[Swan] IKEv2 connection failure after ~1h
Daniel J Blueman
daniel at quora.org
Thu Jun 23 04:35:33 UTC 2016
On 21 June 2016 at 23:18, Paul Wouters <paul at nohats.ca> wrote:
> On Wed, 15 Jun 2016, Daniel J Blueman wrote:
>
>> I find IKEv2 connections from a clean Windows 10 install to libreswan
>> [1] git HEAD fail after just under an hour [2]. I left the client
>> pinging an internal IP address on the server to avoid the connection
>> being detected as idle.
>>
>> Before I capture debug logs with --debug-all, any configuration changes to
>> try?
>
> not that I can see.
>
>> Jun 13 22:29:19: "remote"[2] 192.168.10.240 #2: STATE_PARENT_R2:
>> received v2I2, PARENT SA established tunnel mode {ESP/NAT=>0xadeaf89e
>> <0x46908922 xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=192.168.10.240:4500
>> DPD=active}
>>
>> Jun 13 23:25:05: | ikev2_child_sa_respond returned STF_FAIL with
>> v2N_NO_PROPOSAL_CHOSEN
>
>
> There seems to be a lot of logs, including non-debug logs, missing here.
> We'd need to see those to see what's going wrong.
Using libreswan built from last night's git HEAD, the debug log output
is at https://quora.org/pluto.log.xz .
The windows client is connected at 10:56:07pm; ping replies fail after
~55 minutes and the connection drops ~8h after connected, at
7:01:03am. I can readily get further debug or test changes etc.
Thanks!
Daniel
--
Daniel J Blueman
More information about the Swan
mailing list