I configured a TRB140 for a IPSEC IKEv1 tunnel with a Draytek router. Everything is working fine the first few hours but at some point the dataconnection isn't working anymore. Status of VPN connection in Draytek and TRB140 are still UP and connected. The only way I can solve this is by executing "ipsec restart" in the TRB140.
Result of ipsec statusall when no data connection is possible:
root@TRB140-BlutchS:~# ipsec statusall
Status of IKE charon daemon (strongSwan 5.8.0, Linux 3.18.20-msm, armv7l):
uptime: 4 hours, since Apr 17 07:52:59 2020
malloc: sbrk 765952, mmap 0, used 532608, free 233344
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 12
loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gmp curve25519 xcbc cmac hmac curl sqlite attr kernel-netlink resolve socket-default stroke vici updown xauth-generic
Listening IP addresses:
100.96.51.153
172.20.1.254
Connections:
Blutch-Blutch_c: %any...123.123.123.123 IKEv1 Aggressive, dpddelay=30s
Blutch-Blutch_c: local: [Customer001] uses pre-shared key authentication
Blutch-Blutch_c: remote: [123.123.123.123] uses pre-shared key authentication
Blutch-Blutch_c: child: 172.20.1.0/24 === 192.168.1.0/24 TUNNEL, dpdaction=restart
Security Associations (1 up, 0 connecting):
Blutch-Blutch_c[5]: ESTABLISHED 93 minutes ago, 100.96.51.153[NeoPix001]...123.123.123.123[123.123.123.123]
Blutch-Blutch_c[5]: IKEv1 SPIs: a6d987df295hh0ff_i* 03c8a8186273081b_r, pre-shared key reauthentication in 6 hours
Blutch-Blutch_c[5]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536
Blutch-Blutch_c{9}: REKEYED, TUNNEL, reqid 5, expires in 11 minutes
Blutch-Blutch_c{9}: 172.20.1.0/24 === 192.168.1.0/24
Blutch-Blutch_c{10}: INSTALLED, TUNNEL, reqid 5, ESP in UDP SPIs: c3b962e3_i 70d526a9_o
Blutch-Blutch_c{10}: AES_CBC_128/HMAC_SHA1_96/MODP_1536, 0 bytes_i, 0 bytes_o, rekeying in 39 minutes
Blutch-Blutch_c{10}: 172.20.1.0/24 === 192.168.1.0/24