Project

General

Profile

Issue #3158

error writing to socket: Network is unreachable

Added by zhonghai li about 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Category:
configuration
Affected version:
5.3.5
Resolution:
No feedback

Description

hi,

i get this issue below. please help.

our local network works well, and we can ping or telnet the host running strongswan client.
however strongswan client on the host reports this error "error writing to socket: Network is unreachable" when it initiates IKE message to secgw server.
if i reboot the host, then ipsec tunnel established between the host and secgw server.

2019.08.22_18.50.54 05[CFG] received stroke: add connection 'IPsecConn_f3p1c2'
2019.08.22_18.50.54 05[CFG] conn IPsecConn_f3p1c2
2019.08.22_18.50.54 05[CFG] left=10.10.100.67
2019.08.22_18.50.54 05[CFG] leftsubnet=0.0.0.0/0
2019.08.22_18.50.54 05[CFG] leftsourceip=
2019.08.22_18.50.54 05[CFG] leftauth=pubkey
2019.08.22_18.50.54 05[CFG] leftid=C=CN,ST=GD,L=GZ,O=zhaobiao,CN=
2019.08.22_18.50.54 05[CFG] leftcert=f3p1c2-681D640000000000.-cert.pem
2019.08.22_18.50.54 05[CFG] right=20.0.0.2
2019.08.22_18.50.54 05[CFG] rightsubnet=0.0.0.0/0
2019.08.22_18.50.54 05[CFG] rightauth=pubkey
2019.08.22_18.50.54 05[CFG] rightid=C=CN,ST=GD,L=GZ,O=zhaobiao,CN=
2019.08.22_18.50.54 05[CFG] aaa_identity=
2019.08.22_18.50.54 05[CFG] xauth_identity=
2019.08.22_18.50.54 05[CFG] ike=aes-sha1-prfsha1-modp1024!
2019.08.22_18.50.54 05[CFG] esp=aes-sha1-modp1024!
2019.08.22_18.50.54 05[CFG] dpddelay=30
2019.08.22_18.50.54 05[CFG] dpdtimeout=150
2019.08.22_18.50.54 05[CFG] mediation=no
2019.08.22_18.50.54 05[CFG] keyexchange=ikev2
2019.08.22_18.50.54 05[CFG] loaded certificate "C=CN, ST=GD, L=GZ, O=zhaobiao, CN=" from 'f3p1c2-681D640000000000.-cert.pem'
2019.08.22_18.50.54 05[CFG] added configuration 'IPsecConn_f3p1c2'
2019.08.22_18.50.56 03[CFG] received stroke: initiate 'IPsecConn_f3p1c2'
2019.08.22_18.50.56 03[IKE] initiating IKE_SA IPsecConn_f3p1c21 to 20.0.0.2
2019.08.22_18.50.56 03[CFG] configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
2019.08.22_18.50.56 03[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
2019.08.22_18.50.56 03[NET] sending packet: from 10.10.100.67500 to 20.0.0.2500 (320 bytes)
2019.08.22_18.50.56 10[NET] error writing to socket: Network is unreachable
2019.08.22_18.51.00 02[IKE] retransmit 1 of request with message ID 0
2019.08.22_18.51.00 02[NET] sending packet: from 10.10.100.67500 to 20.0.0.2500 (320 bytes)
2019.08.22_18.51.00 10[NET] error writing to socket: Network is unreachable
2019.08.22_18.51.08 07[IKE] retransmit 2 of request with message ID 0
2019.08.22_18.51.08 07[NET] sending packet: from 10.10.100.67500 to 20.0.0.2500 (320 bytes)
2019.08.22_18.51.08 10[NET] error writing to socket: Network is unreachable
2019.08.22_18.51.21 08[IKE] giving up after 2 retransmits

zhonghai li

History

#1 Updated by Tobias Brunner about 1 year ago

  • Category set to configuration
  • Status changed from New to Feedback

#2 Updated by zhonghai li about 1 year ago

hi,

could you indicate me which part I should check in HelpRequests.

i find this issue is caused by that I make eth0 down/up when strongswan booting up.
so how can i recover this issue without restarting strongswan deamon.

zhonghai li

#3 Updated by Tobias Brunner about 1 year ago

could you indicate me which part I should check in HelpRequests.

I'd start with reading it, then following the instructions.

i find this issue is caused by that I make eth0 down/up when strongswan booting up.

Aehm, so the interface is down and you wonder why the daemon can't send packets?

#4 Updated by zhonghai li about 1 year ago

hi,

i mean after eth0 up, strongswan can reopen socket or any other method to recover this issue?

zhonghai li

#5 Updated by Tobias Brunner about 1 year ago

i mean after eth0 up, strongswan can reopen socket or any other method to recover this issue?

No need for that if your network and daemon is appropriately configured.

#6 Updated by Tobias Brunner about 1 year ago

  • Status changed from Feedback to Closed
  • Assignee set to Tobias Brunner
  • Resolution set to No feedback

Also available in: Atom PDF