Hi Team,
We are experiencing an intermittent IPsec issue only on OCI instances when using Pritunl Link (strongSwan).
The same Pritunl configuration works consistently from AWS, but OCI-based nodes sometimes fail to establish the tunnel.
Error
Jan 08 09:44:48 bastion-server pritunl-link[133663]: [2026-01-08 09:44:48][WARN]
sync: Disconnected timeout restarting
Jan 08 09:44:48 bastion-server pritunl-link[133663]: [2026-01-08 09:44:48][INFO]
Jan 08 09:44:49 bastion-server pritunl-link[139589]: Stopping strongSwan IPsec…
Jan 08 09:44:49 bastion-server charon[138141]: 00[DMN] SIGINT received, shutting down
Jan 08 09:44:49 bastion-server charon[138141]: 00[IKE] destroying IKE_SA in state CONNECTING without notification
Jan 08 09:44:49 bastion-server ipsec_starter[138140]: charon stopped after 200 ms
Jan 08 09:44:49 bastion-server ipsec_starter[138140]: ipsec starter stopped
Jan 08 09:44:51 bastion-server pritunl-link[139586]: Starting strongSwan 5.9.11 IPsec [starter]…
Jan 08 09:44:51 bastion-server ipsec_starter[139586]: Starting strongSwan 5.9.11 IPsec [starter]…
Jan 08 09:44:51 bastion-server charon[139616]: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.11, Linux 6.8.0-1030-oracle, x86_64)
Jan 08 09:44:51 bastion-server charon[139616]: 00[LIB] providers loaded by OpenSSL: legacy default
Jan 08 09:44:51 bastion-server charon[139616]: 00[CFG] install DNS servers in ‘/etc/resolv.conf’
Jan 08 09:44:51 bastion-server charon[139616]: 00[CFG] attr-sql plugin: database URI not set
Jan 08 09:44:51 bastion-server charon[139616]: 00[NET] using forecast interface ens3
Jan 08 09:44:51 bastion-server charon[139616]: 00[CFG] joining forecast multicast groups:
Jan 08 09:44:51 bastion-server charon[139616]: 00[CFG] loading ca certificates from ‘/etc/ipsec.d/cacerts’
Jan 08 09:44:51 bastion-server charon[139616]: 00[CFG] loading aa certificates from ‘/etc/ipsec.d/aacerts’
Jan 08 09:44:51 bastion-server charon[139616]: 00[CFG] loading ocsp signer certificates from ‘/etc/ipsec.d/ocspcerts’
Jan 08 09:44:51 bastion-server charon[139616]: 00[CFG] loading attribute certificates from ‘/etc/ipsec.d/acerts’
Jan 08 09:44:51 bastion-server charon[139616]: 00[CFG] loading crls from ‘/etc/ipsec.d/crls’
Jan 08 09:44:51 bastion-server charon[139616]: 00[CFG] loading secrets from ‘/etc/ipsec.secrets’
Jan 08 09:44:51 bastion-server charon[139616]: 00[CFG] loaded IKE secret for 198.51.100.x 203.0.113.x
Jan 08 09:44:51 bastion-server charon[139616]: 00[CFG] sql plugin: database URI not set
Jan 08 09:44:51 bastion-server charon[139616]: 00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory
Jan 08 09:44:51 bastion-server charon[139616]: 00[CFG] loaded 0 RADIUS server configurations
Jan 08 09:44:51 bastion-server charon[139616]: 00[CFG] HA config misses local/remote address
Jan 08 09:44:51 bastion-server charon[139616]: 00[CFG] no script for ext-auth script defined, disabled
Jan 08 09:44:51 bastion-server charon[139616]: 00[LIB] loaded plugins: charon aesni aes des rc2 sha2 sha3 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs12 pgp dnskey sshkey pem openssl pkcs8 fips-prf gmp curve25519 chapoly xcbc cmac hmac kdf gcm ntru drbg newhope bliss curl sqlite attr kernel-netlink resolve socket-default connmark forecast farp stroke vici updown eap-identity eap-sim eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam xauth-noauth dhcp radattr unity counters
We need a immediate help on this. Any guidance or pointers would be greatly appreciated.
Thanks in advance.