strongswan IKEv2 disable reauth (NetworkManager)

Navegue suas respostas
0

Eu configurei uma conexão VPN usando o IKEv2 para o meu roteador Draytek, que funciona por uma hora, em seguida, apenas desconecta (e não consigo reconectar a menos que eu reinicie). Pelo que encontrei até agora, isso pode estar relacionado à recriação de IKEv2 que (de acordo com o link ) não funciona ao usar o NetworkManager .

Eu não posso provar que é o problema porque meus logs do NetworkManager não dizem nada sobre rekeying, mas se eu me conectar à VPN às 12:26:46 e eu for desconectado às 13:26:43, então eu acho que é bastante óbvio . 

2018-11-17T12:26:46.490725+01:00 localhost NetworkManager[1937]: <info>  [1542454006.4903] audit: op="connection-activate" uuid="7b78625f-5ba4-40bc-9915-63594471d282" name="NORDPRIM" pid=2780 uid=1000 result="success"
2018-11-17T12:26:46.510417+01:00 localhost NetworkManager[1937]: <info>  [1542454006.5100] vpn-connection[0x55801e07a300,7b78625f-5ba4-40bc-9915-63594471d282,"NORDPRIM",0]: Saw the service appear; activating connection
2018-11-17T12:26:46.553825+01:00 localhost NetworkManager[1937]: <info>  [1542454006.5534] vpn-connection[0x55801e07a300,7b78625f-5ba4-40bc-9915-63594471d282,"NORDPRIM",0]: VPN plugin: state changed: starting (3)
2018-11-17T12:26:46.664157+01:00 localhost NetworkManager[1937]: <info>  [1542454006.6639] audit: op="statistics" arg="refresh-rate-ms" pid=2780 uid=1000 result="success"
2018-11-17T12:26:47.447069+01:00 localhost NetworkManager[1937]: <info>  [1542454007.4449] vpn-connection[0x55801e07a300,7b78625f-5ba4-40bc-9915-63594471d282,"NORDPRIM",0]: VPN connection: (IP4 Config Get) reply received from old-style plugin
2018-11-17T12:26:47.450333+01:00 localhost NetworkManager[1937]: <info>  [1542454007.4489] vpn-connection[0x55801e07a300,7b78625f-5ba4-40bc-9915-63594471d282,"NORDPRIM",0]: Data: VPN Gateway: xxx.xxx.xxx.xxx
2018-11-17T12:26:47.451473+01:00 localhost NetworkManager[1937]: <info>  [1542454007.4491] vpn-connection[0x55801e07a300,7b78625f-5ba4-40bc-9915-63594471d282,"NORDPRIM",0]: Data: Tunnel Device: (null)
2018-11-17T12:26:47.452541+01:00 localhost NetworkManager[1937]: <info>  [1542454007.4492] vpn-connection[0x55801e07a300,7b78625f-5ba4-40bc-9915-63594471d282,"NORDPRIM",0]: Data: IPv4 configuration:
2018-11-17T12:26:47.454486+01:00 localhost NetworkManager[1937]: <info>  [1542454007.4492] vpn-connection[0x55801e07a300,7b78625f-5ba4-40bc-9915-63594471d282,"NORDPRIM",0]: Data:   Internal Address: 192.168.10.200
2018-11-17T12:26:47.455723+01:00 localhost NetworkManager[1937]: <info>  [1542454007.4494] vpn-connection[0x55801e07a300,7b78625f-5ba4-40bc-9915-63594471d282,"NORDPRIM",0]: Data:   Internal Prefix: 32
2018-11-17T12:26:47.456819+01:00 localhost NetworkManager[1937]: <info>  [1542454007.4494] vpn-connection[0x55801e07a300,7b78625f-5ba4-40bc-9915-63594471d282,"NORDPRIM",0]: Data:   Internal Point-to-Point Address: 192.168.10.200
2018-11-17T12:26:47.458186+01:00 localhost NetworkManager[1937]: <info>  [1542454007.4495] vpn-connection[0x55801e07a300,7b78625f-5ba4-40bc-9915-63594471d282,"NORDPRIM",0]: Data:   Static Route: 192.168.10.200/32   Next Hop: 0.0.0.0
2018-11-17T12:26:47.459736+01:00 localhost NetworkManager[1937]: <info>  [1542454007.4496] vpn-connection[0x55801e07a300,7b78625f-5ba4-40bc-9915-63594471d282,"NORDPRIM",0]: Data:   Internal DNS: 192.168.10.254
2018-11-17T12:26:47.461054+01:00 localhost NetworkManager[1937]: <info>  [1542454007.4497] vpn-connection[0x55801e07a300,7b78625f-5ba4-40bc-9915-63594471d282,"NORDPRIM",0]: Data:   DNS Domain: '(none)'
2018-11-17T12:26:47.462320+01:00 localhost NetworkManager[1937]: <info>  [1542454007.4498] vpn-connection[0x55801e07a300,7b78625f-5ba4-40bc-9915-63594471d282,"NORDPRIM",0]: Data: No IPv6 configuration
2018-11-17T12:26:47.464758+01:00 localhost NetworkManager[1937]: <info>  [1542454007.4552] vpn-connection[0x55801e07a300,7b78625f-5ba4-40bc-9915-63594471d282,"NORDPRIM",0]: VPN connection: (IP Config Get) complete
2018-11-17T12:26:47.466061+01:00 localhost NetworkManager[1937]: <info>  [1542454007.4565] vpn-connection[0x55801e07a300,7b78625f-5ba4-40bc-9915-63594471d282,"NORDPRIM",0]: VPN plugin: state changed: started (4)
2018-11-17T12:26:48.157574+01:00 localhost NetworkManager[1937]: nisdomainname: you must be root to change the domain name
2018-11-17T12:26:48.158068+01:00 localhost NetworkManager[1937]: nisdomainname: you must be root to change the domain name
2018-11-17T12:26:48.170065+01:00 localhost nm-dispatcher: req:2 'vpn-up' [wlan0]: new request (4 scripts)
2018-11-17T12:26:48.170889+01:00 localhost nm-dispatcher: req:2 'vpn-up' [wlan0]: start running ordered scripts...
2018-11-17T12:26:48.275138+01:00 localhost NetworkManager[1937]: <info>  [1542454008.2746] audit: op="statistics" arg="refresh-rate-ms" pid=2780 uid=1000 result="success"
2018-11-17T13:26:42.161130+01:00 localhost NetworkManager[1937]: <warn>  [1542457602.1599] vpn-connection[0x55801e07a300,7b78625f-5ba4-40bc-9915-63594471d282,"NORDPRIM",0]: VPN plugin: failed: connect-failed (1)
2018-11-17T13:26:42.161848+01:00 localhost NetworkManager[1937]: <info>  [1542457602.1607] vpn-connection[0x55801e07a300,7b78625f-5ba4-40bc-9915-63594471d282,"NORDPRIM",0]: VPN plugin: state changed: stopped (6)
2018-11-17T13:26:43.030375+01:00 localhost NetworkManager[1937]: nisdomainname: you must be root to change the domain name
2018-11-17T13:26:43.031301+01:00 localhost NetworkManager[1937]: nisdomainname: you must be root to change the domain name
2018-11-17T13:26:43.139098+01:00 localhost nm-dispatcher: req:1 'vpn-down' [wlan0]: new request (4 scripts)
2018-11-17T13:26:43.140352+01:00 localhost nm-dispatcher: req:1 'vpn-down' [wlan0]: start running ordered scripts...
2018-11-17T13:26:46.555364+01:00 localhost NetworkManager[1937]: <info>  [1542457606.5551] dhcp4 (wlan0):   address 192.168.1.109
2018-11-17T13:26:46.555873+01:00 localhost NetworkManager[1937]: <info>  [1542457606.5552] dhcp4 (wlan0):   plen 24 (255.255.255.0)
2018-11-17T13:26:46.556324+01:00 localhost NetworkManager[1937]: <info>  [1542457606.5552] dhcp4 (wlan0):   gateway 192.168.1.1
2018-11-17T13:26:46.556781+01:00 localhost NetworkManager[1937]: <info>  [1542457606.5552] dhcp4 (wlan0):   lease time 7200
2018-11-17T13:26:46.557225+01:00 localhost NetworkManager[1937]: <info>  [1542457606.5553] dhcp4 (wlan0):   nameserver '192.168.1.1'
2018-11-17T13:26:46.557687+01:00 localhost NetworkManager[1937]: <info>  [1542457606.5553] dhcp4 (wlan0): state changed bound -> bound
2018-11-17T13:26:46.559480+01:00 localhost nm-dispatcher: req:2 'dhcp4-change' [wlan0]: new request (4 scripts)
2018-11-17T13:26:46.560084+01:00 localhost nm-dispatcher: req:2 'dhcp4-change' [wlan0]: start running ordered scripts...

De qualquer forma, não consigo descobrir como configurar o registro de conexões strongswan do NetworkManager e nem sei onde desativar o rekeying (reauth) para essas conexões. Alguém pode me dizer isso?

Usando o openSUSE Leap 15

EDITAR: syslog como solicitado nos comentários: link

EDIT2: syslog do roteador: link Eu só o filtrei pelo tempo, então é mais ou menos o mesmo que os logs do meu computador. Eu não vejo nada sobre a desconexão da VPN por volta das 13:26, então coloquei todos os logs do roteador a partir daquele momento. Havia 3 clientes se conectando com VPN para roteador - bartek, piotr e filip, estamos olhando para filip (bartek estava se conectando com Shrew VPN, que funciona sem problemas e piotr estava usando IKEv2 com strongSwan também, não foi desconectado ao mesmo tempo como eu, mas seria desconectado, eventualmente, como ele está usando a mesma configuração que eu)

    
por FilipK 20.11.2018 / 10:25

0 respostas

Tags

Configuração simples de roteamento VPN Partição raiz incorreta montada