OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: ekke on September 22, 2017, 01:56:08 am

Title: [SOLVED] Mobile IPSec
Post by: ekke on September 22, 2017, 01:56:08 am

Im getting this error message in the logs,  queue full? what does that mean?

Sep 22 01:52:58   charon: 09[JOB] deleting half open IKE_SA with 94.234.170.103 after timeout
Sep 22 01:52:55   charon: 09[IKE] ignoring INFORMATIONAL_V1 request, queue full
Sep 22 01:52:55   charon: 09[NET] received packet: from 94.234.170.103[9039] to 85.225.138.8[4500] (92 bytes)
Sep 22 01:52:55   charon: 09[NET] sending packet: from 85.225.138.8[500] to 94.234.170.103[13590] (429 bytes)
Sep 22 01:52:55   charon: 09[IKE] received retransmit of request with ID 0, retransmitting response
Sep 22 01:52:55   charon: 09[NET] received packet: from 94.234.170.103[9039] to 85.225.138.8[4500] (782 bytes)
Sep 22 01:52:53   charon: 10[IKE] ignoring INFORMATIONAL_V1 request, queue full
Sep 22 01:52:53   charon: 10[NET] received packet: from 94.234.170.103[9039] to 85.225.138.8[4500] (92 bytes)
Sep 22 01:52:52   charon: 10[NET] sending packet: from 85.225.138.8[500] to 94.234.170.103[13590] (429 bytes)
Sep 22 01:52:52   charon: 10[IKE] sending retransmit 3 of response message ID 0, seq 1
Sep 22 01:52:51   charon: 10[IKE] ignoring INFORMATIONAL_V1 request, queue full
Sep 22 01:52:51   charon: 10[NET] received packet: from 94.234.170.103[9039] to 85.225.138.8[4500] (92 bytes)
Sep 22 01:52:51   charon: 10[NET] sending packet: from 85.225.138.8[500] to 94.234.170.103[13590] (429 bytes)
Sep 22 01:52:51   charon: 10[IKE] received retransmit of request with ID 0, retransmitting response
Sep 22 01:52:51   charon: 10[NET] received packet: from 94.234.170.103[9039] to 85.225.138.8[4500] (782 bytes)
Sep 22 01:52:49   charon: 10[IKE] ignoring INFORMATIONAL_V1 request, queue full

Title: Re: Mobile IPSec
Post by: franco on September 22, 2017, 08:03:43 pm

The bigger question: is it working?

The source code says your client already requested a connection, but asked again which StrongSwan refuses because it wants the process the former one still.

https://github.com/strongswan/strongswan/blob/master/src/libcharon/sa/ikev1/task_manager_v1.c#L1323


Cheers,
Franco

Title: Re: Mobile IPSec
Post by: ekke on September 22, 2017, 09:10:36 pm

thanx for the replay,

no my android mobile says failed unfortunately .

Title: Re: Mobile IPSec
Post by: ekke on September 23, 2017, 12:18:21 am

duh! I forgot to restart the IPSec service :) Working now....

Title: Re: Mobile IPSec
Post by: franco on September 23, 2017, 09:00:43 am

Huh, what changed exactly?


Cheers,
Franco

Title: Re: Mobile IPSec
Post by: ekke on September 23, 2017, 07:32:09 pm

I did also change identifier, but I couldn't get a successfull connection from my mobile until I restarted the IPSec service, which seems abit odd.

Title: Re: Mobile IPSec
Post by: mimugmail on September 23, 2017, 08:48:18 pm

I also encountered this. Changing P1 only reloads and doesnt restart which is sometimes required

Title: Re: Mobile IPSec
Post by: franco on September 24, 2017, 12:35:18 pm

Neither phase 1 nor phase 2 restart / reconfigure. Editing on both pages prompts for an "apply" on the main IPsec page that both pages redirect to after a successful save.


Cheers,
Franco