08:14:52 charon: 11 generating ID_PROT request 0 08:14:52 charon: 11 received DELETE for IKE_SA ipsec1 "A moment when responder has been restarted" 08:14:52 charon: 07 received DELETE for ESP CHILD_SA with SPI c52f7024 Ipsec1: remote: uses pre-shared key authentication Worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 2 The ipsec initiator status after responder restart:
So I think that configuration is properly loaded after responder restarting. 10:11:18 charon: 09 proposing traffic selectors for other: 10:11:18 charon: 09 proposing traffic selectors for us: 10:11:18 charon: 03 watcher going to poll() 4 fds 10:11:18 charon: 03 watcher got notification, rebuilding 10:11:18 charon: 03 watcher going to poll() 3 fds 10:11:18 charon: 03 watched FD 12 ready to read 10:11:17 charon: 08 proposing traffic selectors for other:
10:11:17 charon: 08 proposing traffic selectors for us: 10:11:17 charon: 03 watcher going to poll() 4 fds 10:11:17 charon: 03 watcher got notification, rebuilding 10:11:17 charon: 03 watcher going to poll() 3 fds 10:11:17 charon: 03 watched FD 12 ready to read
10:11:14 charon: 03 watcher got notification, rebuilding 10:11:14 charon: 07 added configuration 'ipsec1' 10:11:14 charon: 03 watcher going to poll() 4 fds 10:11:14 charon: 15 started worker thread 15 10:11:14 charon: 16 started worker thread 16 10:11:14 charon: 07 leftupdown=/etc/scripts/updown 10:11:14 charon: 07 received stroke: add connection 'ipsec1' Security Associations (0 up, 0 connecting): Ipsec1: local: uses pre-shared key authentication Loaded plugins: charon nonce pem openssl kernel-netlink socket-default stroke updown Worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0 Status of IKE charon daemon (weakSwan 5.4.0, Linux 3.5.0-lsp-3.3.1, armv5tejl): The ipsec responder status after restart: So the ipsec script is not installed currently. stroke can't be used directly? Is something wrong to terminate the connection via stroke down + stroke delete? We use strongswan at a linux based embedded device and we need to save flash memory size as much as possible. Unfortunatelly even closeaction=restart does not help if tunnel is downed and deleted on the remote side, because the remote side sends NO_PROPOSAL_CHOSEN and SA is permanently deleted on the local side too. Option closeaction=restart should be used in nf in this case, but it is not recommended to use it with uniqueids=yes that is usually enabled.
Ipsecuritas not starting manual#
I found the following issue: IPsec tunnel is not automatically reestablished if the remote side is restarted, so manual action on the local side is required. One side is configured as initiator and the second one is configured as responder. I established an ikev1 ipsec connection beetwen two strongswans.
0 kommentar(er)
