[Ipsec-tools-users] racoon 0.8.0 / problems with reestablishing a connection
Brought to you by:
mit_warlord,
netbsd
From: Philip H. <pho...@se...> - 2013-03-18 09:26:47
|
Hi, I'm having trouble with racoon keeping up a connection to a particular ipsec endpoint (no issues with other endpoints). The connection can easily be established and traffic can flow through the tunnel, but sometimes, this happens (log level set to debug): Mar 18 05:33:02 host racoon: DEBUG: pk_recv: retry[0] recv() Mar 18 05:33:02 host racoon: DEBUG: got pfkey EXPIRE message Mar 18 05:33:02 host racoon: INFO: IPsec-SA expired: ESP/Tunnel ip.addr.my.end[500]->ip.addr.their.end[500] spi=346485622(0x14a6f376) Mar 18 05:33:02 host racoon: DEBUG: no such a SA found: ESP/Tunnel ip.addr.my.end[500]->ip.addr.their.end[500] spi=346485622(0x14a6f376) after that, no more traffic can flow and the connection is not reestablished. Does anybody have an idea what's going on here? crazyhat@host:~$ racoon -V @(#)ipsec-tools 0.8.0 (http://ipsec-tools.sourceforge.net) Compiled with: - OpenSSL 1.0.1 14 Mar 2012 (http://www.openssl.org/) - IPv6 support - Dead Peer Detection - IKE fragmentation - Hybrid authentication - NAT Traversal - Admin port - Monotonic clock (This is an ubuntu 12.04 machine) Philip |