[Swan] Frequent dropped connections follow-up

Alex mysqlstudent at gmail.com
Mon Oct 21 17:25:50 UTC 2019


Hi,

Following up with this from earlier this month. I'm still having
problems and not sure what to do to fix it.

I've saved the output from "ipsec status" on both sides where the
problem occurs and hoped someone could review it.

This is the side with the dynamic IP (wyckoff)
https://pastebin.com/AZGVCF8c

This is the side with the fixed IP, also on a cable modem (orion):
https://pastebin.com/JFe4CPsd


On Fri, Oct 4, 2019 at 2:40 PM Alex <mysqlstudent at gmail.com> wrote:
>
> Hi, back in May I reported an issue involving two cable modems and
> dropping the connections for no apparent reason. I believe Paul said
> it was a deadlock issue that would be fixed in 3.28, but it continues
> today with 3.29 on fedora30.
>
> The issue is that two systems, both of which are connected to the
> Internet via cable modems, frequently lose their connection and
> usually require restarting one or both connections in order to
> reconnect, although sometimes "ipsec auto --up <connection_name>"
> works.
>
> My previous report is here:
> https://lists.libreswan.org/pipermail/swan/2019/003189.html
>
> I'm really not sure what further information I should provide to help
> troubleshoot this. This is the config from the "remote" system with a
> dynamic IP provided by Optimum.
>
> conn orion-wyckoff
>         ikev2=insist
>         authby=rsasig
>         auto=start
>         interfaces=%defaultroute
>         dpddelay=10
>         dpdtimeout=90
>         dpdaction=clear
>         rightsubnets={192.168.11.0/24,192.168.10.0/24}
>         rightid=@wyckoff-orion
>         right=wyckoff.example.com
>         rightrsasigkey=0sAwEAAd4...
>         leftid=@orion-wyckoff
>         left=orion.example.com
>         leftsubnets={192.168.1.0/24,192.168.6.0/24}
>         leftrsasigkey=0sAwEAAeSMFxvoJ...
>
> Here is the config for the "local" system with a static IP provided by
> Optimum. This system also has several other VPNs also using
> libreswan-3.29 that don't generally have the same problem.
>
> conn orion-wyckoff
>         ikev2=insist
>         authby=rsasig
>         auto=add
>         dpddelay=10
>         dpdtimeout=90
>         dpdaction=clear
>         rightid=@wyckoff-orion
>         rightsubnets={192.168.11.0/24,192.168.10.0/24}
>         right=wyckoff.example.com
>         rightrsasigkey=0sAwEAAd4EeK...
>         leftid=@orion-wyckoff
>         left=orion.example.com
>         leftsubnets={192.168.1.0/24,192.168.6.0/24}
>         leftrsasigkey=0sAwEAAeSMFxvoJaP5...


More information about the Swan mailing list