Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
My StrongSwan ipsec tunnel disconnects and doesn't reconnect.
I can't find out why it doesn't hold the connection forever or at least tries to reconnect.
If I restart ipsec it connects, but after some hours it's down again.
According to ipsec status it doesn't even try to connect.
I thought
auto=start would make it connect and
dpdaction=restart would make it reconnect.
If I start the connection with "ipsec add" it works immediately.
Code:
root@TDTErsatz:/home/katrin# ipsec status
Security Associations (0 up, 0 connecting):
none
There ought to be something in there now – or, if you're using logrotate, in one of the recent compressed log-files.
grep -i swan might be your best friend to look for the presence of messages that might be relevant. If any daemon "dropped a connection," it should have said something somewhere.
I don't know if Swan keeps its own log-files somewhere else (undoubtedly in /var/log), but its configuration file should point out the proper location.
/home/katrin# ipsec status
Security Associations (0 up, 0 connecting):
none
Since they were still up on the 10th here are the logs since then:
/var/log/messages:
Code:
Feb 10 06:25:04 TDTErsatz rsyslogd: [origin software="rsyslogd" swVersion="8.4.2" x-pid="497" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Feb 10 06:25:06 TDTErsatz rsyslogd0: action 'action 17' resumed (module 'builtin:ompipe') [try http://www.rsyslog.com/e/0 ]
Feb 10 06:25:06 TDTErsatz rsyslogd-2359: action 'action 17' resumed (module 'builtin:ompipe') [try http://www.rsyslog.com/e/2359 ]
Feb 10 06:33:56 TDTErsatz rsyslogd-2007: action 'action 17' suspended, next retry is Fri Feb 10 06:34:26 2017 [try http://www.rsyslog.com/e/2007 ]
Feb 11 01:53:57 TDTErsatz vpn: - TDT2 192.168.12.0/24 == 80.xxx.xxx.xxx -- 192.168.1.11 == 192.168.10.0/24
Feb 11 06:25:04 TDTErsatz rsyslogd: [origin software="rsyslogd" swVersion="8.4.2" x-pid="497" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Feb 11 06:25:57 TDTErsatz rsyslogd0: action 'action 17' resumed (module 'builtin:ompipe') [try http://www.rsyslog.com/e/0 ]
Feb 11 06:25:57 TDTErsatz rsyslogd-2359: action 'action 17' resumed (module 'builtin:ompipe') [try http://www.rsyslog.com/e/2359 ]
Feb 11 06:45:20 TDTErsatz rsyslogd-2007: action 'action 17' suspended, next retry is Sat Feb 11 06:45:50 2017 [try http://www.rsyslog.com/e/2007 ]
Feb 11 17:35:08 TDTErsatz vpn: - TDT 192.168.2.0/24 == 80.xxx.xxx.xxx -- 192.168.1.11 == 192.168.0.0/24
Feb 12 06:25:05 TDTErsatz rsyslogd: [origin software="rsyslogd" swVersion="8.4.2" x-pid="497" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Feb 12 06:47:01 TDTErsatz rsyslogd0: action 'action 17' resumed (module 'builtin:ompipe') [try http://www.rsyslog.com/e/0 ]
Feb 12 06:47:01 TDTErsatz rsyslogd-2359: action 'action 17' resumed (module 'builtin:ompipe') [try http://www.rsyslog.com/e/2359 ]
Feb 13 06:25:04 TDTErsatz rsyslogd: [origin software="rsyslogd" swVersion="8.4.2" x-pid="497" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Feb 13 06:25:05 TDTErsatz rsyslogd: [origin software="rsyslogd" swVersion="8.4.2" x-pid="497" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
/var/log/syslog:
From this I assume the problem occurs at 17:35 on the 11th.
Code:
Feb 11 17:35:02 TDTErsatz charon: 11[NET] sending packet: from 192.168.1.11[4500] to 80.xxx.xxx.xxx[4500] (92 bytes)
Feb 11 17:35:08 TDTErsatz charon: 08[IKE] closing CHILD_SA katrin{12} with SPIs ccad02e1_i (32745 bytes) fe72fc0d_o (26400 bytes) and TS 192.168.0.0/24 === 192.168.2.0/24
Feb 11 17:35:08 TDTErsatz charon: 08[IKE] sending DELETE for ESP CHILD_SA with SPI ccad02e1
Feb 11 17:35:08 TDTErsatz charon: 08[ENC] generating INFORMATIONAL_V1 request 2657066049 [ HASH D ]
Feb 11 17:35:08 TDTErsatz charon: 08[NET] sending packet: from 192.168.1.11[4500] to xxx.xxx.xxx.xxx[4500] (76 bytes)
Feb 11 17:35:08 TDTErsatz charon: 08[IKE] closing CHILD_SA katrin{12} with SPIs c3f78c09_i (8545 bytes) fe73085f_o (6880 bytes) and TS 192.168.0.0/24 === 192.168.2.0/24
Feb 11 17:35:08 TDTErsatz vpn: - TDT 192.168.2.0/24 == 80.xxx.xxx.xxx -- 192.168.1.11 == 192.168.0.0/24
Feb 11 17:35:08 TDTErsatz charon: 08[IKE] sending DELETE for ESP CHILD_SA with SPI c3f78c09
Feb 11 17:35:08 TDTErsatz charon: 08[ENC] generating INFORMATIONAL_V1 request 2792505554 [ HASH D ]
Feb 11 17:35:08 TDTErsatz charon: 08[NET] sending packet: from 192.168.1.11[4500] to 80.xxx.xxx.xxx[4500] (76 bytes)
Feb 11 17:35:08 TDTErsatz charon: 08[IKE] deleting IKE_SA katrin[56] between 192.168.1.11[Debian]...80.xxx.xxx.xxx[TDT]
Feb 11 17:35:08 TDTErsatz charon: 08[IKE] sending DELETE for IKE_SA katrin[56]
Feb 11 17:35:08 TDTErsatz charon: 08[ENC] generating INFORMATIONAL_V1 request 573093845 [ HASH D ]
Feb 11 17:35:08 TDTErsatz charon: 08[NET] sending packet: from 192.168.1.11[4500] to 80.xxx.xxx.xxx[4500] (92 bytes)
Feb 11 18:17:01 TDTErsatz CRON[5435]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Feb 11 19:17:01 TDTErsatz CRON[5779]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Feb 11 20:17:01 TDTErsatz CRON[6144]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Feb 11 21:17:01 TDTErsatz CRON[6506]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Feb 11 22:17:01 TDTErsatz CRON[6850]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Feb 11 23:17:01 TDTErsatz CRON[7168]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Nothing new after this
/var/log/auth:
Code:
Feb 11 16:09:27 TDTErsatz charon: 11[IKE] closing CHILD_SA katrin{12} with SPIs c80b54cc_i (29433 bytes) fe72cd55_o (23724 bytes) and TS 192.168.0.0/24 === 192.168.2.0/24
Feb 11 16:17:01 TDTErsatz CRON[4732]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 11 16:17:01 TDTErsatz CRON[4732]: pam_unix(cron:session): session closed for user root
Feb 11 16:36:23 TDTErsatz charon: 15[IKE] CHILD_SA katrin{12} established with SPIs ccad02e1_i fe72fc0d_o and TS 192.168.0.0/24 === 192.168.2.0/24
Feb 11 16:51:38 TDTErsatz charon: 04[IKE] closing CHILD_SA katrin{12} with SPIs c03ab66b_i (30709 bytes) fe72e3e4_o (24736 bytes) and TS 192.168.0.0/24 === 192.168.2.0/24
Feb 11 17:17:01 TDTErsatz CRON[5076]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 11 17:17:01 TDTErsatz CRON[5076]: pam_unix(cron:session): session closed for user root
Feb 11 17:22:51 TDTErsatz charon: 07[IKE] CHILD_SA katrin{12} established with SPIs c3f78c09_i fe73085f_o and TS 192.168.0.0/24 === 192.168.2.0/24
Feb 11 17:35:08 TDTErsatz charon: 08[IKE] closing CHILD_SA katrin{12} with SPIs ccad02e1_i (32745 bytes) fe72fc0d_o (26400 bytes) and TS 192.168.0.0/24 === 192.168.2.0/24
Feb 11 17:35:08 TDTErsatz charon: 08[IKE] closing CHILD_SA katrin{12} with SPIs c3f78c09_i (8545 bytes) fe73085f_o (6880 bytes) and TS 192.168.0.0/24 === 192.168.2.0/24
Feb 11 17:35:08 TDTErsatz charon: 08[IKE] deleting IKE_SA katrin[56] between 192.168.1.11[Debian]...80.xxx.xxx.xxx[TDT]
Feb 11 18:17:01 TDTErsatz CRON[5434]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 11 18:17:01 TDTErsatz CRON[5434]: pam_unix(cron:session): session closed for user root
Feb 11 19:17:01 TDTErsatz CRON[5778]: pam_unix(cron:session): session opened for user root by (uid=0)
I might have found the problem.
ipsec wasn't started in that runlevel.
I didn't think it would be a problem if I started it manually, but now that I've added it to the runlevel it hasn't disconnected (or at least it reconnected automatically).
Maybe that wasn't the solution and it just happens to stay connected for now... but if it keeps working I'm gonna assume that was it.
I might have found the problem.
ipsec wasn't started in that runlevel.
I didn't think it would be a problem if I started it manually, but now that I've added it to the runlevel it hasn't disconnected (or at least it reconnected automatically).
Maybe that wasn't the solution and it just happens to stay connected for now... but if it keeps working I'm gonna assume that was it.
Hi!
I'm struggling with the same issue.
Did it work in the long run?
If so, could you be so kind to enlighten us with your setup?
It is still working.
It's been 10 years, so I don't quite remember it, but I haven't had that kind of problem since.
Maybe you need to open your own thread, so that you can post your settings.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.