
>> CHILD_SA ESP/0xc4bd0735/192.168.1.72
>> Nov 28 16:52:29 yomama charon: 06[JOB] CHILD_SA
>> ESP/0xc4bd0735/192.168.1.72
Hi,
> Nov 28 16:52:29 yomama charon: 06[KNL] creating delete job for
> CHILD_SA ESP/0xc4bd0735/192.168.1.72
> Nov 28 16:52:29 yomama charon: 06[JOB] CHILD_SA
> ESP/0xc4bd0735/192.168.1.72 not found for delete
Whatever causes these problems is your root cause and needs to be fixed.
Hello,
We're experiencing something new on our installation, and we can't
figure out why. Here's the thing : we have NODE 1 and NODE 2
establishing tunnels (ipsec.conf follows), all working well. Except
every rekeying/reauth, we now lose packets.
Why now ? Well, we have restarted NODE 1, changing
10 matches
Mail list logo