[Openswan Users] Fedora + xl2tpd + openswan with psk retransmiting key?

Panics Robert pampi at 6b0ne.hu
Thu Nov 8 12:17:49 EST 2007 

Hi!

 

I got a working config with PSK setting, but when I use the VPN connection
longer than an hour, I got a message like that at secure.log

 

Nov  8 00:38:16 devel pluto[8487]: "L2TP-PSK"[4]  #9: responding to Quick
Mode {msgid:df83756b}

Nov  8 00:38:16 devel pluto[8487]: "L2TP-PSK"[4]  #9: transition from state
STATE_QUICK_R0 to state STATE_QUICK_R1

Nov  8 00:38:16 devel pluto[8487]: "L2TP-PSK"[4]  #9: STATE_QUICK_R1: sent
QR1, inbound IPsec SA installed, expecting QI2

Nov  8 00:38:16 devel pluto[8487]: "L2TP-PSK"[4]  #9: transition from state
STATE_QUICK_R1 to state STATE_QUICK_R2

Nov  8 00:38:16 devel pluto[8487]: "L2TP-PSK"[4]  #9: STATE_QUICK_R2: IPsec
SA established {ESP=>0x7f039b07 <0x9f18cdd2 xfrm=3DES_0-HMAC_MD5 NATD

=:4500 DPD=none}

Nov  8 00:38:16 devel pluto[8487]: "L2TP-PSK"[4]  #3: received Delete
SA(0x20578763) payload: deleting IPSEC State #8

Nov  8 00:38:16 devel pluto[8487]: "L2TP-PSK"[4]  #3: received and ignored
informational message

 

Every hour..

 

Nov  8 01:37:03 devel pluto[8487]: "L2TP-PSK"[4]  #10: responding to Quick
Mode {msgid:4978df0a}

Nov  8 01:37:03 devel pluto[8487]: "L2TP-PSK"[4]  #10: transition from state
STATE_QUICK_R0 to state STATE_QUICK_R1

Nov  8 01:37:03 devel pluto[8487]: "L2TP-PSK"[4]  #10: STATE_QUICK_R1: sent
QR1, inbound IPsec SA installed, expecting QI2

Nov  8 01:37:03 devel pluto[8487]: "L2TP-PSK"[4]  #10: transition from state
STATE_QUICK_R1 to state STATE_QUICK_R2

Nov  8 01:37:03 devel pluto[8487]: "L2TP-PSK"[4]  #10: STATE_QUICK_R2: IPsec
SA established {ESP=>0x162e356d <0x67abbc2a xfrm=3DES_0-HMAC_MD5 NAT

D=:4500 DPD=none}

Nov  8 01:37:03 devel pluto[8487]: "L2TP-PSK"[4]  #3: received Delete
SA(0x7f039b07) payload: deleting IPSEC State #9

Nov  8 01:37:03 devel pluto[8487]: "L2TP-PSK"[4]  #3: received and ignored
informational message

 

When this message shows, on the VPN client I got one or two packet lost, but
the xl2tpd connection didn't disconnect. I think it's retransmit the ipsec
key or something like that.. 

 

Config:

conn L2TP-PSK

        authby=secret

        pfs=no

        rekey=no

        keyingtries=%forever

        keylife=24h

        leftnexthop=%defaultroute

        left=%defaultroute

        leftprotoport=17/1701

        right=%any

        rightprotoport=17/%any

        rightsubnet=vhost:%no,%priv

        auto=add

 

Last night I changed the keyingtries=3 to %forever but, nothing change, I
also add the keylife=24h but no change, I would like to get this
retransmisson once 24h. Is it possible?

 

Thanks.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20071108/e1a1a75a/attachment.html

More information about the Users mailing list