[Openswan Users] Multiple EVENT_SA_REPLACEs for same connection

Toby Chamberlain toby at webtechservices.com.au
Fri Apr 27 21:36:14 EDT 2007


Hi,

After upgrading from 2.2.0 to 2.4.6 (ie Debian sarge->etch) clients using
the ebootis Windows ipsec.exe tool are suddenly unable to access the
internal LAN after running fine for days previously. When this happens,
ipsec auto --status shows a number of identical connections, all with
EVENT_SA_REPLACE (I would expect one _REPLACE and any others _EXPIRE). This
situation seems to happen randomly every few days - the connections are up
and running fine, then suddenly no traffic can get through until the
connection is taken down and reestablished, with ipsec auto showing multiple
tunnels like this:

Server# ipsec auto --status | grep RoadWarrior | grep "IPsec SA est"
000 #858: "RoadWarrior-Server"[8] 222.333.444.555:4500 STATE_QUICK_R2 (IPsec
SA established); EVENT_SA_REPLACE in 1367s
000 #849: "RoadWarrior-Server"[8] 222.333.444.555:4500 STATE_QUICK_R2 (IPsec
SA established); EVENT_SA_REPLACE in 407s
000 #872: "RoadWarrior-Server"[8] 222.333.444.555:4500 STATE_QUICK_R2 (IPsec
SA established); EVENT_SA_REPLACE in 2808s
000 #844: "RoadWarrior-Server"[8] 222.333.444.555:4500 STATE_QUICK_R2 (IPsec
SA established); EVENT_SA_EXPIRE in 197s
000 #876: "RoadWarrior-Server"[8] 222.333.444.555:4500 STATE_QUICK_R2 (IPsec
SA established); EVENT_SA_REPLACE in 3287s; newest IPSEC; eroute owner
000 #864: "RoadWarrior-Server"[8] 222.333.444.555:4500 STATE_QUICK_R2 (IPsec
SA established); EVENT_SA_REPLACE in 1847s
000 #856: "RoadWarrior-Server"[8] 222.333.444.555:4500 STATE_QUICK_R2 (IPsec
SA established); EVENT_SA_REPLACE in 887s
000 #869: "RoadWarrior-Server"[8] 222.333.444.555:4500 STATE_QUICK_R2 (IPsec
SA established); EVENT_SA_REPLACE in 2328s

auth.log shows regular renegotiations every hour while the connection is
working, then a spate of reconnections at short intervals (5 - 6 minutes
apart) when the connection hangs.

Does anyone know why this is happening and if there's something simple I can
do to stop it?

Toby




More information about the Users mailing list