[SOLVED] Mobile IPSec

Started by ekke, September 22, 2017, 01:56:08 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 22, 2017, 01:56:08 AM Last Edit: September 24, 2017, 12:35:29 PM by franco
Im getting this error message in the logs,  queue full? what does that mean?

Sep 22 01:52:58   charon: 09[JOB] deleting half open IKE_SA with 94.234.170.103 after timeout
Sep 22 01:52:55   charon: 09[IKE] ignoring INFORMATIONAL_V1 request, queue full
Sep 22 01:52:55   charon: 09[NET] received packet: from 94.234.170.103[9039] to 85.225.138.8[4500] (92 bytes)
Sep 22 01:52:55   charon: 09[NET] sending packet: from 85.225.138.8[500] to 94.234.170.103[13590] (429 bytes)
Sep 22 01:52:55   charon: 09[IKE] received retransmit of request with ID 0, retransmitting response
Sep 22 01:52:55   charon: 09[NET] received packet: from 94.234.170.103[9039] to 85.225.138.8[4500] (782 bytes)
Sep 22 01:52:53   charon: 10[IKE] ignoring INFORMATIONAL_V1 request, queue full
Sep 22 01:52:53   charon: 10[NET] received packet: from 94.234.170.103[9039] to 85.225.138.8[4500] (92 bytes)
Sep 22 01:52:52   charon: 10[NET] sending packet: from 85.225.138.8[500] to 94.234.170.103[13590] (429 bytes)
Sep 22 01:52:52   charon: 10[IKE] sending retransmit 3 of response message ID 0, seq 1
Sep 22 01:52:51   charon: 10[IKE] ignoring INFORMATIONAL_V1 request, queue full
Sep 22 01:52:51   charon: 10[NET] received packet: from 94.234.170.103[9039] to 85.225.138.8[4500] (92 bytes)
Sep 22 01:52:51   charon: 10[NET] sending packet: from 85.225.138.8[500] to 94.234.170.103[13590] (429 bytes)
Sep 22 01:52:51   charon: 10[IKE] received retransmit of request with ID 0, retransmitting response
Sep 22 01:52:51   charon: 10[NET] received packet: from 94.234.170.103[9039] to 85.225.138.8[4500] (782 bytes)
Sep 22 01:52:49   charon: 10[IKE] ignoring INFORMATIONAL_V1 request, queue full
September 22, 2017, 08:03:43 PM #1
The bigger question: is it working?

The source code says your client already requested a connection, but asked again which StrongSwan refuses because it wants the process the former one still.

https://github.com/strongswan/strongswan/blob/master/src/libcharon/sa/ikev1/task_manager_v1.c#L1323


Cheers,
Franco
September 22, 2017, 09:10:36 PM #2
thanx for the replay,

no my android mobile says failed unfortunately .
September 23, 2017, 12:18:21 AM #3
duh! I forgot to restart the IPSec service :) Working now....
September 23, 2017, 09:00:43 AM #4
Huh, what changed exactly?


Cheers,
Franco
September 23, 2017, 07:32:09 PM #5
I did also change identifier, but I couldn't get a successfull connection from my mobile until I restarted the IPSec service, which seems abit odd.
September 23, 2017, 08:48:18 PM #6
I also encountered this. Changing P1 only reloads and doesnt restart which is sometimes required
September 24, 2017, 12:35:18 PM #7
Neither phase 1 nor phase 2 restart / reconfigure. Editing on both pages prompts for an "apply" on the main IPsec page that both pages redirect to after a successful save.


Cheers,
Franco
Print
Go Up Pages1
User actions