Hi Tobias,
Am 14.07.2016 um 10:08 schrieb Tobias Brunner:
Hi Matthias,
I've peers where some (all, 2 of 8, etc.) tunnels get disconnected after
some time.
How? Is there a delete sent? If so, by whom?
Now I managed to get decent logs, and the remote site sends a disconnect.
2016-07-19 10:59:28 14[NET] <skste|25> received packet: from
1.2.3.4[500] to 5.6.7.8[500] (76 bytes)
2016-07-19 10:59:28 14[ENC] <skste|25> parsed INFORMATIONAL_V1 request
3728486586 [ HASH D ]
2016-07-19 10:59:28 14[IKE] <skste|25> received DELETE for ESP CHILD_SA
with SPI 1efa0295
2016-07-19 10:59:28 14[IKE] <skste|25> closing CHILD_SA skste{37} with
SPIs c385ec17_i (268 bytes) 1efa0295_o (1593 bytes) and TS
192.168.120.1/32 === 10.30.16.89/32
Is there a way to configure StrongSwan to keep all tunnel up all the
time without DPD?
auto=route is definitely the best way to ensure the tunnel is created
(or recreated) automatically and no plaintext traffic leaves the host.
I've tested this with one peer by now, and it seems to work.
Why does StrongSwan shut down tunnels?
Why do you think strongSwan does so? Did you check the logs for what's
actually going on?
Now I've seen in the logs that the remote site requested shut down.
Thanks for your help
cheers
Matthias
--
MHC SoftWare GmbH
Fichtera 17
96274 Itzgrund/Germany
voice: +49-(0)9533-92006-0
fax: +49-(0)9533-92006-6
e-mail: i...@mhcsoftware.de
HR Coburg: B2242
Geschaeftsfuehrer: Matthias Henze
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
