OPNsense Forum

Archive => 20.1 Legacy Series => Topic started by: mliebherr on July 13, 2020, 08:30:35 am

Title: IPSec Logs spammed by DPD
Post by: mliebherr on July 13, 2020, 08:30:35 am

Hello,

in my ipsec logs i see tons of dpd entries:

2020-07-13T08:27:09   charon: 05[ENC] <con3-000|199> parsed INFORMATIONAL_V1 request 1868979696 [ HASH N(DPD_ACK) ]
2020-07-13T08:27:09   charon: 05[NET] <con3-000|199> received packet: from 195.123.123.132[500] to 212.123.123.132[500] (108 bytes)
2020-07-13T08:27:09   charon: 05[NET] <con3-000|199> sending packet: from 212.123.123.132[500] to 195.123.123.132[500] (108 bytes)
2020-07-13T08:27:09   charon: 05[ENC] <con3-000|199> generating INFORMATIONAL_V1 request 754577938 [ HASH N(DPD) ]
2020-07-13T08:27:09   charon: 05[IKE] <con3-000|199> sending DPD request
2020-07-13T08:26:59   charon: 11[ENC] <con3-000|199> parsed INFORMATIONAL_V1 request 4129560268 [ HASH N(DPD_ACK) ]
2020-07-13T08:26:59   charon: 11[NET] <con3-000|199> received packet: from 195.123.123.132[500] to 212.123.123.132[500] (108 bytes)
2020-07-13T08:26:59   charon: 11[NET] <con3-000|199> sending packet: from 212.123.123.132[500] to 195.123.123.132[500] (108 bytes)
2020-07-13T08:26:59   charon: 11[ENC] <con3-000|199> generating INFORMATIONAL_V1 request 3506761780 [ HASH N(DPD) ]
2020-07-13T08:26:59   charon: 11[IKE] <con3-000|199> sending DPD request
2020-07-13T08:26:49   charon: 11[ENC] <con3-000|199> parsed INFORMATIONAL_V1 request 645149682 [ HASH N(DPD_ACK) ]
2020-07-13T08:26:49   charon: 11[NET] <con3-000|199> received packet: from 195.123.123.132[500] to 212.123.123.132[500] (108 bytes)
2020-07-13T08:26:49   charon: 11[NET] <con3-000|199> sending packet: from 212.123.123.132[500] to 195.123.123.132[500] (108 bytes)
2020-07-13T08:26:49   charon: 11[ENC] <con3-000|199> generating INFORMATIONAL_V1 request 178883678 [ HASH N(DPD) ]
2020-07-13T08:26:49   charon: 11[IKE] <con3-000|199> sending DPD request
2020-07-13T08:26:39   charon: 11[ENC] <con3-000|199> parsed INFORMATIONAL_V1 request 4084736993 [ HASH N(DPD_ACK) ]
2020-07-13T08:26:39   charon: 11[NET] <con3-000|199> received packet: from 195.123.123.132[500] to 212.123.123.132[500] (108 bytes)
2020-07-13T08:26:39   charon: 11[NET] <con3-000|199> sending packet: from 212.123.123.132[500] to 195.123.123.132[500] (108 bytes)
2020-07-13T08:26:39   charon: 11[ENC] <con3-000|199> generating INFORMATIONAL_V1 request 611242534 [ HASH N(DPD) ]
2020-07-13T08:26:39   charon: 11[IKE] <con3-000|199> sending DPD request
2020-07-13T08:26:29   charon: 05[ENC] <con3-000|199> parsed INFORMATIONAL_V1 request 2305290029 [ HASH N(DPD_ACK) ]
2020-07-13T08:26:29   charon: 05[NET] <con3-000|199> received packet: from 195.123.123.132[500] to 212.123.123.132[500] (108 bytes)
2020-07-13T08:26:29   charon: 05[NET] <con3-000|199> sending packet: from 212.123.123.132[500] to 195.123.123.132[500] (108 bytes)
2020-07-13T08:26:29   charon: 05[ENC] <con3-000|199> generating INFORMATIONAL_V1 request 2173662243 [ HASH N(DPD) ]
2020-07-13T08:26:29   charon: 05[IKE] <con3-000|199> sending DPD request
2020-07-13T08:26:19   charon: 05[ENC] <con3-000|199> parsed INFORMATIONAL_V1 request 1597707906 [ HASH N(DPD_ACK) ]
2020-07-13T08:26:19   charon: 05[NET] <con3-000|199> received packet: from 195.123.123.132[500] to 212.123.123.132[500] (108 bytes)
2020-07-13T08:26:19   charon: 05[NET] <con3-000|199> sending packet: from 212.123.123.132[500] to 195.123.123.132[500] (108 bytes)
2020-07-13T08:26:19   charon: 05[ENC] <con3-000|199> generating INFORMATIONAL_V1 request 2626876554 [ HASH N(DPD) ]
2020-07-13T08:26:19   charon: 05[IKE] <con3-000|199> sending DPD request
2020-07-13T08:26:09   charon: 11[ENC] <con3-000|199> parsed INFORMATIONAL_V1 request 568638514 [ HASH N(DPD_ACK) ]
2020-07-13T08:26:09   charon: 11[NET] <con3-000|199> received packet: from 195.123.123.132[500] to 212.123.123.132[500] (108 bytes)
2020-07-13T08:26:09   charon: 15[NET] <con3-000|199> sending packet: from 212.123.123.132[500] to 195.123.123.132[500] (108 bytes)
2020-07-13T08:26:09   charon: 15[ENC] <con3-000|199> generating INFORMATIONAL_V1 request 4215212232 [ HASH N(DPD) ]
2020-07-13T08:26:09   charon: 15[IKE] <con3-000|199> sending DPD request
2020-07-13T08:25:59   charon: 15[ENC] <con3-000|199> parsed INFORMATIONAL_V1 request 2770676844 [ HASH N(DPD_ACK) ]
2020-07-13T08:25:59   charon: 15[NET] <con3-000|199> received packet: from 195.123.123.132[500] to 212.123.123.132[500] (108 bytes)
2020-07-13T08:25:59   charon: 15[NET] <con3-000|199> sending packet: from 212.123.123.132[500] to 195.123.123.132[500] (108 bytes)
2020-07-13T08:25:59   charon: 15[ENC] <con3-000|199> generating INFORMATIONAL_V1 request 1988059217 [ HASH N(DPD) ]

how can i trim the logs down to the usefull stuff? Those DPD Infos are not very useful

Cheers,
Michael

Title: Re: IPSec Logs spammed by DPD
Post by: mimugmail on July 16, 2020, 05:23:18 pm

They are useful if the tunnel goes down.
Just wait for 20.7 so you can set rotating logs, then the size is not important anymore. :)