Project

General

Profile

Bug #317

Updated by Tobias Brunner over 7 years ago

Hi,
yesterday ha done an upgrade from stongswan 4.5.2 to strongswan 5.0.2 on my Amazon VPN ec2 server.
Before upgrade all VPN work well for many muths, after upgrade all VPN client-to-lan are disconnectet after 1 hour of connection.

I give you an example:
My IP is: 78.134.107.32
Private/Pubblic Amazon EC2 IP is: 172.17.1.200/176.34.149.25
The VPN client is Shrew Soft VPN client

<pre>
###################STRONGSWAN CONFIGURATION#####################
config setup
charondebug=cfg 2, ike 2
cachecrls=no
strictcrlpolicy=no
uniqueids=yes

conn portatili_general
type=tunnel
keyexchange=ikev1
keylife=28800s
ikelifetime=3600s
rekeymargin=540s
rekeyfuzz=75%
ike=aes128-md5-modp4096,aes128-md5-modp3072,aes128-md5-modp2048,aes128-md5-modp1536,aes128-md5-modp1024!
esp=aes128-md5-modp1024,aes128-sha1!
dpddelay=30s
dpdtimeout=120s

# VPN Max laptop
conn %auto
also=portatili_general
authby=rsasig
dpdaction=clear
keyingtries=1
auto=start
leftid=176.34.149.25
left=172.17.1.200
leftsubnet=172.17.1.0/24
leftfirewall=yes
leftcert=serverCert.pem
right=%any
rightsubnet=10.10.10.88/32
rightcert=maxCert.pem
###################END STRONGSWAN CONFIGURATION#####################
</pre>

<pre>


###################auth.log###################
Mar 20 17:09:14 ip-172-17-1-200 charon-custom: 01[IKE] reauthenticating IKE_SA conn_6[16] actively
Mar 20 17:09:14 ip-172-17-1-200 charon-custom: 01[IKE] initiating Main Mode IKE_SA conn_6[20] to 78.134.107.32
Mar 20 17:09:48 ip-172-17-1-200 charon-custom: 02[IKE] deleting IKE_SA conn_6[16] between 172.17.1.200[C=IT, O=Logon Technologies srl, CN=strongswan.logontec.it]...78.134.107.32[C=IT, O=Logon Technologies srl, CN=Max Monterumisi]
###################END auth.log###################
</pre>


<pre>
###################charon.log###################
Mar 20 17:09:08 16[NET] received packet: from 78.134.107.32[4500] to 172.17.1.200[4500] (92 bytes)
Mar 20 17:09:08 16[ENC] parsed INFORMATIONAL_V1 request 3073921021 [ HASH N(DPD) ]
Mar 20 17:09:08 16[ENC] generating INFORMATIONAL_V1 request 1947751472 [ HASH N(DPD_ACK) ]
Mar 20 17:09:08 16[NET] sending packet: from 172.17.1.200[4500] to 78.134.107.32[4500] (92 bytes)
Mar 20 17:09:14 15[NET] received packet: from 85.18.250.182[4500] to 172.17.1.200[4500] (684 bytes)
Mar 20 17:09:14 15[IKE] received retransmit of request with ID 3526279889, but no response to retransmit
Mar 20 17:09:14 01[IKE] initiator did not reauthenticate as requested
Mar 20 17:09:14 01[IKE] reauthenticating IKE_SA conn_6[16] actively
Mar 20 17:09:14 01[IKE] initiating Main Mode IKE_SA conn_6[20] to 78.134.107.32
Mar 20 17:09:14 01[ENC] generating ID_PROT request 0 [ SA V V V V ]
Mar 20 17:09:14 01[NET] sending packet: from 172.17.1.200[4500] to 78.134.107.32[4500] (300 bytes)
Mar 20 17:09:18 03[IKE] sending retransmit 1 of request message ID 0, seq 1
Mar 20 17:09:18 03[NET] sending packet: from 172.17.1.200[4500] to 78.134.107.32[4500] (300 bytes)
Mar 20 17:09:23 16[NET] received packet: from 78.134.107.32[4500] to 172.17.1.200[4500] (92 bytes)
Mar 20 17:09:23 16[ENC] parsed INFORMATIONAL_V1 request 2512148655 [ HASH N(DPD) ]
Mar 20 17:09:25 13[IKE] sending retransmit 2 of request message ID 0, seq 1
Mar 20 17:09:25 13[NET] sending packet: from 172.17.1.200[4500] to 78.134.107.32[4500] (300 bytes)
Mar 20 17:09:30 15[IKE] sending keep alive to 78.134.107.32[4500]
Mar 20 17:09:38 02[NET] received packet: from 78.134.107.32[4500] to 172.17.1.200[4500] (92 bytes)
Mar 20 17:09:38 02[ENC] parsed INFORMATIONAL_V1 request 458292244 [ HASH N(DPD) ]
Mar 20 17:09:38 16[IKE] sending retransmit 3 of request message ID 0, seq 1
Mar 20 17:09:38 16[NET] sending packet: from 172.17.1.200[4500] to 78.134.107.32[4500] (300 bytes)
Mar 20 17:09:42 14[NET] received packet: from 78.134.107.32[4500] to 172.17.1.200[4500] (92 bytes)
Mar 20 17:09:42 14[ENC] parsed INFORMATIONAL_V1 request 849316894 [ HASH N(DPD) ]
Mar 20 17:09:45 13[NET] received packet: from 78.134.107.32[4500] to 172.17.1.200[4500] (92 bytes)
Mar 20 17:09:45 13[ENC] parsed INFORMATIONAL_V1 request 111481316 [ HASH N(DPD) ]
Mar 20 17:09:47 15[NET] received packet: from 78.134.107.32[4500] to 172.17.1.200[4500] (92 bytes)
Mar 20 17:09:47 15[ENC] parsed INFORMATIONAL_V1 request 1532747746 [ HASH N(DPD) ]
Mar 20 17:09:48 01[NET] received packet: from 78.134.107.32[4500] to 172.17.1.200[4500] (76 bytes)
Mar 20 17:09:48 01[ENC] parsed INFORMATIONAL_V1 request 1089359246 [ HASH D ]
Mar 20 17:09:48 01[IKE] received DELETE for ESP CHILD_SA with SPI d12641e8
Mar 20 17:09:48 01[IKE] CHILD_SA not found, ignored
Mar 20 17:09:48 02[NET] received packet: from 78.134.107.32[4500] to 172.17.1.200[4500] (76 bytes)
Mar 20 17:09:48 02[ENC] parsed INFORMATIONAL_V1 request 258902840 [ HASH D ]
Mar 20 17:09:48 02[IKE] received DELETE for IKE_SA conn_6[16]
Mar 20 17:09:48 02[IKE] deleting IKE_SA conn_6[16] between 172.17.1.200[C=IT, O=Logon Technologies srl, CN=strongswan.logontec.it]...78.134.107.32[C=IT, O=Logon Technologies srl, CN=Max Monterumisi]
###################END charon.log###################
</pre>

Back