[Openswan Users] VPN between Openswan and TMG drops after ~10 minutes
bart at vanlooenpartners.nl
Thu Aug 16 05:10:52 EDT 2012
I'm experiencing some problems connecting Openswan to Microsoft TMG.
The connection is being established succesfully, traffic flows to the other
side, but after ~10 minutes, the connection drops.
Only solution left is to restart OpenSwan and the tunnel is up again.
It's a very basic PSK net-to-net configuration, no NAT-T.
ipsec auto --status
000 #2: "vpn":500 STATE_QUICK_I2 (sent QI2, IPsec SA established);
EVENT_SA_REPLACE in 26553s; newest IPSEC; eroute owner; isakmp#1; idle;
000 #2: "vpn" esp.573fec00 at 22.214.171.124 esp.79f79b0b at 126.96.36.199
tun.0 at 188.8.131.52 tun.0 at 184.108.40.206 ref=0 refhim=4294901761
000 #1: "vpn":500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE
in 83912s; newest ISAKMP; nodpd; idle; import:admin initiate
Linux Openswan U2.6.32/K2.6.32-71.29.1.el6.x86_64 (netkey)
In the logfile I find the following message, right after bringing up the
"vpn" #2: IKE message has the Commit Flag set but Pluto doesn't implement
this feature; ignoring flag
"vpn" #2: message ignored because it contains an unexpected payload type
"vpn" #2: sending encrypted notification INVALID_PAYLOAD_TYPE to
| sending 60 bytes for notification packet through eth0:0:500 to
220.127.116.11:500 (using #2)
After the 10 minutes, no additional messages can be found in the logfiles.
Also on the TMG, the logfiles also are giving no insights.
Any suggestions to fix this problem?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users