[Openswan Users] ipsec / xl2tpd disconnecting in just under 1 hour

Matthew Twomey mtwomey at beakstar.com
Fri Apr 22 08:18:22 EDT 2011


Well, after further digging into this, I'm wondering if it's 
disconnecting due to the key expiring? Any thoughts?

Thanks,

-Matt

On 04/19/2011 04:47 PM, Matthew Twomey wrote:
> Greetings,
>
> I've set up a "road warrior" style l2tp tunnel from a Linux client to a
> Linux host, but I it seems to drop consistently just under the 1 hour
> mark. It appears to drop weather I'm using it or not (so it doesn't
> appear to be an idle timeout). I'm fairly new to this sort of thing in a
> Linux environment, but here's what I'm seeing in the logs.
>
> On the server just prior to the drop:
>
> ##### /var/log/messages/
> Apr 19 21:28:08 vyatta pluto[2019]: "remote-access-mac-zzz"[176]
> X.X.X.X:10941 #173: initiating Quick Mode PSK+ENCRYPT+TUNNEL+DONTREKEY
> to replace #171 {using isakmp#172}
> Apr 19 21:28:08 vyatta pluto[2019]: "remote-access-mac-zzz"[176]
> X.X.X.X:10941 #173: Dead Peer Detection (RFC 3706) enabled
> Apr 19 21:28:08 vyatta pluto[2019]: "remote-access-mac-zzz"[176]
> X.X.X.X:10941 #173: sent QI2, IPsec SA established {ESP=>0xd56eda44
> <0xb3160bce NATOA=0.0.0.0}
> Apr 19 21:28:47 vyatta xl2tpd[2262]: Maximum retries exceeded for tunnel
> 49382.  Closing.
> Apr 19 21:29:42 vyatta pppd[8828]: Modem hangup
> #####
>
> This is followed up with additional messages about things disconnecting.
>
> On the client side I see (apologies, but the clock is off currently on
> one side - these logs are from the same timeframe):
>
> ##### /var/log/daemon
> Apr 19 16:28:46 localhost xl2tpd[16159]: Maximum retries exceeded for
> tunnel 35420.  Closing.
> Apr 19 16:28:47 localhost xl2tpd[16159]: Terminating pppd: sending TERM
> signal to pid 16216
> #####
>
> The client is an Ubuntu 10.10 system and the server is a Vyatta software
> router:
>
> #####
> $ uname -a
> Linux vyatta 2.6.35-1-586-vyatta #1 SMP Fri Feb 4 05:07:37 PST 2011 i686
> GNU/Linux
> #####
>
> I'm not sure where I should be looking here or how to continue
> troubleshooting?
>
> Thanks,
>
> -Matt
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155



More information about the Users mailing list