[Openswan Users] Dead of ispec connection
Sasa
sasa at shoponweb.it
Fri Sep 28 07:42:14 EDT 2007
Hi, I apologise for my insistence but the problem that I have described is
very difficult to overcome,
thanks again !
------
Salvatore.
----- Original Message -----
From: "Sasa" <sasa at shoponweb.it>
To: <users at openswan.org>
Sent: Saturday, September 22, 2007 7:52 PM
Subject: [Openswan Users] Dead of ispec connection
> Hi, I use openswan-2.4.4 (but also with 2.4.9) with natt and klips patch
> on
> kernel 2.6 and I have a problem with connection site-to-site, my problem
> is
> that after that the ipsec tunnel is inactived for more hours (for example
> after night or after break for lunch) the ipsec connecton is dead and in
> log
> file I have:
>
> Sep 18 16:02:59 fw2 pluto[2580]: packet from 80.23.x.y:500: Informational
> Exchange is for an unknown (expired?) SA
> Sep 18 16:03:08 fw2 pluto[2580]: "portrm" #6: received Delete SA payload:
> deleting ISAKMP State #6
> Sep 18 16:03:08 fw2 pluto[2580]: packet from 80.23.x.y:500: received and
> ignored informational message
> Sep 18 16:34:46 fw2 pluto[2580]: "portrm" #9: initiating Main Mode to
> replace #8
> Sep 18 16:34:46 fw2 pluto[2580]: "portrm" #9: ignoring unknown Vendor ID
> payload [4f455a7e4261425d725c705f]
> Sep 18 16:34:46 fw2 pluto[2580]: "portrm" #9: received Vendor ID payload
> [Dead Peer Detection]
> Sep 18 16:34:46 fw2 pluto[2580]: "portrm" #9: transition from state
> STATE_MAIN_I1 to state STATE_MAIN_I2
> Sep 18 16:34:46 fw2 pluto[2580]: "portrm" #9: STATE_MAIN_I2: sent MI2,
> expecting MR2
> Sep 18 16:34:46 fw2 pluto[2580]: "portrm" #9: I did not send a certificate
> because I do not have one.
> Sep 18 16:34:46 fw2 pluto[2580]: "portrm" #9: transition from state
> STATE_MAIN_I2 to state STATE_MAIN_I3
> Sep 18 16:34:46 fw2 pluto[2580]: "portrm" #9: STATE_MAIN_I3: sent MI3,
> expecting MR3
> Sep 18 16:34:46 fw2 pluto[2580]: "portrm" #9: Main mode peer ID is
> ID_IPV4_ADDR: '80.23.x.y'
> Sep 18 16:34:46 fw2 pluto[2580]: "portrm" #9: transition from state
> STATE_MAIN_I3 to state STATE_MAIN_I4
> Sep 18 16:34:46 fw2 pluto[2580]: "portrm" #9: STATE_MAIN_I4: ISAKMP SA
> established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5
> group=modp1536}
> Sep 18 16:49:34 fw2 pluto[2580]: packet from 80.23.x.y:500: Informational
> Exchange is for an unknown (expired?) SA
> Sep 18 16:53:43 fw2 pluto[2580]: "portrm" #9: ignoring Delete SA payload:
> PROTO_IPSEC_ESP SA(0x7e3952af) not found (maybe expired)
> Sep 18 16:53:43 fw2 pluto[2580]: "portrm" #9: received and ignored
> informational message
> Sep 18 16:54:23 fw2 pluto[2580]: "portrm" #9: ignoring Delete SA payload:
> PROTO_IPSEC_ESP SA(0x7e3952b0) not found (maybe expired)
>
> ..after this I must restart ipsec and the ipsec connection is well again.
> My ipsec.conf is:
>
> config setup
> interfaces="ipsec0=eth0"
> conn %default
> authby=rsasig
> conn portrm
> auto=start
> pfs=yes
> left=80.23.x.y
> leftsubnet=192.168.0.0/24
> leftnexthop=80.23.x.w
> # RSA 2192 bits fw4 Fri Mar 31 14:24:23 2006
> leftrsasigkey=0sAQP...
> #sede right roma
> right=195.110.z.k
> rightsubnet=192.168.1.0/24
> rightnexthop=195.110.z.j
> # RSA 2192 bits fw2 Fri Mar 31 14:35:35 2006
> rightrsasigkey=0sAQOE...
> include /etc/ipsec.d/examples/no_oe.conf
>
> Thanks.
>
> ------
> Salvatore.
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
More information about the Users
mailing list