[Openswan Users]
Connections dropping between OpenSwan 2.1 and OpenSwan 2.2
H. Wade Minter
minter at webassign.net
Mon May 29 17:27:18 CEST 2006
I have a VPN set up between my main office and datacenter using
OpenSwan 2.1 on Fedora Core 3. I've just brought a remote office
online, and am attempting to set up VPNs between the main office and
the new office, as well as the datacenter and the new office. The
gateway box at the new office is running OpenSwan 2.2 on Fedora Core 5.
The actual VPN setup is fine - I can create the VPN connection and
get to all networks like I should. However, after a fairly short
amount of time (30 min?), the VPN connections to the new office drop
dead. Restarting ipsec brings them back online, until they "time
out" again and die.
I'm not doing anything fancy - just net-to-net connections with RSA
shared keys. Here's what I see in the logs on the remote office
gateway as the connections die:
####
May 28 12:11:29 annex pluto[19360]: "annex-to-dc" #7: initiating Main
Mode to replace #5
May 28 12:11:29 annex pluto[19360]: "annex-to-dc" #7: received Vendor
ID payload [Openswan (this version) 2.4.4 X.509-1.5.4
PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
May 28 12:11:29 annex pluto[19360]: "annex-to-dc" #7: received Vendor
ID payload [Dead Peer Detection]
May 28 12:11:29 annex pluto[19360]: "annex-to-dc" #7: transition from
state STATE_MAIN_I1 to state STATE_MAIN_I2
May 28 12:11:29 annex pluto[19360]: "annex-to-dc" #7: STATE_MAIN_I2:
sent MI2, expecting MR2
May 28 12:11:29 annex pluto[19360]: "annex-to-dc" #7: I did not send
a certificate because I do not have one.
May 28 12:11:29 annex pluto[19360]: "annex-to-dc" #7: transition from
state STATE_MAIN_I2 to state STATE_MAIN_I3
May 28 12:11:29 annex pluto[19360]: "annex-to-dc" #7: STATE_MAIN_I3:
sent MI3, expecting MR3
May 28 12:11:29 annex pluto[19360]: "annex-to-dc" #7: Main mode peer
ID is ID_FQDN: '@datacenter.webassign.net'
May 28 12:11:29 annex pluto[19360]: "annex-to-dc" #7: transition from
state STATE_MAIN_I3 to state STATE_MAIN_I4
May 28 12:11:29 annex pluto[19360]: "annex-to-dc" #7: STATE_MAIN_I4:
ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192
prf=oakley_md5 group=modp1536}
May 28 12:13:52 annex pluto[19360]: "office-to-annex" #8: initiating
Main Mode to replace #6
May 28 12:13:52 annex pluto[19360]: "office-to-annex" #8: transition
from state STATE_MAIN_I1 to state STATE_MAIN_I2
May 28 12:13:52 annex pluto[19360]: "office-to-annex" #8:
STATE_MAIN_I2: sent MI2, expecting MR2
May 28 12:13:52 annex pluto[19360]: "office-to-annex" #8: I did not
send a certificate because I do not have one.
May 28 12:13:52 annex pluto[19360]: "office-to-annex" #8: transition
from state STATE_MAIN_I2 to state STATE_MAIN_I3
May 28 12:13:52 annex pluto[19360]: "office-to-annex" #8:
STATE_MAIN_I3: sent MI3, expecting MR3
May 28 12:13:52 annex pluto[19360]: "office-to-annex" #8: Main mode
peer ID is ID_FQDN: '@office.webassign.net'
May 28 12:13:52 annex pluto[19360]: "office-to-annex" #8: transition
from state STATE_MAIN_I3 to state STATE_MAIN_I4
May 28 12:13:52 annex pluto[19360]: "office-to-annex" #8:
STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}
May 28 12:25:46 annex pluto[19360]: "annex-to-dc" #5: received Delete
SA payload: deleting ISAKMP State #5
May 28 12:25:46 annex pluto[19360]: packet from 128.109.135.28:500:
received and ignored informational message
May 28 12:28:28 annex pluto[19360]: "office-to-annex" #6: received
Delete SA payload: deleting ISAKMP State #6
May 28 12:28:28 annex pluto[19360]: packet from 65.15.231.202:500:
received and ignored informational message
May 28 12:56:17 annex pluto[19360]: "annex-to-dc" #9: initiating Main
Mode to replace #7
May 28 12:56:17 annex pluto[19360]: "annex-to-dc" #9: received Vendor
ID payload [Openswan (this version) 2.4.4 X.509-1.5.4
PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
May 28 12:56:17 annex pluto[19360]: "annex-to-dc" #9: received Vendor
ID payload [Dead Peer Detection]
May 28 12:56:17 annex pluto[19360]: "annex-to-dc" #9: transition from
state STATE_MAIN_I1 to state STATE_MAIN_I2
May 28 12:56:17 annex pluto[19360]: "annex-to-dc" #9: STATE_MAIN_I2:
sent MI2, expecting MR2
May 28 12:56:17 annex pluto[19360]: "annex-to-dc" #9: I did not send
a certificate because I do not have one.
May 28 12:56:17 annex pluto[19360]: "annex-to-dc" #9: transition from
state STATE_MAIN_I2 to state STATE_MAIN_I3
May 28 12:56:17 annex pluto[19360]: "annex-to-dc" #9: STATE_MAIN_I3:
sent MI3, expecting MR3
May 28 12:56:17 annex pluto[19360]: "annex-to-dc" #9: Main mode peer
ID is ID_FQDN: '@datacenter.webassign.net'
May 28 12:56:17 annex pluto[19360]: "annex-to-dc" #9: transition from
state STATE_MAIN_I3 to state STATE_MAIN_I4
May 28 12:56:17 annex pluto[19360]: "annex-to-dc" #9: STATE_MAIN_I4:
ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192
prf=oakley_md5 group=modp1536}
####
or
####
May 29 14:25:29 annex pluto[7107]: "office-to-annex" #5: initiating
Main Mode to replace #2
May 29 14:25:29 annex pluto[7107]: "office-to-annex" #5: transition
from state STATE_MAIN_I1 to state STATE_MAIN_I2
May 29 14:25:29 annex pluto[7107]: "office-to-annex" #5:
STATE_MAIN_I2: sent MI2May 29 14:25:29 annex pluto[7107]: "office-to-
annex" #5: I did not send a certificate because I do not have one.
May 29 14:25:29 annex pluto[7107]: "office-to-annex" #5: transition
from state STATE_MAIN_I2 to state STATE_MAIN_I3
May 29 14:25:29 annex pluto[7107]: "office-to-annex" #5:
STATE_MAIN_I3: sent MI3, expecting MR3
May 29 14:25:29 annex pluto[7107]: "office-to-annex" #5: Main mode
peer ID is ID_FQDN: '@office.webassign.net'
May 29 14:25:29 annex pluto[7107]: "office-to-annex" #5: transition
from state STATE_MAIN_I3 to state STATE_MAIN_I4
May 29 14:25:29 annex pluto[7107]: "office-to-annex" #5:
STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}
####
Does anyone have any suggestions on what I'm doing wrong?
Thanks,
Wade
More information about the Users
mailing list