charonlog stopped generating DPD messages
I have a linux server 1 that has strongswan-5.8.2 running and about 36 connections coming in from VPN routers model TP-Link R600VPN. The TP-Link routers are configured to send DPD every 10 seconds and at Day 1, I could see all those DPD requests in the log file (/var/log/charonlog) on server 1 coming in every 10 seconds. Looking at today (Day 6), I dont see any of them. At first I thought there was a bug in TP-Link routers, so I took one to test and connected to a different server 2 with strongswan-5.8.2 and all the DPDs appeared every 10 seconds as expected:
Mar 27 22:53:57 07[NET] <GW-REMUSR01|2> received packet: from 50.77.x.x4500
to 172.16.95.204500 (92 bytes)
Mar 27 22:53:57 07[ENC] <GW-REMUSR01|2> parsed INFORMATIONAL_V1 request 10763687
95 [ HASH N(DPD) ]
Mar 27 22:53:57 07[ENC] <GW-REMUSR01|2> generating INFORMATIONAL_V1 request 2257
530836 [ HASH N(DPD_ACK) ]
Mar 27 22:53:57 07[NET] <GW-REMUSR01|2> sending packet: from 172.16.95.204500
to 50.77.x.x4500 (92 bytes)
Pointing the test TP-Link VPN router back to my original server 1, there are no DPDs in the log. I can see other messages such as connections getting established but no DPDs. Appears to be a bug in strongswan? Could someone please assist? Thank you, Darko
#2 Updated by Tobias Brunner 7 months ago
- Status changed from New to Feedback
Appears to be a bug in strongswan?
Why do you think so after tests with a different strongSwan server of the same version worked as expected? Did you check if there actually are DPDs sent and received? And whether DPDs are even necessary (maybe there is constant traffic between the hosts)?
#3 Updated by Darko Kraus 7 months ago
Thank you for the reply. My bad on this one. There were DPDs and then suddenly nothing so I was concerned, and considering the size of the log file I thought that could possibly be an issue but after doing some additional testing the other end of the VPN was not sending DPDs due to traffic. I apologize for this issue request. We can close this case.