[Swan] [SPAM: 4.729] Re: Tunnel gets established, but machines can reach each other only for less than a minute
ud at blueaquan.com
ud at blueaquan.com
Tue Jan 31 19:39:45 EET 2023
Hi Paul
Kindly find the output of ipsec whack --showstates from both sides
please.
At HO
000 #5: "PLUTOSUBNET":1208 STATE_V2_ESTABLISHED_IKE_SA (established IKE
SA); EVENT_SA_REKEY in 28511s; newest ISAKMP; idle;
000 #6: "PLUTOSUBNET":1208 STATE_V2_ESTABLISHED_CHILD_SA (IPsec SA
established); EVENT_SA_REKEY in 28511s; newest IPSEC; eroute owner;
isakmp#5; idle;
000 #6: "PLUTOSUBNET" esp.e4688f53 at W.X.Y.Z esp.910e3384 at A.B.C.D
tun.0 at W.X.Y.Z tun.0 at A.B.C.D Traffic: ESPin=168B ESPout=168B! ESPmax=0B
At Site Office
000 #1: "PLSUBNET":4500 STATE_V2_ESTABLISHED_IKE_SA (established IKE
SA); EVENT_SA_REKEY in 27743s; newest ISAKMP; idle;
000 #2: "PLSUBNET":4500 STATE_V2_ESTABLISHED_CHILD_SA (IPsec SA
established); EVENT_SA_REKEY in 27984s; newest IPSEC; eroute owner;
isakmp#1; idle;
000 #2: "PLSUBNET" esp.910e3384 at A.B.C.D esp.e4688f53 at 10.10.128.100
tun.0 at A.B.C.D tun.0 at 10.10.128.100 Traffic: ESPin=168B ESPout=168B!
ESPmax=0B
Thanks, Best
BA
On 2023-01-31 22:01, Paul Wouters wrote:
> On Mon, 30 Jan 2023, ud at blueaquan.com wrote:
>
>> I changed the HO's statement to auto=add while keeping auto=start at
>> the Site Office. Also removed encapsulation statement at both
>> ends, However there is no change in status, both machines are unable
>> to reach each other. The tunnel is getting established as
>> always, attaching the logs from both sides FYI.
>
> Once the tunnel is not working, can you run on both ends:
>
> ipsec whack --showstates
>
> Let's see if both ends are still thinking the tunnel is up or not.
>
> Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20230131/fe0fac88/attachment.htm>
More information about the Swan
mailing list