[Swan] Windows 10 client to libreswan VPN server: The Child SA expires often
Mirsad Goran Todorovac
mirsad.todorovac at alu.unizg.hr
Fri Jan 7 22:19:11 EET 2022
The output of `ipsec showstates` is:
000 #5: "MYCONN-ikev2-cp"[3] 94.253.211.1:4500
STATE_V2_ESTABLISHED_IKE_SA (established IKE SA); EXPIRE in 25923s;
newest ISAKMP; idle;
000 #9: "MYCONN-ikev2-cp"[3] 94.253.211.1:4500
STATE_V2_ESTABLISHED_CHILD_SA (established Child SA); EXPIRE in 28737s;
newest IPSEC; eroute owner; isakmp#5; idle;
000 #9: "MYCONN-ikev2-cp"[3] 94.253.211.1 esp.c8c6721e at 94.253.211.1
esp.193db088 at 161.53.83.3 tun.0 at 94.253.211.1 tun.0 at 161.53.83.3 Traffic:
ESPin=396KB ESPout=23MB ESPmax=0B
What is the problem?
The Child SA is renegotiated every about 5 minutes despite saying EXPIRE
in 28800 s.
This renegotiation causes Internet TV to pause, requiring manual
intervention, and I suspect it could severe AnyDesk remote desktop used
by our accounting. Is there a workaround for this?
Kind regards,
Mirsad
--
Mirsad Goran Todorovac
CARNet sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
--
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
tel. +385 (0)1 3711 451
mob. +385 91 57 88 355
More information about the Swan
mailing list