[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: [strongSwan] fail to send DPD
From: Bingzheng Wu <wubingzheng () gmail ! com>
Date: 2016-08-09 13:11:20
Message-ID: CAH9OGN-9_tsNEpmDmM4zP9pCd2nCFKXXqZBEjAetDe=jyBZZgw () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi all
I have 2 IPSEC servers and 2 clients.
Both 2 clients connect to both servers, so there are 4 sessions.
Some days ago, the network of the servers' IDC broke for several minutes.
Then the 2 servers send DPD messages to clients.
The clients received them and replied, but servers did not received the
replies.
Then the 2 servers shutdown the sessions.
So far so good.
However, the 2 clients still thought the sessions are good, and did not
send any DPD messages.
So there were mis-match between the servers and clients.
Any one know the possible reason?
Thanks in advance
Wu
===configure of servers:===
config setup
conn listen-xxx
right=%any
auto=add
leftcert=cert.pem
rightca="CN=test-CA"
type=transport
keyexchange=ikev2
esp=aes128gcm12,aes128-sha1
ikelifetime=365d
lifetime=1d
dpdaction=clear
===configure of clients:===
config setup
conn %default
leftcert=cert.pem
rightca="CN=test-CA"
type=transport
keyexchange=ikev2
esp=aes128gcm12,aes128-sha1
ikelifetime=365d
lifetime=1d
auto=start
dpdaction=restart
closeaction=restart
keyingtries=%forever
conn xxx1
right=1.2.3.5
rightid="CN=xxx1"
conn xxx2
right=1.2.3.4
rightid="CN=xxx2"
[Attachment #5 (text/html)]
<div dir="ltr">Hi all<div><br></div><div>I have 2 IPSEC servers and 2 \
clients.</div><div>Both 2 clients connect to both servers, so there are 4 \
sessions.</div><div><br></div><div>Some days ago, the network of the servers' IDC \
broke for several minutes.</div><div>Then the 2 servers send DPD messages to \
clients.</div><div>The clients received them and replied, but servers did not \
received the replies.</div><div>Then the 2 servers shutdown the \
sessions.</div><div>So far so good.</div><div><br></div><div>However, the 2 clients \
still thought the sessions are good, and did not send any DPD \
messages.</div><div><br></div><div>So there were mis-match between the servers and \
clients.</div><div><br></div><div>Any one know the possible \
reason?</div><div><br></div><div><br></div><div>Thanks in \
advance</div><div>Wu</div><div><br></div><div><br></div><div>===configure of \
servers:===</div><div><div> config setup</div><div><br></div><div> conn \
listen-xxx</div><div> right=%any</div><div> auto=add</div><div> \
leftcert=cert.pem</div><div> rightca="CN=test-CA"</div><div> \
type=transport</div><div> keyexchange=ikev2</div><div> \
esp=aes128gcm12,aes128-sha1</div><div> ikelifetime=365d</div><div> \
lifetime=1d</div><div> \
dpdaction=clear</div></div><div><br></div><div>===configure of \
clients:===</div><div><div> config setup</div><div><br></div><div> conn \
%default</div><div> leftcert=cert.pem</div><div> \
rightca="CN=test-CA"</div><div> type=transport</div><div> \
keyexchange=ikev2</div><div> esp=aes128gcm12,aes128-sha1</div><div> \
ikelifetime=365d</div><div> lifetime=1d</div><div> auto=start</div><div> \
dpdaction=restart</div><div> closeaction=restart</div><div> \
keyingtries=%forever</div><div><br></div><div> conn xxx1</div><div> \
right=1.2.3.5</div><div> rightid="CN=xxx1"</div><div> conn \
xxx2</div><div> right=1.2.3.4</div><div> \
rightid="CN=xxx2"</div></div></div>
[Attachment #6 (text/plain)]
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic