Thread Info
  • State Not Answered
  • Replies 2 replies
  • Subscribers 4 subscribers
  • Views 1223 views
  • Users 0 members are here
Options
Suggested

IPsec trunks down from EAP3 to EAP3-Refresh1, Strongswan rejecting connections

Paul Warriner

Yesterday, I upgraded a remote office XG125 from EAP3 to EAP3-Refresh1 and changed the IP on the local office from DHCP to static with the carrier.

Updated head office XG230 on EAP3 with new remote office static IP, and tunnel connected.

This morning, I updated a second remote office static IP on the head and branch sides of the tunnel, and the link came up.

I then updated the head office to EAP3-Refresh1, and my 5 IPsec tunnels went down.

XG230_WP02_SFOS 18.0.0 EAP3-Refresh1# tail -f /log/strongswan.log
2020-01-22 04:06:59 03[NET] ### drop_ike_sa_init(): rejecting new connections ###

Thanks,

Paul

Parents
  • 0

    I went and tore down the 5 connections, and built 1 IKEv2 connection.

    Still same rejecting new connections message. CHARON.LOG Log from no connections to building the one:

    XG230_WP02_SFOS 18.0.0 EAP3-Refresh1# tail -f /log/charon.log
    2020-01-22 17:29:07 05[APP] [COP-UPDOWN][STATUS] (process_db_update) SQL has 0 results!
    2020-01-22 17:32:07 24[APP] [COP-UPDOWN][STATUS] (process_db_update) SQL has 0 results!
    2020-01-22 17:35:07 10[APP] [COP-UPDOWN][STATUS] (process_db_update) SQL has 0 results!
    2020-01-22 17:38:07 30[APP] [COP-UPDOWN][STATUS] (process_db_update) SQL has 0 results!
    2020-01-22 17:41:07 27[APP] [COP-UPDOWN][STATUS] (process_db_update) SQL has 0 results!
    2020-01-22 17:42:02 30[CFG] rereading secrets
    2020-01-22 17:42:02 30[CFG] loading secrets from '/_conf/ipsec/ipsec.secrets'
    2020-01-22 17:42:02 30[CFG] expanding file expression '/_conf/ipsec/connections/*.secrets' failed
    2020-01-22 17:42:02 12[CFG] rereading ca certificates from '/_conf/ipsec/ipsec.d/cacerts'
    2020-01-22 17:44:07 23[APP] [COP-UPDOWN][STATUS] (process_db_update) SQL has 0 results!
    2020-01-22 17:45:40 15[CFG] rereading secrets
    2020-01-22 17:45:40 15[CFG] loading secrets from '/_conf/ipsec/ipsec.secrets'
    2020-01-22 17:45:40 15[CFG] loading secrets from '/_conf/ipsec/connections/EHS_Spectrum.secrets'
    2020-01-22 17:45:40 15[CFG] loaded IKE secret for HO-IP RO-IP

    2020-01-22 17:45:40 05[CFG] rereading ca certificates from '/_conf/ipsec/ipsec.d/cacerts'
    2020-01-22 17:45:40 19[CFG] received stroke: add connection 'EHS_Spectrum-1'
    2020-01-22 17:45:40 19[CFG] added configuration 'EHS_Spectrum-1'
    2020-01-22 17:46:01 03[NET] ### drop_ike_sa_init(): rejecting new connections ###
    2020-01-22 17:46:05 03[NET] ### drop_ike_sa_init(): rejecting new connections ###
    2020-01-22 17:46:12 03[NET] ### drop_ike_sa_init(): rejecting new connections ###
    2020-01-22 17:46:25 03[NET] ### drop_ike_sa_init(): rejecting new connections ###
    2020-01-22 17:46:48 03[NET] ### drop_ike_sa_init(): rejecting new connections ###

  • 0 in reply to Paul Warriner

    Hi  

     

    Thanks for the feedback.Sending you PM for more and details and start investigation of this feedback.

     

    Thanks,

    Rana Sharma

Reply Children
No Data
Unfiltered HTML