Issue #3158
error writing to socket: Network is unreachable
Description
hi,
i get this issue below. please help.
our local network works well, and we can ping or telnet the host running strongswan client.
however strongswan client on the host reports this error "error writing to socket: Network is unreachable" when it initiates IKE message to secgw server.
if i reboot the host, then ipsec tunnel established between the host and secgw server.
2019.08.22_18.50.54 05[CFG] received stroke: add connection 'IPsecConn_f3p1c2'
2019.08.22_18.50.54 05[CFG] conn IPsecConn_f3p1c2
2019.08.22_18.50.54 05[CFG] left=10.10.100.67
2019.08.22_18.50.54 05[CFG] leftsubnet=0.0.0.0/0
2019.08.22_18.50.54 05[CFG] leftsourceip=
2019.08.22_18.50.54 05[CFG] leftauth=pubkey
2019.08.22_18.50.54 05[CFG] leftid=C=CN,ST=GD,L=GZ,O=zhaobiao,CN=002A2B00AA58@AP.comba.com.cn
2019.08.22_18.50.54 05[CFG] leftcert=f3p1c2-681D640000000000.-cert.pem
2019.08.22_18.50.54 05[CFG] right=20.0.0.2
2019.08.22_18.50.54 05[CFG] rightsubnet=0.0.0.0/0
2019.08.22_18.50.54 05[CFG] rightauth=pubkey
2019.08.22_18.50.54 05[CFG] rightid=C=CN,ST=GD,L=GZ,O=zhaobiao,CN=002A2B00AA61@AP.comba.com.cn
2019.08.22_18.50.54 05[CFG] aaa_identity=
2019.08.22_18.50.54 05[CFG] xauth_identity=
2019.08.22_18.50.54 05[CFG] ike=aes-sha1-prfsha1-modp1024!
2019.08.22_18.50.54 05[CFG] esp=aes-sha1-modp1024!
2019.08.22_18.50.54 05[CFG] dpddelay=30
2019.08.22_18.50.54 05[CFG] dpdtimeout=150
2019.08.22_18.50.54 05[CFG] mediation=no
2019.08.22_18.50.54 05[CFG] keyexchange=ikev2
2019.08.22_18.50.54 05[CFG] loaded certificate "C=CN, ST=GD, L=GZ, O=zhaobiao, CN=002A2B00AA58@AP.comba.com.cn" from 'f3p1c2-681D640000000000.-cert.pem'
2019.08.22_18.50.54 05[CFG] added configuration 'IPsecConn_f3p1c2'
2019.08.22_18.50.56 03[CFG] received stroke: initiate 'IPsecConn_f3p1c2'
2019.08.22_18.50.56 03[IKE] initiating IKE_SA IPsecConn_f3p1c21 to 20.0.0.2
2019.08.22_18.50.56 03[CFG] configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
2019.08.22_18.50.56 03[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
2019.08.22_18.50.56 03[NET] sending packet: from 10.10.100.67500 to 20.0.0.2500 (320 bytes)
2019.08.22_18.50.56 10[NET] error writing to socket: Network is unreachable
2019.08.22_18.51.00 02[IKE] retransmit 1 of request with message ID 0
2019.08.22_18.51.00 02[NET] sending packet: from 10.10.100.67500 to 20.0.0.2500 (320 bytes)
2019.08.22_18.51.00 10[NET] error writing to socket: Network is unreachable
2019.08.22_18.51.08 07[IKE] retransmit 2 of request with message ID 0
2019.08.22_18.51.08 07[NET] sending packet: from 10.10.100.67500 to 20.0.0.2500 (320 bytes)
2019.08.22_18.51.08 10[NET] error writing to socket: Network is unreachable
2019.08.22_18.51.21 08[IKE] giving up after 2 retransmits
zhonghai li
History
#1 Updated by Tobias Brunner about 6 years ago
- Category set to configuration
- Status changed from New to Feedback
See HelpRequests.
#2 Updated by zhonghai li about 6 years ago
hi,
could you indicate me which part I should check in HelpRequests.
i find this issue is caused by that I make eth0 down/up when strongswan booting up.
so how can i recover this issue without restarting strongswan deamon.
zhonghai li
#3 Updated by Tobias Brunner about 6 years ago
could you indicate me which part I should check in HelpRequests.
I'd start with reading it, then following the instructions.
i find this issue is caused by that I make eth0 down/up when strongswan booting up.
Aehm, so the interface is down and you wonder why the daemon can't send packets?
#4 Updated by zhonghai li about 6 years ago
hi,
i mean after eth0 up, strongswan can reopen socket or any other method to recover this issue?
zhonghai li
#5 Updated by Tobias Brunner about 6 years ago
i mean after eth0 up, strongswan can reopen socket or any other method to recover this issue?
No need for that if your network and daemon is appropriately configured.
#6 Updated by Tobias Brunner almost 6 years ago
- Status changed from Feedback to Closed
- Assignee set to Tobias Brunner
- Resolution set to No feedback