[Swan] tunnel error after 24h

valentin vlasov vmvlasov at yahoo.com
Tue Mar 13 08:15:36 UTC 2018 

Hello.
I have some tunnel made it with different partners. Only one of them give me this strange behaviour.Tunnel it's between my Libreswan 3.15 (netkey) on 2.6.32-696.16.1.el6.x86_64 (centSO 6.9) and a Cisco ASA 5520.Configuration:
config setup
        protostack=netkey
        logfile=/var/log/pluto.log
        interfaces="ipsec0=eth0 ipsec1=eth1 ipsec2=eth1:0"
        dumpdir=/var/run/pluto/
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10,%v4:!10.x.y.z/24,%v4:!10.x.s.d/24
include /etc/ipsec.d/*.conf

# --------------------------------------------------------------------------------------------
conn dixx
        type=tunnel
        authby=secret
        dpddelay=30
        dpdtimeout=90
        dpdaction=clear
        rekey=yes
        keyingtries=%forever

        right=IP_public_2
        rightid=IP_public_2
        rightnexthop=%defaultroute
        left=IP_public_1
        leftid=IP_public_1
        leftnexthop=IP_public_3 (ISP GW)

        keyexchange=ike
        ike=3des-md5;modp1024
        ikelifetime=86400s
        salifetime=86400s
        phase2=esp
        phase2alg=3des-md5
        pfs=no
# --------------------------------------------------------------------------------------------
conn di1
        also=dixx
        rightsubnet=192.w.r.t/16
        leftsubnet=10.x.y.z/24
        auto=start
# ------------------------------------        diverse     --------------------------------------
conn diverse
        also=ditech
        rightsubnets={subnet2/24 subnet3/24 subnet4/24 subnet5/24 subnet6/24}
        leftsubnet=10.x.y.z/24
        auto=start


I attach the last pluto.log from the moment of renegotiation, but only for the first conn 'di1' [same log are for other conn defined, but are too many infos...].
With this configuration, the connection 'di1' [and others] was up for 48h but in the past all goes wrong after 24h. In this case i must make service ipsec restart and all are good.
Can you give me some advice about what happend?
If you need more information please tell me.
Thanks a lot !
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20180313/f7519340/attachment-0001.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: pluto_di1.txt
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20180313/f7519340/attachment-0001.txt>

More information about the Swan mailing list