[Openswan Users] IPSec/L2TP with Mac OS X drops connection after 1 hour

Kevin J. Arunski kevin.arunski at netwitness.com
Sat Jul 18 15:40:01 EDT 2009


I'm using Openswan in a roadwarrior setup for IPsec/L2TP clients, and  
it appears the IPsec SA is dropped at exactly the one hour mark when  
Mac OS X or Windows Vista clients connect.

I'm using openswan 2.4.15 because the 2.6.X versions don't seem to  
work at all. I'm using NETKEY on kernel 2.6.18-128.1.10.el5.

Here is the configuration:

conn L2TP-PSK-NAT
	authby=secret
	pfs=no
	auto=add
	keyingtries=3
	rekey=no
	ikelifetime=8h
	keylife=1h
	type=transport
	left=---.---.---.---
	leftprotoport=17/1701
	right=%any
	rightprotoport=17/%any
	rightsubnet=vhost:%no,%priv


After about ~50 minutes I see the following in my logs:

Jul 18 15:11:21 localhost pluto[2049]: "L2TP-PSK-NAT"[5] W.X.Y.Z #8:  
responding to Quick Mode {msgid:84e8d5a5}
Jul 18 15:11:21 localhost pluto[2049]: "L2TP-PSK-NAT"[5] W.X.Y.Z #8:  
cannot install eroute -- it is in use for "L2TP-PSK-NAT"[2] W.X.Y.Z #4
Jul 18 15:11:31 localhost pluto[2049]: "L2TP-PSK-NAT"[5] W.X.Y.Z #8:  
next payload type of ISAKMP Hash Payload has an unknown value: 29
Jul 18 15:11:31 localhost pluto[2049]: "L2TP-PSK-NAT"[5] W.X.Y.Z #8:  
malformed payload in packet
Jul 18 15:11:31 localhost pluto[2049]: "L2TP-PSK-NAT"[5] W.X.Y.Z #8:  
sending notification PAYLOAD_MALFORMED to W.X.Y.Z:4500
Jul 18 15:11:42 localhost pluto[2049]: "L2TP-PSK-NAT"[5] W.X.Y.Z #8:  
next payload type of ISAKMP Hash Payload has an unknown value: 29
Jul 18 15:11:42 localhost pluto[2049]: "L2TP-PSK-NAT"[5] W.X.Y.Z #8:  
malformed payload in packet
Jul 18 15:11:42 localhost pluto[2049]: "L2TP-PSK-NAT"[5] W.X.Y.Z #8:  
sending notification PAYLOAD_MALFORMED to W.X.Y.Z:4500

Then, a few minutes later:


Jul 18 15:16:21 localhost pluto[2049]: "L2TP-PSK-NAT"[5] W.X.Y.Z:  
deleting connection "L2TP-PSK-NAT" instance with peer W.X.Y.Z  
{isakmp=#0/ipsec=#0}
Jul 18 15:23:19 localhost pluto[2049]: "L2TP-PSK-NAT"[2] W.X.Y.Z #3:  
ISAKMP SA expired (--dontrekey)
Jul 18 15:23:20 localhost pluto[2049]: "L2TP-PSK-NAT"[2] W.X.Y.Z #4:  
IPsec SA expired (--dontrekey)
Jul 18 15:23:20 localhost pluto[2049]: "L2TP-PSK-NAT"[2] W.X.Y.Z:  
deleting connection "L2TP-PSK-NAT" instance with peer W.X.Y.Z  
{isakmp=#0/ipsec=#0}





More information about the Users mailing list