Project

General

Profile

Issue #3387

charonlog stopped generating DPD messages

Added by Darko Kraus 7 months ago. Updated 7 months ago.

Status:
Closed
Priority:
Normal
Category:
network / firewall
Affected version:
5.8.2
Resolution:
No change required

Description

Hello,

I have a linux server 1 that has strongswan-5.8.2 running and about 36 connections coming in from VPN routers model TP-Link R600VPN. The TP-Link routers are configured to send DPD every 10 seconds and at Day 1, I could see all those DPD requests in the log file (/var/log/charonlog) on server 1 coming in every 10 seconds. Looking at today (Day 6), I dont see any of them. At first I thought there was a bug in TP-Link routers, so I took one to test and connected to a different server 2 with strongswan-5.8.2 and all the DPDs appeared every 10 seconds as expected:

Mar 27 22:53:57 07[NET] <GW-REMUSR01|2> received packet: from 50.77.x.x4500
to 172.16.95.204500 (92 bytes)
Mar 27 22:53:57 07[ENC] <GW-REMUSR01|2> parsed INFORMATIONAL_V1 request 10763687
95 [ HASH N(DPD) ]
Mar 27 22:53:57 07[ENC] <GW-REMUSR01|2> generating INFORMATIONAL_V1 request 2257
530836 [ HASH N(DPD_ACK) ]
Mar 27 22:53:57 07[NET] <GW-REMUSR01|2> sending packet: from 172.16.95.204500
to 50.77.x.x4500 (92 bytes)

Pointing the test TP-Link VPN router back to my original server 1, there are no DPDs in the log. I can see other messages such as connections getting established but no DPDs. Appears to be a bug in strongswan? Could someone please assist? Thank you, Darko

ipsec.conf (1.43 KB) ipsec.conf Darko Kraus, 28.03.2020 04:06
charon-logging.conf (1.75 KB) charon-logging.conf Darko Kraus, 28.03.2020 04:12
charon.conf (9.03 KB) charon.conf Darko Kraus, 28.03.2020 04:12

History

#1 Updated by Darko Kraus 7 months ago

I didnt mention the kernel version I am running is 3.10.94:

Linux strongSwan U5.8.2/K3.10.94-v1r02
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.

Thanks!

Darko

#2 Updated by Tobias Brunner 7 months ago

  • Status changed from New to Feedback

Appears to be a bug in strongswan?

Why do you think so after tests with a different strongSwan server of the same version worked as expected? Did you check if there actually are DPDs sent and received? And whether DPDs are even necessary (maybe there is constant traffic between the hosts)?

#3 Updated by Darko Kraus 7 months ago

Tobias,

Thank you for the reply. My bad on this one. There were DPDs and then suddenly nothing so I was concerned, and considering the size of the log file I thought that could possibly be an issue but after doing some additional testing the other end of the VPN was not sending DPDs due to traffic. I apologize for this issue request. We can close this case.

Thanks,

Darko

#4 Updated by Tobias Brunner 7 months ago

  • Category set to network / firewall
  • Status changed from Feedback to Closed
  • Assignee set to Tobias Brunner
  • Resolution set to No change required

Also available in: Atom PDF