[Openswan Users] Ping through tunnel suddenly stops

[Niki Waibel]

it is possible that i run into the same trouble, but with a different
setup. i also get
000 192.168.254.14/32:0 -4-> 192.168.254.13/32:0 => %hold 0    %acquire-netlink
000 192.168.254.14/32:0 -4-> 192.168.254.13/32:0 => %hold 0    %acquire-netlink
messages --> messageS!

currently we are using
        A) linux-2.6.4 openswan-2.1.0rc1
        <->
        B) linux-2.6.6 openswan-2.1.2rc3

we have a special config which does an ``ipsec auto --up MODEM_TUNNEL'' if
the internet connection is down. MODEM_TUNNEL has the same id's as INET_TUNNEL,
so the inet tunnel is automatically brought down if the modem tunnel goes up.
everything is fine with that config, but

since we upgraded on from linux-2.4.X freeswan-?? to linux-2.6.X openswan,
we have strange troubles bringing up tunnels.

it is possible to up/down tunnels from B), but not from A).
i thought that this is a firewall issue, but as i read this
thread i am starting to think that it might be a linux/openswan
issue...

any idea?

niki

On 24-May-2004 Sybille Ebert wrote:
> Greetings.
> 
> I have a tunnel between two machines without a default route. After a 
> minute or two of successful pinging, tunnel stops and the following is 
> logged:
> 
> ERROR: netlink response for Add SA ... included errno 17: File exists
> max number of retransmissions (2) reached STATE_QUICK_R1
> 
> ESP packets are still being sent by first gateway, but seem to be 
> dropped by the other. Last line of ipsec auto --status prints:
> 
> 000 192.168.1.16/32:0 -1-> 192.168.1.17/32:0 => %hold 0    %acquire-netlink
> 
> The problem only occurs when ipsec is first started. If I do "ipsec 
> restart", the problem disappears.
> 
> Why does this happen? I've stumbled upon this while trying to create a 
> tunnel that would come up whenever the dial-out interface would come up. 
> Is there a better way to do it besides putting "ipsec start" to ip-up 
> script?
> 
> Thank you.
> S