Project

General

Profile

Issue #3444

Connection establish but after a period of time, it will be disconnected and only the phase1 connected.

Added by ray chao about 2 months ago. Updated about 2 months ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
-
Affected version:
5.8.4
Resolution:

Description

The ipsec connection is connected, but after a period of time, it will be disconnected and unable to connect.

# ipsec.secrets – strongSwan Client IPsec secrets file:
10.10.10.13 10.10.10.10 : PSK "111111" 

config setup
conn test2
 aggressive=no
 authby=secret
 left=10.10.10.13
 leftsourceip=192.168.128.254
 right=10.10.10.10
 leftsubnet=192.168.128.0/24
 rightsubnet=192.168.127.0/24
 type=tunnel
 esp=3des-sha1-modp2048
 rekeymargin=9m
 rekeyfuzz=100%
 keyingtries=%forever
 keyexchange=ikev1
 ikelifetime=1h
 keylife=20m
 ike=3des-sha1-modp2048
 auto=start
 dpddelay=30
 dpdtimeout=120
 dpdaction=hold
conn any_wan0
 left=10.10.10.13
 leftsourceip=10.10.10.13
 right=%any
#####################################
# ipsec.secrets – strongSwan Client IPsec secrets file:
10.10.10.10 10.10.10.13 : PSK "111111" 

config setup
conn test3
 aggressive=no
 authby=secret
 left=10.10.10.10
 leftsourceip=192.168.127.254
 right=10.10.10.13
 leftsubnet=192.168.127.0/24
 rightsubnet=192.168.128.0/24
 type=tunnel
 esp=3des-sha1-modp2048
 rekeymargin=9m
 rekeyfuzz=100%
 keyingtries=%forever
 keyexchange=ikev1
 ikelifetime=1h
 keylife=20m
 ike=3des-sha1-modp2048
 auto=start
 dpddelay=30
 dpdtimeout=12
 dpdaction=hold
conn any_wan0
 left=10.10.10.10
 leftsourceip=10.10.10.10
 right=%any

I got this result in both peers:
client side:

2020-05-13T10:54:58+0000 00[DMN] Starting IKE charon daemon (strongSwan 5.8.1, Linux 4.14.76-15.0.0, aarch64)
2020-05-13T10:54:58+0000 00[CFG] PKCS11 module '<name>' lacks library path
2020-05-13T10:54:59+0000 00[KNL] received netlink error: Address family not supported by protocol (97)
2020-05-13T10:54:59+0000 00[KNL] unable to create IPv6 routing table rule
2020-05-13T10:54:59+0000 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
2020-05-13T10:54:59+0000 00[CFG]   loaded ca certificate "O=MOXA, OU=NET, CN=MOXAHTTPtest, E=iei@moxa.com" from '/etc/ipsec.d/cacerts/MOXARootCA.crt'
2020-05-13T10:54:59+0000 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
2020-05-13T10:54:59+0000 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
2020-05-13T10:54:59+0000 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
2020-05-13T10:54:59+0000 00[CFG] loading crls from '/etc/ipsec.d/crls'
2020-05-13T10:54:59+0000 00[CFG] loading secrets from '/etc/ipsec.secrets'
2020-05-13T10:54:59+0000 00[CFG]   loaded IKE secret for 10.10.10.13 10.10.10.10
2020-05-13T10:54:59+0000 00[LIB] loaded plugins: charon pkcs11 aes des rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem af-alg fips-prf gmp curve25519 xcbc cmac hmac attr kernel-netlink resolve socket-default stroke vici updown xauth-generic led counters
2020-05-13T10:54:59+0000 00[JOB] spawning 16 worker threads
2020-05-13T10:54:59+0000 06[CFG] received stroke: add connection 'test2'
2020-05-13T10:54:59+0000 06[CFG] added configuration 'test2'
2020-05-13T10:54:59+0000 08[CFG] received stroke: initiate 'test2'
2020-05-13T10:54:59+0000 08[IKE] initiating Main Mode IKE_SA test2[1] to 10.10.10.10
2020-05-13T10:54:59+0000 08[ENC] generating ID_PROT request 0 [ SA V V V V V ]
2020-05-13T10:54:59+0000 08[NET] sending packet: from 10.10.10.13[500] to 10.10.10.10[500] (212 bytes)
2020-05-13T10:54:59+0000 09[NET] received packet: from 10.10.10.10[500] to 10.10.10.13[500] (156 bytes)
2020-05-13T10:54:59+0000 09[ENC] parsed ID_PROT response 0 [ SA V V V V ]
2020-05-13T10:54:59+0000 09[IKE] received XAuth vendor ID
2020-05-13T10:54:59+0000 09[IKE] received DPD vendor ID
2020-05-13T10:54:59+0000 09[IKE] received FRAGMENTATION vendor ID
2020-05-13T10:54:59+0000 09[IKE] received NAT-T (RFC 3947) vendor ID
2020-05-13T10:54:59+0000 09[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
2020-05-13T10:54:59+0000 09[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
2020-05-13T10:54:59+0000 09[NET] sending packet: from 10.10.10.13[500] to 10.10.10.10[500] (372 bytes)
2020-05-13T10:54:59+0000 10[NET] received packet: from 10.10.10.10[500] to 10.10.10.13[500] (372 bytes)
2020-05-13T10:54:59+0000 10[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
2020-05-13T10:54:59+0000 10[ENC] generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
2020-05-13T10:54:59+0000 10[NET] sending packet: from 10.10.10.13[500] to 10.10.10.10[500] (100 bytes)
2020-05-13T10:54:59+0000 11[NET] received packet: from 10.10.10.10[500] to 10.10.10.13[500] (68 bytes)
2020-05-13T10:54:59+0000 11[ENC] parsed ID_PROT response 0 [ ID HASH ]
2020-05-13T10:54:59+0000 11[IKE] IKE_SA test2[1] established between 10.10.10.13[10.10.10.13]...10.10.10.10[10.10.10.10]
2020-05-13T10:54:59+0000 11[IKE] scheduling reauthentication in 2702s
2020-05-13T10:54:59+0000 11[IKE] maximum IKE_SA lifetime 3242s
2020-05-13T10:54:59+0000 11[ENC] generating TRANSACTION request 901354119 [ HASH CPRQ(ADDR DNS) ]
2020-05-13T10:54:59+0000 11[NET] sending packet: from 10.10.10.13[500] to 10.10.10.10[500] (76 bytes)
2020-05-13T10:54:59+0000 12[NET] received packet: from 10.10.10.10[500] to 10.10.10.13[500] (76 bytes)
2020-05-13T10:54:59+0000 12[IKE] queueing TRANSACTION request as tasks still active
2020-05-13T10:55:02+0000 15[NET] received packet: from 10.10.10.10[500] to 10.10.10.13[500] (212 bytes)
2020-05-13T10:55:02+0000 15[ENC] parsed ID_PROT request 0 [ SA V V V V V ]
2020-05-13T10:55:02+0000 15[IKE] received XAuth vendor ID
2020-05-13T10:55:02+0000 15[IKE] received DPD vendor ID
2020-05-13T10:55:02+0000 15[IKE] received FRAGMENTATION vendor ID
2020-05-13T10:55:02+0000 15[IKE] received NAT-T (RFC 3947) vendor ID
2020-05-13T10:55:02+0000 15[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
2020-05-13T10:55:02+0000 15[IKE] 10.10.10.10 is initiating a Main Mode IKE_SA
2020-05-13T10:55:02+0000 15[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
2020-05-13T10:55:02+0000 15[ENC] generating ID_PROT response 0 [ SA V V V V ]
2020-05-13T10:55:02+0000 15[NET] sending packet: from 10.10.10.13[500] to 10.10.10.10[500] (156 bytes)
2020-05-13T10:55:02+0000 01[NET] received packet: from 10.10.10.10[500] to 10.10.10.13[500] (372 bytes)
2020-05-13T10:55:02+0000 01[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
2020-05-13T10:55:02+0000 01[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
2020-05-13T10:55:02+0000 01[NET] sending packet: from 10.10.10.13[500] to 10.10.10.10[500] (372 bytes)
2020-05-13T10:55:02+0000 05[NET] received packet: from 10.10.10.10[500] to 10.10.10.13[500] (68 bytes)
2020-05-13T10:55:02+0000 05[ENC] parsed ID_PROT request 0 [ ID HASH ]
2020-05-13T10:55:02+0000 05[CFG] looking for pre-shared key peer configs matching 10.10.10.13...10.10.10.10[10.10.10.10]
2020-05-13T10:55:02+0000 05[CFG] selected peer config "test2" 
2020-05-13T10:55:02+0000 05[IKE] schedule delete of duplicate IKE_SA for peer '10.10.10.10' due to uniqueness policy and suspected reauthentication
2020-05-13T10:55:02+0000 05[IKE] IKE_SA test2[2] established between 10.10.10.13[10.10.10.13]...10.10.10.10[10.10.10.10]
2020-05-13T10:55:02+0000 05[IKE] scheduling reauthentication in 2622s
2020-05-13T10:55:02+0000 05[IKE] maximum IKE_SA lifetime 3162s
2020-05-13T10:55:02+0000 05[ENC] generating ID_PROT response 0 [ ID HASH ]
2020-05-13T10:55:02+0000 05[NET] sending packet: from 10.10.10.13[500] to 10.10.10.10[500] (68 bytes)
2020-05-13T10:55:02+0000 05[ENC] generating TRANSACTION request 2591611276 [ HASH CPRQ(ADDR DNS) ]
2020-05-13T10:55:02+0000 05[NET] sending packet: from 10.10.10.13[500] to 10.10.10.10[500] (76 bytes)
2020-05-13T10:55:02+0000 07[NET] received packet: from 10.10.10.10[500] to 10.10.10.13[500] (76 bytes)
2020-05-13T10:55:02+0000 07[IKE] queueing TRANSACTION request as tasks still active
2020-05-13T10:55:03+0000 11[NET] received packet: from 10.10.10.10[500] to 10.10.10.13[500] (76 bytes)
2020-05-13T10:55:03+0000 11[IKE] ignoring TRANSACTION request, queue full
2020-05-13T10:55:03+0000 12[IKE] sending retransmit 1 of request message ID 901354119, seq 4
2020-05-13T10:55:03+0000 12[NET] sending packet: from 10.10.10.13[500] to 10.10.10.10[500] (76 bytes)
2020-05-13T10:55:06+0000 13[IKE] sending retransmit 1 of request message ID 2591611276, seq 1
2020-05-13T10:55:06+0000 13[NET] sending packet: from 10.10.10.13[500] to 10.10.10.10[500] (76 bytes)
2020-05-13T10:55:06+0000 14[NET] received packet: from 10.10.10.10[500] to 10.10.10.13[500] (76 bytes)
2020-05-13T10:55:06+0000 14[IKE] ignoring TRANSACTION request, queue full
2020-05-13T10:55:10+0000 05[NET] received packet: from 10.10.10.10[500] to 10.10.10.13[500] (76 bytes)
2020-05-13T10:55:10+0000 05[IKE] ignoring TRANSACTION request, queue full
2020-05-13T10:55:10+0000 06[IKE] sending retransmit 2 of request message ID 901354119, seq 4
2020-05-13T10:55:10+0000 06[NET] sending packet: from 10.10.10.13[500] to 10.10.10.10[500] (76 bytes)
2020-05-13T10:55:12+0000 07[IKE] deleting IKE_SA test2[1] between 10.10.10.13[10.10.10.13]...10.10.10.10[10.10.10.10]
2020-05-13T10:55:12+0000 07[IKE] sending DELETE for IKE_SA test2[1]
2020-05-13T10:55:12+0000 07[ENC] generating INFORMATIONAL_V1 request 1699242865 [ HASH D ]
2020-05-13T10:55:12+0000 07[NET] sending packet: from 10.10.10.13[500] to 10.10.10.10[500] (84 bytes)
2020-05-13T10:55:14+0000 10[IKE] sending retransmit 2 of request message ID 2591611276, seq 1
2020-05-13T10:55:14+0000 10[NET] sending packet: from 10.10.10.13[500] to 10.10.10.10[500] (76 bytes)
2020-05-13T10:55:14+0000 11[NET] received packet: from 10.10.10.10[500] to 10.10.10.13[500] (76 bytes)
2020-05-13T10:55:14+0000 11[IKE] ignoring TRANSACTION request, queue full
2020-05-13T10:55:26+0000 05[IKE] sending retransmit 3 of request message ID 2591611276, seq 1
2020-05-13T10:55:26+0000 05[NET] sending packet: from 10.10.10.13[500] to 10.10.10.10[500] (76 bytes)
2020-05-13T10:55:26+0000 06[NET] received packet: from 10.10.10.10[500] to 10.10.10.13[500] (76 bytes)
2020-05-13T10:55:26+0000 06[IKE] ignoring TRANSACTION request, queue full

server side:
2020-05-13T10:55:02+0000 00[DMN] Starting IKE charon daemon (strongSwan 5.8.1, Linux 4.14.76-15.0.0, aarch64)
2020-05-13T10:55:02+0000 00[CFG] PKCS11 module '<name>' lacks library path
2020-05-13T10:55:02+0000 00[KNL] received netlink error: Address family not supported by protocol (97)
2020-05-13T10:55:02+0000 00[KNL] unable to create IPv6 routing table rule
2020-05-13T10:55:02+0000 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
2020-05-13T10:55:02+0000 00[CFG]   loaded ca certificate "O=MOXA, OU=NET, CN=MOXAHTTPtest, E=iei@moxa.com" from '/etc/ipsec.d/cacerts/MOXARootCA.crt'
2020-05-13T10:55:02+0000 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
2020-05-13T10:55:02+0000 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
2020-05-13T10:55:02+0000 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
2020-05-13T10:55:02+0000 00[CFG] loading crls from '/etc/ipsec.d/crls'
2020-05-13T10:55:02+0000 00[CFG] loading secrets from '/etc/ipsec.secrets'
2020-05-13T10:55:02+0000 00[CFG]   loaded IKE secret for 10.10.10.10 10.10.10.13
2020-05-13T10:55:02+0000 00[LIB] loaded plugins: charon pkcs11 aes des rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem af-alg fips-prf gmp curve25519 xcbc cmac hmac attr kernel-netlink resolve socket-default stroke vici updown xauth-generic led counters
2020-05-13T10:55:02+0000 00[JOB] spawning 16 worker threads
2020-05-13T10:55:02+0000 05[CFG] received stroke: add connection 'test3'
2020-05-13T10:55:02+0000 05[CFG] added configuration 'test3'
2020-05-13T10:55:02+0000 08[CFG] received stroke: initiate 'test3'
2020-05-13T10:55:02+0000 08[IKE] initiating Main Mode IKE_SA test3[1] to 10.10.10.13
2020-05-13T10:55:02+0000 08[ENC] generating ID_PROT request 0 [ SA V V V V V ]
2020-05-13T10:55:02+0000 08[NET] sending packet: from 10.10.10.10[500] to 10.10.10.13[500] (212 bytes)
2020-05-13T10:55:02+0000 09[NET] received packet: from 10.10.10.13[500] to 10.10.10.10[500] (212 bytes)
2020-05-13T10:55:02+0000 09[ENC] parsed ID_PROT request 0 [ SA V V V V V ]
2020-05-13T10:55:02+0000 09[IKE] received XAuth vendor ID
2020-05-13T10:55:02+0000 09[IKE] received DPD vendor ID
2020-05-13T10:55:02+0000 09[IKE] received FRAGMENTATION vendor ID
2020-05-13T10:55:02+0000 09[IKE] received NAT-T (RFC 3947) vendor ID
2020-05-13T10:55:02+0000 09[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
2020-05-13T10:55:02+0000 09[IKE] 10.10.10.13 is initiating a Main Mode IKE_SA
2020-05-13T10:55:02+0000 09[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
2020-05-13T10:55:02+0000 09[ENC] generating ID_PROT response 0 [ SA V V V V ]
2020-05-13T10:55:02+0000 09[NET] sending packet: from 10.10.10.10[500] to 10.10.10.13[500] (156 bytes)
2020-05-13T10:55:02+0000 10[NET] received packet: from 10.10.10.13[500] to 10.10.10.10[500] (372 bytes)
2020-05-13T10:55:02+0000 10[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
2020-05-13T10:55:02+0000 10[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
2020-05-13T10:55:02+0000 10[NET] sending packet: from 10.10.10.10[500] to 10.10.10.13[500] (372 bytes)
2020-05-13T10:55:02+0000 11[NET] received packet: from 10.10.10.13[500] to 10.10.10.10[500] (100 bytes)
2020-05-13T10:55:02+0000 11[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
2020-05-13T10:55:02+0000 11[CFG] looking for pre-shared key peer configs matching 10.10.10.10...10.10.10.13[10.10.10.13]
2020-05-13T10:55:02+0000 11[CFG] selected peer config "test3" 
2020-05-13T10:55:02+0000 11[IKE] IKE_SA test3[2] established between 10.10.10.10[10.10.10.10]...10.10.10.13[10.10.10.13]
2020-05-13T10:55:02+0000 11[IKE] scheduling reauthentication in 2785s
2020-05-13T10:55:02+0000 11[IKE] maximum IKE_SA lifetime 3325s
2020-05-13T10:55:02+0000 11[ENC] generating ID_PROT response 0 [ ID HASH ]
2020-05-13T10:55:02+0000 11[NET] sending packet: from 10.10.10.10[500] to 10.10.10.13[500] (68 bytes)
2020-05-13T10:55:02+0000 11[ENC] generating TRANSACTION request 2728519253 [ HASH CPRQ(ADDR DNS) ]
2020-05-13T10:55:02+0000 11[NET] sending packet: from 10.10.10.10[500] to 10.10.10.13[500] (76 bytes)
2020-05-13T10:55:02+0000 12[NET] received packet: from 10.10.10.13[500] to 10.10.10.10[500] (76 bytes)
2020-05-13T10:55:02+0000 12[IKE] queueing TRANSACTION request as tasks still active
2020-05-13T10:55:06+0000 16[IKE] sending retransmit 1 of request message ID 0, seq 1
2020-05-13T10:55:06+0000 16[NET] sending packet: from 10.10.10.10[500] to 10.10.10.13[500] (212 bytes)
2020-05-13T10:55:06+0000 06[NET] received packet: from 10.10.10.13[500] to 10.10.10.10[500] (156 bytes)
2020-05-13T10:55:06+0000 06[ENC] parsed ID_PROT response 0 [ SA V V V V ]
2020-05-13T10:55:06+0000 06[IKE] received XAuth vendor ID
2020-05-13T10:55:06+0000 06[IKE] received DPD vendor ID
2020-05-13T10:55:06+0000 06[IKE] received FRAGMENTATION vendor ID
2020-05-13T10:55:06+0000 06[IKE] received NAT-T (RFC 3947) vendor ID
2020-05-13T10:55:06+0000 06[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
2020-05-13T10:55:06+0000 06[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
2020-05-13T10:55:06+0000 06[NET] sending packet: from 10.10.10.10[500] to 10.10.10.13[500] (372 bytes)
2020-05-13T10:55:06+0000 05[NET] received packet: from 10.10.10.13[500] to 10.10.10.10[500] (372 bytes)
2020-05-13T10:55:06+0000 05[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
2020-05-13T10:55:06+0000 05[ENC] generating ID_PROT request 0 [ ID HASH ]
2020-05-13T10:55:06+0000 05[NET] sending packet: from 10.10.10.10[500] to 10.10.10.13[500] (68 bytes)
2020-05-13T10:55:06+0000 07[NET] received packet: from 10.10.10.13[500] to 10.10.10.10[500] (68 bytes)
2020-05-13T10:55:06+0000 07[ENC] parsed ID_PROT response 0 [ ID HASH ]
2020-05-13T10:55:06+0000 07[IKE] schedule delete of duplicate IKE_SA for peer '10.10.10.13' due to uniqueness policy and suspected reauthentication
2020-05-13T10:55:06+0000 07[IKE] IKE_SA test3[1] established between 10.10.10.10[10.10.10.10]...10.10.10.13[10.10.10.13]
2020-05-13T10:55:06+0000 07[IKE] scheduling reauthentication in 2528s
2020-05-13T10:55:06+0000 07[IKE] maximum IKE_SA lifetime 3068s
2020-05-13T10:55:06+0000 07[ENC] generating TRANSACTION request 4078237415 [ HASH CPRQ(ADDR DNS) ]
2020-05-13T10:55:06+0000 07[NET] sending packet: from 10.10.10.10[500] to 10.10.10.13[500] (76 bytes)
2020-05-13T10:55:06+0000 08[NET] received packet: from 10.10.10.13[500] to 10.10.10.10[500] (76 bytes)
2020-05-13T10:55:06+0000 08[IKE] queueing TRANSACTION request as tasks still active
2020-05-13T10:55:06+0000 09[IKE] sending retransmit 1 of request message ID 2728519253, seq 1
2020-05-13T10:55:06+0000 09[NET] sending packet: from 10.10.10.10[500] to 10.10.10.13[500] (76 bytes)
2020-05-13T10:55:06+0000 10[NET] received packet: from 10.10.10.13[500] to 10.10.10.10[500] (76 bytes)
2020-05-13T10:55:06+0000 10[IKE] ignoring TRANSACTION request, queue full
2020-05-13T10:55:10+0000 12[NET] received packet: from 10.10.10.13[500] to 10.10.10.10[500] (76 bytes)
2020-05-13T10:55:10+0000 12[IKE] ignoring TRANSACTION request, queue full
2020-05-13T10:55:10+0000 14[IKE] sending retransmit 1 of request message ID 4078237415, seq 4
2020-05-13T10:55:10+0000 14[NET] sending packet: from 10.10.10.10[500] to 10.10.10.13[500] (76 bytes)
2020-05-13T10:55:13+0000 16[IKE] sending retransmit 2 of request message ID 2728519253, seq 1
2020-05-13T10:55:13+0000 16[NET] sending packet: from 10.10.10.10[500] to 10.10.10.13[500] (76 bytes)
2020-05-13T10:55:13+0000 06[NET] received packet: from 10.10.10.13[500] to 10.10.10.10[500] (76 bytes)
2020-05-13T10:55:13+0000 06[IKE] ignoring TRANSACTION request, queue full
2020-05-13T10:55:16+0000 08[IKE] deleting IKE_SA test3[2] between 10.10.10.10[10.10.10.10]...10.10.10.13[10.10.10.13]
2020-05-13T10:55:16+0000 08[IKE] sending DELETE for IKE_SA test3[2]
2020-05-13T10:55:16+0000 08[ENC] generating INFORMATIONAL_V1 request 2872790864 [ HASH D ]
2020-05-13T10:55:16+0000 08[NET] sending packet: from 10.10.10.10[500] to 10.10.10.13[500] (84 bytes)
2020-05-13T10:55:17+0000 10[IKE] sending retransmit 2 of request message ID 4078237415, seq 4
2020-05-13T10:55:17+0000 10[NET] sending packet: from 10.10.10.10[500] to 10.10.10.13[500] (76 bytes)
2020-05-13T10:55:17+0000 11[NET] received packet: from 10.10.10.13[500] to 10.10.10.10[500] (76 bytes)
2020-05-13T10:55:17+0000 11[IKE] ignoring TRANSACTION request, queue full
2020-05-13T10:55:30+0000 16[IKE] sending retransmit 3 of request message ID 4078237415, seq 4
2020-05-13T10:55:30+0000 16[NET] sending packet: from 10.10.10.10[500] to 10.10.10.13[500] (76 bytes)
2020-05-13T10:55:30+0000 16[NET] received packet: from 10.10.10.13[500] to 10.10.10.10[500] (76 bytes)
2020-05-13T10:55:30+0000 16[IKE] ignoring TRANSACTION request, queue full

Restart device will connect successfully first, but then it will fail to connection.
I can't recognize where the fail is!! and why it is written in the log file that "queueing TRANSACTION request as tasks still active","ignoring TRANSACTION request, queue full"?

History

#1 Updated by Tobias Brunner about 2 months ago

  • Status changed from New to Feedback

Your use of leftsourceip is incorrect (see VirtualIP). Also, using auto=start on both ends might not work well for IKEv1.

Also available in: Atom PDF