Bug #418
Updated by Tobias Brunner almost 12 years ago
I was testing a monitoring script, and noticed it would get stuck when running 'ipsec up xxx' on a connection which is simply not responding.
I could not find any configuration that changes this behavior. keyingtries does not affect it. And it seems like there is supposed to be some way to set it because this shows up in output with things like (2/0 (3/0) as if to say "attempt 2 out of 0":
<pre>
root@ip-10.10.10.10:/home/chrisb# ipsec up VPN-CONN-NAME
initiating Main Mode IKE_SA VPN-CONN-NAME[27] to 1.2.3.4
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 10.10.10.10[500] to 1.2.3.4[500] (188 bytes)
sending retransmit 1 of request message ID 0, seq 1
sending packet: from 10.10.10.10[500] to 1.2.3.4[500] (188 bytes)
sending retransmit 2 of request message ID 0, seq 1
sending packet: from 10.10.10.10[500] to 1.2.3.4[500] (188 bytes)
sending retransmit 3 of request message ID 0, seq 1
sending packet: from 10.10.10.10[500] to 1.2.3.4[500] (188 bytes)
sending retransmit 4 of request message ID 0, seq 1
sending packet: from 10.10.10.10[500] to 1.2.3.4[500] (188 bytes)
sending retransmit 5 of request message ID 0, seq 1
sending packet: from 10.10.10.10[500] to 1.2.3.4[500] (188 bytes)
giving up after 5 retransmits
peer not responding, trying again (2/0)
initiating Main Mode IKE_SA VPN-CONN-NAME[27] to 1.2.3.4
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 10.10.10.10[500] to 1.2.3.4[500] (188 bytes)
sending retransmit 1 of request message ID 0, seq 1
sending packet: from 10.10.10.10[500] to 1.2.3.4[500] (188 bytes)
sending retransmit 2 of request message ID 0, seq 1
sending packet: from 10.10.10.10[500] to 1.2.3.4[500] (188 bytes)
sending retransmit 3 of request message ID 0, seq 1
sending packet: from 10.10.10.10[500] to 1.2.3.4[500] (188 bytes)
sending retransmit 4 of request message ID 0, seq 1
sending packet: from 10.10.10.10[500] to 1.2.3.4[500] (188 bytes)
sending retransmit 5 of request message ID 0, seq 1
sending packet: from 10.10.10.10[500] to 1.2.3.4[500] (188 bytes)
giving up after 5 retransmits
peer not responding, trying again (3/0)
initiating Main Mode IKE_SA VPN-CONN-NAME[27] to 1.2.3.4
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 10.10.10.10[500] to 1.2.3.4[500] (188 bytes)
sending retransmit 1 of request message ID 0, seq 1
....
</pre>
I could not find any configuration that changes this behavior. keyingtries does not affect it. And it seems like there is supposed to be some way to set it because this shows up in output with things like (2/0 (3/0) as if to say "attempt 2 out of 0":
<pre>
root@ip-10.10.10.10:/home/chrisb# ipsec up VPN-CONN-NAME
initiating Main Mode IKE_SA VPN-CONN-NAME[27] to 1.2.3.4
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 10.10.10.10[500] to 1.2.3.4[500] (188 bytes)
sending retransmit 1 of request message ID 0, seq 1
sending packet: from 10.10.10.10[500] to 1.2.3.4[500] (188 bytes)
sending retransmit 2 of request message ID 0, seq 1
sending packet: from 10.10.10.10[500] to 1.2.3.4[500] (188 bytes)
sending retransmit 3 of request message ID 0, seq 1
sending packet: from 10.10.10.10[500] to 1.2.3.4[500] (188 bytes)
sending retransmit 4 of request message ID 0, seq 1
sending packet: from 10.10.10.10[500] to 1.2.3.4[500] (188 bytes)
sending retransmit 5 of request message ID 0, seq 1
sending packet: from 10.10.10.10[500] to 1.2.3.4[500] (188 bytes)
giving up after 5 retransmits
peer not responding, trying again (2/0)
initiating Main Mode IKE_SA VPN-CONN-NAME[27] to 1.2.3.4
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 10.10.10.10[500] to 1.2.3.4[500] (188 bytes)
sending retransmit 1 of request message ID 0, seq 1
sending packet: from 10.10.10.10[500] to 1.2.3.4[500] (188 bytes)
sending retransmit 2 of request message ID 0, seq 1
sending packet: from 10.10.10.10[500] to 1.2.3.4[500] (188 bytes)
sending retransmit 3 of request message ID 0, seq 1
sending packet: from 10.10.10.10[500] to 1.2.3.4[500] (188 bytes)
sending retransmit 4 of request message ID 0, seq 1
sending packet: from 10.10.10.10[500] to 1.2.3.4[500] (188 bytes)
sending retransmit 5 of request message ID 0, seq 1
sending packet: from 10.10.10.10[500] to 1.2.3.4[500] (188 bytes)
giving up after 5 retransmits
peer not responding, trying again (3/0)
initiating Main Mode IKE_SA VPN-CONN-NAME[27] to 1.2.3.4
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 10.10.10.10[500] to 1.2.3.4[500] (188 bytes)
sending retransmit 1 of request message ID 0, seq 1
....
</pre>