[Openswan Users] Problems on dialup vpn
John McMonagle
johnm at advocap.org
Tue May 17 10:42:47 CEST 2005
I installed 2.3.0-2 on all 6 firewalls with 10 connections.
Not really thrilled about building my own debian packages from scratch
unless I have to.
Was getting a bit nervous as it didn't seem to help until I did them all.
Seems better now. it's much more usable.
This morning the particular connection I gave earlier did not come up.
On the dial up side it did not add?
The other vpn connection that I have not mentioned so far came up fine.
This that I did this morning:
prvroute:~# ipsec auto --up prviewfondy
021 no connection named "prviewfondy"
prvroute:~# ipsec auto --add prviewfondy
prvroute:~# ipsec auto --up prviewfondy
104 "prviewfondy" #14: STATE_MAIN_I1: initiate
003 "prviewfondy" #14: received Vendor ID payload [Dead Peer Detection]
106 "prviewfondy" #14: STATE_MAIN_I2: sent MI2, expecting MR2
108 "prviewfondy" #14: STATE_MAIN_I3: sent MI3, expecting MR3
004 "prviewfondy" #14: STATE_MAIN_I4: ISAKMP SA established
117 "prviewfondy" #15: STATE_QUICK_I1: initiate
004 "prviewfondy" #15: STATE_QUICK_I2: sent QI2, IPsec SA established
{ESP=>0x46cc6d45 <0x85912bd9 IPCOMP=>0x000040c4 <0x00007367}
One thing to note I'm using old freeswan style rsa key setup.
Any chance it couldn't resolve the tfondy.advocap.org and didn't add it?
It is static so I could put it in the hosts file.
Forgot to check ipsec auto --status before adding prviewfondy :(
There are a few errors indicated in the log.
In particalar wonder about the "No buffer space available" message?
Here is the ipsec stuff from the log when it dialed up last night:
May 16 23:44:21 prvroute ipsec__plutorun: Starting Pluto subsystem...
May 16 23:44:23 prvroute pluto[17773]: Starting Pluto (Openswan Version
2.3.0 X.509-1.5.4 PLUTO_USES_KEYRR)
May 16 23:44:23 prvroute pluto[17773]: Setting port floating to off
May 16 23:44:23 prvroute pluto[17773]: port floating activate 0/1
May 16 23:44:23 prvroute pluto[17773]: including NAT-Traversal patch
(Version 0.6c) [disabled]
May 16 23:44:23 prvroute pluto[17773]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC: Ok (ret=0)
May 16 23:44:23 prvroute pluto[17773]: starting up 1 cryptographic helpers
May 16 23:44:23 prvroute pluto[17773]: started helper pid=17774 (fd:6)
May 16 23:44:23 prvroute pluto[17773]: Using Linux 2.6 IPsec interface code
May 16 23:44:23 prvroute pluto[17773]: Changing to directory
'/etc/ipsec.d/cacerts'
May 16 23:44:23 prvroute pluto[17773]: loaded CA cert file
'cacert.pem' (1281 bytes)
May 16 23:44:23 prvroute pluto[17773]: Could not change to directory
'/etc/ipsec.d/aacerts'
May 16 23:44:23 prvroute pluto[17773]: Changing to directory
'/etc/ipsec.d/ocspcerts'
May 16 23:44:23 prvroute pluto[17773]: Changing to directory
'/etc/ipsec.d/crls'
May 16 23:44:23 prvroute pluto[17773]: Warning: empty directory
May 16 23:44:37 prvroute pluto[17773]: added connection description
"prviewoshkosh"
May 16 23:44:58 prvroute pluto[17773]: listening for IKE messages
May 16 23:44:58 prvroute pluto[17773]: adding interface ppp0/ppp0
216.127.203.221
May 16 23:44:58 prvroute pluto[17773]: adding interface eth0/eth0
192.168.10.254
May 16 23:44:58 prvroute pluto[17773]: adding interface lo/lo 127.0.0.1
May 16 23:44:58 prvroute pluto[17773]: adding interface lo/lo ::1
May 16 23:44:58 prvroute pluto[17773]: loading secrets from
"/etc/ipsec.secrets"
May 16 23:44:58 prvroute pluto[17773]: "prviewoshkosh" #1: initiating
Main Mode
May 16 23:44:58 prvroute pluto[17773]: | no IKE algorithms for this
connection
May 16 23:44:58 prvroute pluto[17773]: ERROR: "prviewoshkosh" #1: sendto
on ppp0 to 216.170.138.63:500 failed in main_outI1. Errno 105: No buffer
space avai
lable
May 16 23:45:00 prvroute pluto[17773]: packet from 216.170.138.63:500:
received Vendor ID payload [Dead Peer Detection]
May 16 23:45:00 prvroute pluto[17773]: "prviewoshkosh" #2: responding to
Main Mode
May 16 23:45:00 prvroute pluto[17773]: "prviewoshkosh" #2: transition
from state STATE_MAIN_R0 to state STATE_MAIN_R1
May 16 23:45:00 prvroute pluto[17773]: ERROR: "prviewoshkosh" #2: sendto
on ppp0 to 216.170.138.63:500 failed in STATE_MAIN_R0. Errno 105: No
buffer space a
vailable
May 16 23:45:13 prvroute pluto[17773]: "prviewoshkosh" #1: received
Vendor ID payload [Dead Peer Detection]
May 16 23:45:13 prvroute pluto[17773]: "prviewoshkosh" #1: transition
from state STATE_MAIN_I1 to state STATE_MAIN_I2
May 16 23:45:13 prvroute pluto[17773]: ERROR: "prviewoshkosh" #1: sendto
on ppp0 to 216.170.138.63:500 failed in STATE_MAIN_I1. Errno 105: No
buffer space a
vailable
May 16 23:45:23 prvroute pluto[17773]: "prviewoshkosh" #1: discarding
duplicate packet; already STATE_MAIN_I2
May 16 23:45:23 prvroute pluto[17773]: ERROR: "prviewoshkosh" #1: sendto
on ppp0 to 216.170.138.63:500 failed in EVENT_RETRANSMIT. Errno 105: No
buffer spac
e available
May 16 23:45:28 prvroute pluto[17773]: "prviewoshkosh" #2: transition
from state STATE_MAIN_R1 to state STATE_MAIN_R2
May 16 23:45:30 prvroute pluto[17773]: "prviewoshkosh" #2: Main mode
peer ID is ID_FQDN: '@oshkosh.advocap.org'
May 16 23:45:30 prvroute pluto[17773]: "prviewoshkosh" #2: I did not
send a certificate because I do not have one.
May 16 23:45:30 prvroute pluto[17773]: "prviewoshkosh" #2: transition
from state STATE_MAIN_R2 to state STATE_MAIN_R3
May 16 23:45:30 prvroute pluto[17773]: "prviewoshkosh" #2: sent MR3,
ISAKMP SA established
May 16 23:45:34 prvroute pluto[17773]: "prviewoshkosh" #3: responding to
Quick Mode
May 16 23:45:34 prvroute pluto[17773]: "prviewoshkosh" #3: transition
from state STATE_QUICK_R0 to state STATE_QUICK_R1
May 16 23:45:34 prvroute pluto[17773]: packet from 216.170.136.82:500:
received Vendor ID payload [Dead Peer Detection]
May 16 23:45:34 prvroute pluto[17773]: packet from 216.170.136.82:500:
initial Main Mode message received on 216.127.203.221:500 but no
connection has been
authorized
May 16 23:45:40 prvroute pluto[17773]: "prviewoshkosh" #3: transition
from state STATE_QUICK_R1 to state STATE_QUICK_R2
May 16 23:45:40 prvroute pluto[17773]: "prviewoshkosh" #3: IPsec SA
established {ESP=>0xf06c3853 <0xbe9f5c2e IPCOMP=>0x000083b6 <0x0000a55d}
May 16 23:45:42 prvroute pluto[17773]: "prviewoshkosh" #1: discarding
duplicate packet; already STATE_MAIN_I2
May 16 23:45:48 prvroute pluto[17773]: "prviewoshkosh" #1: I did not
send a certificate because I do not have one.
May 16 23:45:48 prvroute pluto[17773]: "prviewoshkosh" #1: transition
from state STATE_MAIN_I2 to state STATE_MAIN_I3
May 16 23:45:50 prvroute pluto[17773]: "prviewoshkosh" #1: Main mode
peer ID is ID_FQDN: '@oshkosh.advocap.org'
May 16 23:45:50 prvroute pluto[17773]: "prviewoshkosh" #1: transition
from state STATE_MAIN_I3 to state STATE_MAIN_I4
May 16 23:45:50 prvroute pluto[17773]: "prviewoshkosh" #1: ISAKMP SA
established
May 16 23:45:50 prvroute pluto[17773]: "prviewoshkosh" #4: initiating
Quick Mode RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+UP {using isakmp#1}
May 16 23:45:56 prvroute pluto[17773]: "prviewoshkosh" #4: transition
from state STATE_QUICK_I1 to state STATE_QUICK_I2
May 16 23:45:56 prvroute pluto[17773]: "prviewoshkosh" #4: sent QI2,
IPsec SA established {ESP=>0x45f85a1d <0xe8857ed6 IPCOMP=>0x0000c8e3
<0x00004c4b}
May 16 23:46:14 prvroute pluto[17773]: packet from 216.170.136.82:500:
received Vendor ID payload [Dead Peer Detection]
May 16 23:46:14 prvroute pluto[17773]: packet from 216.170.136.82:500:
initial Main Mode message received on 216.127.203.221:500 but no
connection has been
authorized
May 16 23:46:54 prvroute pluto[17773]: packet from 216.170.136.82:500:
received Vendor ID payload [Dead Peer Detection]
May 16 23:46:54 prvroute pluto[17773]: packet from 216.170.136.82:500:
initial Main Mode message received on 216.127.203.221:500 but no
connection has been
authorized
May 16 23:47:34 prvroute pluto[17773]: packet from 216.170.136.82:500:
received Vendor ID payload [Dead Peer Detection]
May 16 23:47:34 prvroute pluto[17773]: packet from 216.170.136.82:500:
initial Main Mode message received on 216.127.203.221:500 but no
connection has been
216.170.136.82 is the connection that did not add properly.
Thanks for the help.
John
Paul Wouters wrote:
> On Mon, 16 May 2005, John McMonagle wrote:
>
>> There is 2.3.0-2 in debian unstable will that be good enough?
>
>
> I do not know what patches that includes. In the next few days, 2.3.2
> will be released. It is currently being tested by Xelerance.
>
> Paul
>
>> John
>>
>> Paul Wouters wrote:
>>
>>> On Mon, 16 May 2005, John McMonagle wrote:
>>>
>>>> Using openswan 2.2.0-4
>>>
>>>
>>>
>>> You are running into racing IPsec SA's, so you're continiously
>>> rekeying,
>>> while during some of the time, your connection is up. This is a
>>> known issue
>>> with 2.2.x.
>>>
>>> Please upgrade to 2.3.1
>>>
>>> Paul
>>>
>>>> On dial up side using diald set to keep up the connection if possible.
>>>> Scripts bring up ipsec after connecting and stop ipsec after
>>>> connection goes down.
>>>>
>>>> Checking the logs that seems to work properly
>>>>
>>>> Problem is it either doesn't come up or it sort of works with a
>>>> high load particularly on the dial up side.
>>>> Dial up sides load is about 3 although it pretty much idle, pluto
>>>> is the top load.
>>>>
>>>> At best ping time is about 200ms can be a few seconds.
>>>>
>>>> Some times it works Ok.
>>>> Some times I need to do
>>>> ipsec auto --down prviewfondy
>>>> On both ends and start it on one end.
>>>>
>>>>
>>>> On the dsl side am getting message like this on auth.log. Link came
>>>> up at 3:38:
>>>> May 16 03:39:10 fonroute pluto[5026]: "prviewfondy" #147672:
>>>> starting keying attempt 46 of an unlimited number
>>>> May 16 03:39:10 fonroute pluto[5026]: "prviewfondy" #147673:
>>>> initiating Main Mode to replace #147672
>>>> May 16 03:47:40 fonroute pluto[5026]: "prviewfondy" #147673: ERROR:
>>>> asynchronous network error report on eth1 for message to
>>>> 216.127.203.221 port 500, complainant 216.127.203.221: Connection
>>>> refused [errno 111, origin ICMP type 3 code 3 (not authen
>>>> ticated)]
>>>> May 16 03:47:46 fonroute pluto[5026]: "prviewfondy" #147675:
>>>> responding to Main Mode
>>>> May 16 03:47:46 fonroute pluto[5026]: "prviewfondy" #147675:
>>>> transition from state (null) to state STATE_MAIN_R1
>>>> May 16 03:47:46 fonroute pluto[5026]: "prviewfondy" #147675:
>>>> transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
>>>> May 16 03:47:46 fonroute pluto[5026]: "prviewfondy" #147675: Peer
>>>> ID is ID_FQDN: '@prview.advocap.org'
>>>> May 16 03:47:46 fonroute pluto[5026]: "prviewfondy" #147675: I did
>>>> not send a certificate because I do not have one.
>>>> May 16 03:47:46 fonroute pluto[5026]: "prviewfondy" #147675:
>>>> multiple ipsec.secrets entries with distinct secrets match endp
>>>> oints: first secret used
>>>> May 16 03:47:47 fonroute pluto[5026]: "prviewfondy" #147675:
>>>> transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
>>>> May 16 03:47:47 fonroute pluto[5026]: "prviewfondy" #147675: sent
>>>> MR3, ISAKMP SA established
>>>> May 16 03:47:47 fonroute pluto[5026]: "prviewfondy" #147676:
>>>> responding to Quick Mode
>>>> May 16 03:47:48 fonroute pluto[5026]: "prviewfondy" #147676:
>>>> transition from state (null) to state STATE_QUICK_R1
>>>> May 16 03:47:53 fonroute pluto[5026]: "prviewfondy" #147676:
>>>> transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
>>>> May 16 03:47:53 fonroute pluto[5026]: "prviewfondy" #147676: IPsec
>>>> SA established {ESP=>0xbecc95f3 <0x2331a9f3 IPCOMP=>0x000
>>>> 0770e <0x00003fbf}
>>>> May 16 03:48:20 fonroute pluto[5026]: "prviewfondy" #147673:
>>>> transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
>>>> May 16 03:48:30 fonroute pluto[5026]: "prviewfondy" #147673:
>>>> discarding duplicate packet; already STATE_MAIN_I2
>>>> May 16 03:48:31 fonroute pluto[5026]: "prviewfondy" #147673: I did
>>>> not send a certificate because I do not have one.
>>>> May 16 03:48:31 fonroute pluto[5026]: "prviewfondy" #147673:
>>>> multiple ipsec.secrets entries with distinct secrets match endp
>>>> oints: first secret used
>>>> May 16 03:48:31 fonroute pluto[5026]: "prviewfondy" #147673:
>>>> transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
>>>> May 16 03:48:31 fonroute pluto[5026]: "prviewfondy" #147673: Peer
>>>> ID is ID_FQDN: '@prview.advocap.org'
>>>> May 16 03:48:31 fonroute pluto[5026]: "prviewfondy" #147673:
>>>> transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
>>>> May 16 03:48:31 fonroute pluto[5026]: "prviewfondy" #147673: ISAKMP
>>>> SA established
>>>> May 16 03:48:31 fonroute pluto[5026]: "prviewfondy" #147677:
>>>> initiating Quick Mode RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+UP {us
>>>> ing isakmp#147673}
>>>> May 16 03:48:31 fonroute pluto[5026]: "prviewfondy" #147678:
>>>> initiating Quick Mode RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+UP {us
>>>> ing isakmp#147673}
>>>> May 16 03:48:31 fonroute pluto[5026]: "prviewfondy" #147679:
>>>> initiating Quick Mode RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+UP {us
>>>> ing isakmp#147673}
>>>> May 16 03:48:31 fonroute pluto[5026]: "prviewfondy" #147680:
>>>> initiating Quick Mode RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+UP {us
>>>> ing isakmp#147673}
>>>> May 16 03:48:31 fonroute pluto[5026]: "prviewfondy" #147681:
>>>> initiating Quick Mode RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+UP {us
>>>> ing isakmp#147673}
>>>> May 16 03:48:31 fonroute pluto[5026]: "prviewfondy" #147682:
>>>> initiating Quick Mode RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+UP {us
>>>> ing isakmp#147673}
>>>> May 16 03:48:31 fonroute pluto[5026]: "prviewfondy" #147683:
>>>> initiating Quick Mode RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+UP {us
>>>> ing isakmp#147673}
>>>> May 16 03:48:31 fonroute pluto[5026]: "prviewfondy" #147684:
>>>> initiating Quick Mode RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+UP {us
>>>>
>>>> Same from dialup side:
>>>> May 16 03:39:28 prvroute pluto[25943]: added connection description
>>>> "prviewfondy"
>>>> May 16 03:39:28 prvroute pluto[25943]: "prviewfondy" #2: initiating
>>>> Main Mode
>>>> May 16 03:39:29 prvroute pluto[25943]: "prviewfondy" #2: transition
>>>> from state STATE_MAIN_I1 to state STATE_MAIN_I2
>>>> May 16 03:39:29 prvroute pluto[25943]: "prviewfondy" #2: I did not
>>>> send a certificate because I do not have one.
>>>> May 16 03:39:29 prvroute pluto[25943]: "prviewfondy" #2: transition
>>>> from state STATE_MAIN_I2 to state STATE_MAIN_I3
>>>> May 16 03:39:30 prvroute pluto[25943]: "prviewfondy" #2: Peer ID is
>>>> ID_FQDN: '@fondy.advocap.org'
>>>> May 16 03:39:30 prvroute pluto[25943]: "prviewfondy" #2: transition
>>>> from state STATE_MAIN_I3 to state STATE_MAIN_I4
>>>> May 16 03:39:30 prvroute pluto[25943]: "prviewfondy" #2: ISAKMP SA
>>>> established
>>>> May 16 03:39:30 prvroute pluto[25943]: "prviewfondy" #4: initiating
>>>> Quick Mode RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+UP {using
>>>> isakmp#2}
>>>> May 16 03:39:35 prvroute pluto[25943]: "prviewfondy" #4: transition
>>>> from state STATE_QUICK_I1 to state STATE_QUICK_I2
>>>> May 16 03:39:35 prvroute pluto[25943]: "prviewfondy" #4: sent QI2,
>>>> IPsec SA established {ESP=>0x2331a9f3 <0xbecc95f3 IPCOMP=
>>>>
>>>>> 0x00003fbf <0x0000770e}
>>>>
>>>>
>>>> May 16 03:40:03 prvroute pluto[25943]: "prviewfondy" #7: responding
>>>> to Main Mode
>>>> May 16 03:40:03 prvroute pluto[25943]: "prviewfondy" #7: transition
>>>> from state (null) to state STATE_MAIN_R1
>>>> May 16 03:40:13 prvroute pluto[25943]: "prviewfondy" #7: transition
>>>> from state STATE_MAIN_R1 to state STATE_MAIN_R2
>>>> May 16 03:40:14 prvroute pluto[25943]: "prviewfondy" #7: Peer ID is
>>>> ID_FQDN: '@fondy.advocap.org'
>>>> May 16 03:40:14 prvroute pluto[25943]: "prviewfondy" #7: I did not
>>>> send a certificate because I do not have one.
>>>> May 16 03:40:14 prvroute pluto[25943]: "prviewfondy" #7: transition
>>>> from state STATE_MAIN_R2 to state STATE_MAIN_R3
>>>> May 16 03:40:14 prvroute pluto[25943]: "prviewfondy" #7: sent MR3,
>>>> ISAKMP SA established
>>>> May 16 03:40:21 prvroute pluto[25943]: "prviewfondy" #8: responding
>>>> to Quick Mode
>>>> May 16 03:40:22 prvroute pluto[25943]: "prviewfondy" #8: transition
>>>> from state (null) to state STATE_QUICK_R1
>>>> May 16 03:40:22 prvroute pluto[25943]: "prviewfondy" #9: responding
>>>> to Quick Mode
>>>> May 16 03:40:23 prvroute pluto[25943]: "prviewfondy" #9: transition
>>>> from state (null) to state STATE_QUICK_R1
>>>> May 16 03:40:24 prvroute pluto[25943]: "prviewfondy" #10:
>>>> responding to Quick Mode
>>>> May 16 03:40:25 prvroute pluto[25943]: "prviewfondy" #10:
>>>> transition from state (null) to state STATE_QUICK_R1
>>>> May 16 03:40:25 prvroute pluto[25943]: "prviewfondy" #11:
>>>> responding to Quick Mode
>>>> May 16 03:40:26 prvroute pluto[25943]: "prviewfondy" #11:
>>>> transition from state (null) to state STATE_QUICK_R1
>>>> May 16 03:40:26 prvroute pluto[25943]: "prviewfondy" #12:
>>>> responding to Quick Mode
>>>> May 16 03:40:27 prvroute pluto[25943]: "prviewfondy" #12:
>>>> transition from state (null) to state STATE_QUICK_R1
>>>> May 16 03:40:27 prvroute pluto[25943]: "prviewfondy" #13:
>>>> responding to Quick Mode
>>>> May 16 03:40:28 prvroute pluto[25943]: "prviewfondy" #13:
>>>> transition from state (null) to state STATE_QUICK_R1
>>>> May 16 03:40:28 prvroute pluto[25943]: "prviewfondy" #14:
>>>> responding to Quick Mode
>>>> May 16 03:40:29 prvroute pluto[25943]: "prviewfondy" #14:
>>>> transition from state (null) to state STATE_QUICK_R1
>>>> .........................................
>>>> lot more of the same then
>>>> May 16 03:41:44 prvroute pluto[25943]: "prviewfondy" #21: max
>>>> number of retransmissions (2) reached STATE_QUICK_R1
>>>> May 16 03:41:44 prvroute pluto[25943]: "prviewfondy" #19: max
>>>> number of retransmissions (2) reached STATE_QUICK_R1
>>>> May 16 03:41:44 prvroute pluto[25943]: "prviewfondy" #20: max
>>>> number of retransmissions (2) reached STATE_QUICK_R1
>>>> May 16 03:41:44 prvroute pluto[25943]: "prviewfondy" #82:
>>>> responding to Quick Mode
>>>> ..........................................
>>>> Get some of these:
>>>> ay 16 03:42:03 prvroute pluto[25943]: "prviewfondy" #7: Quick Mode
>>>> I1 message is unacceptable because it uses a previously
>>>> used Message ID 0xf23d36aa (perhaps this is a duplicated packet)
>>>> May 16 03:42:03 prvroute pluto[25943]: "prviewfondy" #7: sending
>>>> encrypted notification INVALID_MESSAGE_ID to 216.170.136.82
>>>> :500
>>>>
>>>>
>>>> ipsec.conf on dialup end:
>>>> conn prviewfondy
>>>> authby=rsasig
>>>> compress=yes
>>>> # Left security gateway, subnet behind it, next hop toward it.
>>>> leftid=@prview.advocap.org
>>>> leftrsasigkey=0sAQN....wJ
>>>> left=%defaultroute
>>>> leftsubnet=192.168.10.0/24
>>>> # Right security gateway, subnet behind it, next hop toward it.
>>>> right=tfondy.advocap.org
>>>> rightid=@fondy.advocap.org
>>>> rightrsasigkey=0x0103............7d
>>>> rightsubnet=192.168.2.0/24
>>>> auto=start
>>>>
>>>> ipsec.conf on dsl end:
>>>>
>>>> conn prviewfondy
>>>> authby=rsasig
>>>> compress=yes
>>>> leftid=@prview.advocap.org
>>>> leftrsasigkey=0sAQNu.........O/wJ
>>>> left=hdstart.dotnet.com
>>>> leftsubnet=192.168.10.0/24
>>>> right=tfondy.advocap.org
>>>> rightid=@fondy.advocap.org
>>>> rightrsasigkey=0x0103a8..........7d
>>>> rightsubnet=192.168.2.0/24
>>>>
>>>> auto=start
>>>>
>>>> Have a bunch of vpn links the none dialups that are working fine.
>>>>
>>>> My wild guess is that the dsl side is confused by the link going down.
>>>> Should I just be staring from one side?
>>>> Any suggestions.
>>>>
>>>> John
>>>>
>>
>>
More information about the Users
mailing list