Project

General

Profile

Bug #2815

Updated by Tobias Brunner almost 2 years ago

Hi,

Following is my configuration on 2 machines -

Host1
<pre>
-
cat swanctl.conf
connections {
gw-gw {
local_addrs = 102.1.1.21
remote_addrs = 102.1.1.96
local {
auth = pubkey
certs = cool1Cert.der
id = "C=CH, O=blr.asicdesigners.com, CN=cool1"
}
remote {
auth = pubkey
id = "C=CH, O=blr.asicdesigners.com, CN=viper1"
}
children {
net-net {
rekey_time = 2000
rekey_bytes = 500000000
rekey_packets = 1000000
esp_proposals = aes128gcm96-x25519-esn-noesn
hw_offload = no
}
}
version = 2
mobike = no
reauth_time = 1080
proposals = aes128-sha1-x25519
}
}
</pre>



Host2
<pre>
-
cat swanctl.conf
connections {
gw-gw {
local_addrs = 102.1.1.96
remote_addrs = 102.1.1.21
local {
auth = pubkey
certs = viper1Cert.der
id = "C=CH, O=blr.asicdesigners.com, CN=viper1"
}
remote {
auth = pubkey
id = "C=CH, O=blr.asicdesigners.com, CN=cool1"
}
children {
net-net {
rekey_time = 2000
rekey_bytes = 500000000
rekey_packets = 1000000
esp_proposals = aes128gcm96-x25519-esn-noesn
hw_offload = no
}
}
version = 2
mobike = no
reauth_time = 1080
proposals = aes128-sha1-x25519
}
}
</pre>


After about an hour, the SAs disappear and IPSec tunnels die and never come back on.

Back