Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 1588 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec Site-2-Site VPN routes not deleted or added on reconnect - error 2

LHerzog

Hi,

we're having an issue for a XG106 HA connecting to UTM HA with IPSec. Case 03444132.

Whenever the tunnel gets interrupted, the XG will reconnect but *some" of the routes to the remote side of the tunnel will not work until we disable and enable the tunnel on the XG side. Also a second interruption will fix it.

In the strongswans logs we found this errors on XG side and I would like to know if this NC-61092 [IPsec] Strongswan not creating default route in table 220 may be exaclty about this issue.


Tunnel interrupted:

2020-12-07 07:44:48 24[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route del 100.100.123.0/24 dev ipsec0 src 200.200.48.129 table 220': success 0
2020-12-07 07:44:50 24[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route del 100.100.123.0/24 dev ipsec0 src 200.200.48.1 table 220': error returned 2
2020-12-07 07:44:51 24[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route del 100.100.123.0/24 dev ipsec0 src 100.100.100.1 table 220': error returned 2
 

Tunnel first interrupted

2020-12-07 07:46:12 32[APP] <Tunnel_Name-1|1600> [COP-UPDOWN] (ref_counting) ref_count: 0 to 1 ++ up ++ (200.200.48.128/26#100.100.123.0/24)
2020-12-07 07:46:13 24[APP] <Tunnel_Name-1|1600> [COP-UPDOWN] (ref_counting) ref_count: 0 to 1 ++ up ++ (200.200.48.0/26#100.100.123.0/24)
2020-12-07 07:46:13 31[APP] <Tunnel_Name-1|1600> [COP-UPDOWN] (ref_counting) ref_count: 0 to 1 ++ up ++ (100.100.100.2/32#100.100.123.0/24)
2020-12-07 07:46:19 29[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route add 100.100.123.0/24 dev ipsec0 src 200.200.48.129 table 220': success 0
2020-12-07 07:46:22 29[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route add 100.100.123.0/24 dev ipsec0 src 200.200.48.1 table 220': error returned 2
2020-12-07 07:46:22 29[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route add 100.100.123.0/24 dev ipsec0 src 100.100.100.1 table 220': error returned 2

Tunnel second interrupted

2020-12-11 12:54:34 30[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route add 100.100.123.0/24 dev ipsec0 src 200.200.48.1 table 220': success 0
2020-12-11 12:54:35 30[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route add 100.100.123.0/24 dev ipsec0 src 200.200.48.129 table 220': error returned 2
2020-12-11 12:54:40 30[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route add 100.100.123.0/24 dev ipsec0 src 100.100.100.1 table 220': error returned 2



This thread was automatically locked due to age.
Parents Reply Children
No Data