[Swan] IKEv2 connection from Android drops after a few minutes
Beat Zahnd
beat.zahnd at gmail.com
Wed Mar 11 19:27:31 UTC 2020
3.28 does not start
Mar 11 20:26:29 core systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
Mar 11 20:26:30 core _stackmanager[26781]: FAILURE in loading XFRM IPsec stack
Mar 11 20:26:30 core systemd[1]: ipsec.service: Control process exited, code=exited, status=1/FAILURE
Mar 11 20:26:30 core systemd[1]: ipsec.service: Failed with result 'exit-code'.
Mar 11 20:26:30 core systemd[1]: Failed to start Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Mar 11 20:26:30 core systemd[1]: ipsec.service: Service RestartSec=100ms expired, scheduling restart.
Mar 11 20:26:30 core systemd[1]: ipsec.service: Scheduled restart job, restart counter is at 1.
Mar 11 20:26:30 core systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
3.29 works, but no NAT-T keepalive as with 3.27
3.30 same problem as with 3.31
> On 11 Mar 2020, at 14:13, Paul Wouters <paul at nohats.ca> wrote:
>
> On Wed, 11 Mar 2020, Beat Zahnd wrote:
>
>> I run 3.27 which is last version on stable Debian.
>
> Grab the 3.31 source and run "make deb" ?
>
>> Are the NAT-T keepalives fully independent from the DPD keepalives?
>
> Yes. There are completely unrelated. DPDs only happen when there is no
> IPsec traffic. NAT keepalives always happen (Its cheaper to fire them
> then to ask the kernel every 20s if there was traffic)
>
> Paul
More information about the Swan
mailing list