[Openswan Users] Ping through tunnel suddenly stops
Sybille Ebert
sybille.ebert at gmx.net
Mon May 24 13:19:26 CEST 2004
Greetings.
I have a tunnel between two machines without a default route. After a
minute or two of successful pinging, tunnel stops and the following is
logged:
ERROR: netlink response for Add SA ... included errno 17: File exists
max number of retransmissions (2) reached STATE_QUICK_R1
ESP packets are still being sent by first gateway, but seem to be
dropped by the other. Last line of ipsec auto --status prints:
000 192.168.1.16/32:0 -1-> 192.168.1.17/32:0 => %hold 0 %acquire-netlink
The problem only occurs when ipsec is first started. If I do "ipsec
restart", the problem disappears.
Why does this happen? I've stumbled upon this while trying to create a
tunnel that would come up whenever the dial-out interface would come up.
Is there a better way to do it besides putting "ipsec start" to ip-up
script?
Thank you.
S
----------------------
My configuration: kernel 2.6.5, Openswan 2.1.2
ipsec.conf:
config setup
interfaces="ipsec0=eth0"
conn vpn0
left=192.168.1.64
leftsubnet=192.168.1.16/32
leftrsasigkey=...
leftid=@left
right=192.168.1.66
rightsubnet=192.168.1.17/32
rightrsasigkey=...
rightid=@right
auto=start
# nexthops are implicitly %direct, arent't they
conn block
auto=ignore # for all built-in conn's
More information about the Users
mailing list