On new WAN IP (DHCP Client) it takes 10 minutes to IPsec reconnects
-
Hi,
It seems that charon do not care or is being not informed after WAN IP address changes
it try still use the old IP address and cannot bind this.
i see this messages after IP adress is changed: (the XXX.XXX.180.28 is an old IP address)
Logs are in reverse order!…
Oct 26 09:43:49 charon: 09[IKE] <con1000|2>sending DPD request
Oct 26 09:43:49 charon: 09[IKE] <con1000|2>sending DPD request
Oct 26 09:43:48 charon: 05[NET] error writing to socket: Can't assign requested address
Oct 26 09:43:48 charon: 09[NET] <con1000|3>sending packet: from XXX.XXX.180.28[500] to XXX.XXX.183.110[500] (391 bytes)
Oct 26 09:43:48 charon: 09[IKE] <con1000|3>sending retransmit 4 of request message ID 0, seq 1
Oct 26 09:43:48 charon: 09[IKE] <con1000|3>sending retransmit 4 of request message ID 0, seq 1
Oct 26 09:43:39 charon: 09[IKE] <con1000|2>sending DPD request
Oct 26 09:43:39 charon: 09[IKE] <con1000|2>sending DPD request
Oct 26 09:43:29 charon: 09[IKE] <con1000|2>sending DPD request
Oct 26 09:43:29 charon: 09[IKE] <con1000|2>sending DPD request
Oct 26 09:43:24 charon: 05[NET] error writing to socket: Can't assign requested address
Oct 26 09:43:24 charon: 09[NET] <con1000|3>sending packet: from XXX.XXX.180.28[500] to XXX.XXX.183.110[500] (391 bytes)
Oct 26 09:43:24 charon: 09[IKE] <con1000|3>sending retransmit 3 of request message ID 0, seq 1
Oct 26 09:43:24 charon: 09[IKE] <con1000|3>sending retransmit 3 of request message ID 0, seq 1
Oct 26 09:43:19 charon: 09[IKE] <con1000|2>sending DPD request
Oct 26 09:43:19 charon: 09[IKE] <con1000|2>sending DPD request
…after i while (10 - 15 minutes) IPsec realizes that the WAN address is changed and reconnects successfully:
...
Oct 26 09:53:32 charon: 12[IKE] <con1000|4>IKE_SA con1000[4] established between XXX.XXX.180.42[XXX]…XXX.XXX.183.110[XXX.XXX.183.110]
Oct 26 09:53:32 charon: 12[ENC] <con1000|4>received unknown vendor ID: 69:93:69:22:87:41:c6:d4:ca:09:4c:93:e2:42:c9
19:e7:b7:c6:00:00:00:05:00:00:05:00
Oct 26 09:53:32 charon: 12[IKE] <con1000|4>received NAT-T (RFC 3947) vendor ID
Oct 26 09:53:32 charon: 12[IKE] <con1000|4>received NAT-T (RFC 3947) vendor ID
Oct 26 09:53:32 charon: 12[IKE] <con1000|4>received DPD vendor ID
Oct 26 09:53:32 charon: 12[IKE] <con1000|4>received DPD vendor ID
Oct 26 09:53:32 charon: 12[ENC] <con1000|4>parsed AGGRESSIVE response 0 [ SA KE No ID HASH V V V NAT-D NAT-D ]
Oct 26 09:53:32 charon: 12[NET] <con1000|4>received packet: from XXX.XXX.183.110[500] to XXX.XXX.180.42[500] (388 bytes)
Oct 26 09:53:32 charon: 12[NET] <con1000|4>sending packet: from XXX.XXX.180.42[500] to XXX.XXX.183.110[500] (391 bytes)
Oct 26 09:53:32 charon: 12[ENC] <con1000|4>generating AGGRESSIVE request 0 [ SA KE No ID V V V V V V ]
Oct 26 09:53:32 charon: 12[IKE] <con1000|4>initiating Aggressive Mode IKE_SA con1000[4] to XXX.XXX.183.110
Oct 26 09:53:32 charon: 12[IKE] <con1000|4>initiating Aggressive Mode IKE_SA con1000[4] to XXX.XXX.183.110
Oct 26 09:53:32 charon: 16[KNL] creating acquire job for policy XXX.XXX.180.42/32|/0 === XXX.XXX.183.110/32|/0 with reqid {2}
Oct 26 09:51:15 charon: 16[IKE] <con1000|3>establishing IKE_SA failed, peer not responding
Oct 26 09:51:15 charon: 16[IKE] <con1000|3>establishing IKE_SA failed, peer not responding
Oct 26 09:51:15 charon: 16[IKE] <con1000|3>giving up after 5 retransmits
Oct 26 09:51:15 charon: 16[IKE] <con1000|3>giving up after 5 retransmits
Oct 26 09:50:00 charon: 05[NET] error writing to socket: Can't assign requested address
…how can i change this behavior?
If more debug information is needed, I can provide this.</con1000|3></con1000|3></con1000|3></con1000|3></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|4></con1000|2></con1000|2></con1000|3></con1000|3></con1000|3></con1000|2></con1000|2></con1000|2></con1000|2></con1000|3></con1000|3></con1000|3></con1000|2></con1000|2>