Hello,
On Fri, 2015-06-05 at 15:55 +0200, Wolfgang Apolinarski wrote:
Hi!
I performed some tests with ipfire and the Windows VPN client (for the rekey=no issue). I usually use short-time VPN connections (<3 hours), so I did not recognize any problems.
During the tests, I did not find any configuration that allowed me a stable VPN connection, all connections drop after 3-4 hours (IKE re-negotiation, CHILD_SA re-negotiation works fine). The problem could also be located in one of the used routers... If you have any suggestion on what configuration I should test as well, please let me know.
This clearly is the IKE re-negotiation. The messages suggest that from the log below and the configuration, too.
My default configuration (1st try): conn WinAndroidVPN left=%defaultroute leftsubnet=0.0.0.0/0 leftfirewall=yes lefthostaccess=yes leftallowany=yes leftcert=/var/ipfire/certs/hostcert.pem ike=aes256-sha1-modp1024! esp=aes256-sha1! right=%any keyexchange=ikev2 compress=yes dpdaction=clear dpddelay=30s auto=add rightsourceip=%dhcp ikelifetime=4h lifetime=2h keylife=8h rightcert=/var/ipfire/certs/WinAndroidVPNcert.pem
The protocol for this config is located here: http://pastebin.com/iXjjp71R
2nd try changes: ikelifetime=4h lifetime=90m The protocol for the 2nd config is located here: http://pastebin.com/xyarBvub
3rd try changes: rekey=no ikelifetime=4h lifetime=2h The protocol for the 3rd config is located here: http://pastebin.com/jmPNzxUX
So, sorry, I was not able to find a stable connection and have no suggestion on how to change the default config such that a stable connection with Windows 7/8.1 is possible.
Have you tried to capture the packets on the client as well and check if the IKE messages reach that system? strongSwan had some bugs/features? in the past where it ignored IKE messages. Maybe that is the case in the Windows client - or maybe that is something in the standard.
That way we can at least make sure that there is some other NAT router that is causing the problems...
Best, -Michael
Best regards, Wolfgang