[Openswan Users] Tunel drops and reconnects ramdomly

Pablo García malevo at gmail.com
Thu Jul 20 16:50:26 CEST 2006 

Hi Guys, I have a tunnel established between a Cisco PIX-535 and a Linux
2.6.16.20 with openswan using ipsec from kernel.
The tunnel connects and work fine, but it reconnects constantly (sometimes
more than twice an hour).
It's configured to renegotiate every 12 hours. How can I find out what's
going on ?

This is part of the /var/log/secure message log.

Jul 20 11:32:30 routertech pluto[1788]: "tunnelipsec" #23: responding to
Main Mode
Jul 20 11:32:30 routertech pluto[1788]: "tunnelipsec" #23: transition from
state STATE_MAIN_R0 to state STATE_MAIN_R1
Jul 20 11:32:30 routertech pluto[1788]: "tunnelipsec" #23: STATE_MAIN_R1:
sent MR1, expecting MI2
Jul 20 11:32:30 routertech pluto[1788]: "tunnelipsec" #23: received Vendor
ID payload [Cisco-Unity]
Jul 20 11:32:30 routertech pluto[1788]: "tunnelipsec" #23: received Vendor
ID payload [XAUTH]
Jul 20 11:32:30 routertech pluto[1788]: "tunnelipsec" #23: ignoring unknown
Vendor ID payload [c45c723bb8acbc3d7c837d7f8ae15317]
Jul 20 11:32:30 routertech pluto[1788]: "tunnelipsec" #23: ignoring Vendor
ID payload [Cisco VPN 3000 Series]
Jul 20 11:32:30 routertech pluto[1788]: "tunnelipsec" #23: transition from
state STATE_MAIN_R1 to state STATE_MAIN_R2
Jul 20 11:32:30 routertech pluto[1788]: "tunnelipsec" #23: STATE_MAIN_R2:
sent MR2, expecting MI3
Jul 20 11:32:30 routertech pluto[1788]: "tunnelipsec" #23: received Vendor
ID payload [Dead Peer Detection]
Jul 20 11:32:30 routertech pluto[1788]: "tunnelipsec" #23: Main mode peer ID
is ID_IPV4_ADDR: '200.41.49.4'
Jul 20 11:32:30 routertech pluto[1788]: "tunnelipsec" #23: I did not send a
certificate because I do not have one.
Jul 20 11:32:30 routertech pluto[1788]: "tunnelipsec" #23: transition from
state STATE_MAIN_R2 to state STATE_MAIN_R3
Jul 20 11:32:30 routertech pluto[1788]: "tunnelipsec" #23: STATE_MAIN_R3:
sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Jul 20 11:33:00 routertech pluto[1788]: "tunnelipsec" #22: received Delete
SA payload: deleting ISAKMP State #22
Jul 20 11:33:00 routertech pluto[1788]: packet from 200.41.49.4:500:
received and ignored informational message
Jul 20 14:12:53 routertech pluto[1788]: "tunnelipsec" #24: responding to
Quick Mode {msgid:773e767c}
Jul 20 14:12:53 routertech pluto[1788]: "tunnelipsec" #24: transition from
state STATE_QUICK_R0 to state STATE_QUICK_R1
Jul 20 14:12:53 routertech pluto[1788]: "tunnelipsec" #24: STATE_QUICK_R1:
sent QR1, inbound IPsec SA installed, expecting QI2
Jul 20 14:12:53 routertech pluto[1788]: "tunnelipsec" #24: transition from
state STATE_QUICK_R1 to state STATE_QUICK_R2
Jul 20 14:12:53 routertech pluto[1788]: "tunnelipsec" #24: STATE_QUICK_R2:
IPsec SA established {ESP=>0xb25da4b6 <0xa31abee1 xfrm=3DES_0-HMAC_MD5
NATD=none DPD=none}
Jul 20 14:12:54 routertech pluto[1788]: "tunnelipsec" #23: received Delete
SA(0x94171360) payload: deleting IPSEC State #21
Jul 20 14:12:54 routertech pluto[1788]: "tunnelipsec" #23: received and
ignored informational message
Jul 20 14:32:28 routertech pluto[1788]: packet from 200.41.49.4:500:
ignoring unknown Vendor ID payload
[4048b7d56ebce88525e7de7f00d6c2d3c0000000]
Jul 20 14:32:28 routertech pluto[1788]: "tunnelipsec" #25: responding to
Main Mode
Jul 20 14:32:28 routertech pluto[1788]: "tunnelipsec" #25: transition from
state STATE_MAIN_R0 to state STATE_MAIN_R1
Jul 20 14:32:28 routertech pluto[1788]: "tunnelipsec" #25: STATE_MAIN_R1:
sent MR1, expecting MI2
Jul 20 14:32:28 routertech pluto[1788]: "tunnelipsec" #25: received Vendor
ID payload [Cisco-Unity]
Jul 20 14:32:28 routertech pluto[1788]: "tunnelipsec" #25: received Vendor
ID payload [XAUTH]
Jul 20 14:32:28 routertech pluto[1788]: "tunnelipsec" #25: ignoring unknown
Vendor ID payload [851d999c69cc6331f37657efa51460c5]
Jul 20 14:32:28 routertech pluto[1788]: "tunnelipsec" #25: ignoring Vendor
ID payload [Cisco VPN 3000 Series]
Jul 20 14:32:28 routertech pluto[1788]: "tunnelipsec" #25: transition from
state STATE_MAIN_R1 to state STATE_MAIN_R2
Jul 20 14:32:28 routertech pluto[1788]: "tunnelipsec" #25: STATE_MAIN_R2:
sent MR2, expecting MI3
Jul 20 14:32:29 routertech pluto[1788]: "tunnelipsec" #25: received Vendor
ID payload [Dead Peer Detection]
Jul 20 14:32:29 routertech pluto[1788]: "tunnelipsec" #25: Main mode peer ID
is ID_IPV4_ADDR: '200.41.49.4'
Jul 20 14:32:29 routertech pluto[1788]: "tunnelipsec" #25: I did not send a
certificate because I do not have one.
Jul 20 14:32:29 routertech pluto[1788]: "tunnelipsec" #25: transition from
state STATE_MAIN_R2 to state STATE_MAIN_R3
Jul 20 14:32:29 routertech pluto[1788]: "tunnelipsec" #25: STATE_MAIN_R3:
sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Jul 20 14:32:58 routertech pluto[1788]: "tunnelipsec" #23: received Delete
SA payload: deleting ISAKMP State #23


Please let me know if you need more info or to enable more detail in the
logs.

Best Regards, Pablo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060720/e3fb9ac6/attachment.htm

More information about the Users mailing list