[Swan] Tunnel Going Down

Banana Man bananasgorilla16 at gmail.com
Thu Oct 20 20:26:09 UTC 2016


Hi:
I have a number of tunnels running well on a CentOS 7 machine with
libreswan 3.15-5.el7_1. I added a new tunnel which I am having some issues
with; the only real difference is that the new one is using ikev2. The
config is:

conn demo
    type=tunnel
    authby=secret

    left=10.0.0.3
    leftsubnet=10.0.0.3/255.255.255.255
    leftnexthop=123.45.67.4
    leftsourceip=10.0.0.3

    right=123.45.67.4
    rightsubnet=2123.45.67.198/255.255.255.255
    rightnexthop=10.0.0.3
    rightsourceip=123.45.67.198

    ikev2=insist
    ike=aes-sha1
    ikelifetime=86400s
    phase2alg=aes-256
    salifetime=28800s
    rekey=no
    pfs=no
    auto=start

The other side is, I think, a Cisco ASA. The tunnel has failed sporadically
and I see the following output from ipsec status when this happens:

000 #18146: "demo":500 STATE_PARENT_R1 (received v2I1, sent v2R1);
EVENT_v2_RESPONDER_TIMEOUT in 77s; idle; import:respond to stranger

I couldn't find a lot of information on this error. Can anyone point out
anything I can do here? Is there a way to automatically recover from an
event like this? It works fine (for a while) with a --replace & --up.

Thanks,
Bananas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20161020/67be7aaf/attachment.html>


More information about the Swan mailing list