[Openswan Users] ipsec / xl2tpd disconnecting in just under 1 hour

Paul Wouters paul at xelerance.com
Fri Apr 22 16:34:56 EDT 2011


On Fri, 22 Apr 2011, Matthew Twomey wrote:

> Well, after further digging into this, I'm wondering if it's
> disconnecting due to the key expiring? Any thoughts?

It looks more like a rekey failure. The IPsec connection rekeys, but the
xl2tpd fails to pick up the new channel, fails and disconnects.

>> X.X.X.X:10941 #173: sent QI2, IPsec SA established {ESP=>0xd56eda44
>> <0xb3160bce NATOA=0.0.0.0}

A NATOA of 0.0.0.0 is very strange and suspicious......
I don't think that's an IETF RFC compliant answer? Is that openswan on
the Ubuntu client?

Paul

> Thanks,
>
> -Matt
>
> On 04/19/2011 04:47 PM, Matthew Twomey wrote:
>> Greetings,
>>
>> I've set up a "road warrior" style l2tp tunnel from a Linux client to a
>> Linux host, but I it seems to drop consistently just under the 1 hour
>> mark. It appears to drop weather I'm using it or not (so it doesn't
>> appear to be an idle timeout). I'm fairly new to this sort of thing in a
>> Linux environment, but here's what I'm seeing in the logs.
>>
>> On the server just prior to the drop:
>>
>> ##### /var/log/messages/
>> Apr 19 21:28:08 vyatta pluto[2019]: "remote-access-mac-zzz"[176]
>> X.X.X.X:10941 #173: initiating Quick Mode PSK+ENCRYPT+TUNNEL+DONTREKEY
>> to replace #171 {using isakmp#172}
>> Apr 19 21:28:08 vyatta pluto[2019]: "remote-access-mac-zzz"[176]
>> X.X.X.X:10941 #173: Dead Peer Detection (RFC 3706) enabled
>> Apr 19 21:28:08 vyatta pluto[2019]: "remote-access-mac-zzz"[176]
>> X.X.X.X:10941 #173: sent QI2, IPsec SA established {ESP=>0xd56eda44
>> <0xb3160bce NATOA=0.0.0.0}
>> Apr 19 21:28:47 vyatta xl2tpd[2262]: Maximum retries exceeded for tunnel
>> 49382.  Closing.
>> Apr 19 21:29:42 vyatta pppd[8828]: Modem hangup
>> #####
>>
>> This is followed up with additional messages about things disconnecting.
>>
>> On the client side I see (apologies, but the clock is off currently on
>> one side - these logs are from the same timeframe):
>>
>> ##### /var/log/daemon
>> Apr 19 16:28:46 localhost xl2tpd[16159]: Maximum retries exceeded for
>> tunnel 35420.  Closing.
>> Apr 19 16:28:47 localhost xl2tpd[16159]: Terminating pppd: sending TERM
>> signal to pid 16216
>> #####
>>
>> The client is an Ubuntu 10.10 system and the server is a Vyatta software
>> router:
>>
>> #####
>> $ uname -a
>> Linux vyatta 2.6.35-1-586-vyatta #1 SMP Fri Feb 4 05:07:37 PST 2011 i686
>> GNU/Linux
>> #####
>>
>> I'm not sure where I should be looking here or how to continue
>> troubleshooting?
>>
>> Thanks,
>>
>> -Matt
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>


More information about the Users mailing list