[Openswan Users] Sonicwall tunnel keeps disconnecting

Mike A. Leonetti mleonetti at evolutionce.com
Fri Mar 12 10:48:14 EST 2010 

I also get this error:

Mar 11 23:28:22 fortissimo pluto[7217]: packet from y.y.y.y:36354:
initial Main Mode message received on x.x.x.x:500 but no connection has
been authorized with policy=PSK
Mar 11 23:28:25 fortissimo pluto[7217]: packet from y.y.y.y:500: initial
Main Mode message received on x.x.x.x:500 but no connection has been
authorized with policy=PSK
Mar 11 23:28:27 fortissimo pluto[7217]: packet from y.y.y.y:47405:
unsupported exchange type ISAKMP_XCHG_BASE in message
Mar 11 23:28:27 fortissimo pluto[7217]: packet from y.y.y.y:47405:
sending notification UNSUPPORTED_EXCHANGE_TYPE to 204.238.82.19:47405
Mar 11 23:28:27 fortissimo pluto[7217]: ERROR: asynchronous network
error report on eth0 (sport=500) for message to y.y.y.y port 47405,
complainant 204.238.82.19: Connection refused [errno 111, origin ICMP
type 3 code 3 (not authenticated)]
Mar 11 23:28:35 fortissimo pluto[7217]: "sonicwall" #5: Informational
Exchange message must be encrypted
Mar 11 23:29:15 fortissimo pluto[7217]: "sonicwall" #199: max number of
retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to
our first Quick Mode message: perhaps peer likes no proposal
Mar 11 23:29:15 fortissimo pluto[7217]: "sonicwall" #199: starting
keying attempt 195 of an unlimited number
Mar 11 23:29:15 fortissimo pluto[7217]: "sonicwall" #200: initiating
Quick Mode PSK+ENCRYPT+TUNNEL+UP+AGGRESSIVE+IKEv2ALLOW to replace #199
{using isakmp#5 msgid:05d6d58d proposal=3DES(3)_192-SHA1(2)_160
pfsgroup=no-pfs}



Mike A. Leonetti wrote:
> It seems at random times the tunnel between the machine and the
> Sonicwall device keep disconnecting.  I haven't been able to isolate how
> long it takes or why.  Are there any options I may be missing?
>
> Config:
> conn sonicwall
>         left=x.x.x.x
>         leftsourceip=10.1.1.1
>         leftsubnet=10.1.1.0/24
>         leftid=x.x.x.x
>         right=y.y.y.y
>         rightsubnet=10.10.12.0/24
>         rightid=y.y.y.y
>         keyingtries=0
>         pfs=no
>         aggrmode=yes
>         auto=start
>         auth=esp
>         esp=3des-sha1
>         ike=3des-sha1
>         authby=secret
>         keyexchange=ike
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>

More information about the Users mailing list