[Openswan Users] tunnels timing out since upgrading to 3.2.0

Fri Jun 1 12:18:33 EDT 2012

On 12-05-23 08:35 AM, Brian J. Murrell wrote:
> I did an upgrade of my Ubuntu system which included an upgrade of the
> kernel to 3.2.0.  Since then, my l2tp tunnels seem to be timing out and
> being destroyed, at which point I have to manually restart it.
> 
> On the 3.2.0 end, the following is logged when this happens:
> 
> May 23 08:07:03 brian-laptop pluto[14651]: "nm-ipsec-l2tpd-14325" #80: IPsec SA expired (LATEST!)
> May 23 08:07:07 brian-laptop pluto[14651]: initiate on demand from 10.75.22.228:55728 to 2.1.21.22:1701 proto=17 state: fos_start because: acquire
> May 23 08:07:39 brian-laptop pluto[14651]: initiate on demand from 10.75.22.228:55728 to 2.1.21.22:1701 proto=17 state: fos_start because: acquire
> May 23 08:07:41 brian-laptop dbus[1536]: [system] Rejected send message, 2 matched rules; type="error", sender=":1.479" (uid=0 pid=14325 comm="/usr/lib/NetworkManager/nm-l2tp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.480" (uid=0 pid=14382 comm="/usr/sbin/pppd passive nodetach : name brian file ")
> May 23 08:07:44 brian-laptop pluto[14651]: "nm-ipsec-l2tpd-14325": deleting connection
> May 23 08:07:44 brian-laptop pluto[14651]: "nm-ipsec-l2tpd-14325" #78: deleting state (STATE_QUICK_I2)
> May 23 08:07:44 brian-laptop pluto[14651]: "nm-ipsec-l2tpd-14325" #79: deleting state (STATE_MAIN_I1)
> 
> and on the other end, which is a Ubuntu machine also with kernel
> 2.6.32-37-server
> 
> May 23 05:07:03 brent pluto[15294]: "L2TP-PSK-NAT"[25] 21.5.3.5 #250: IPsec SA expired (--dontrekey)
> May 23 05:07:03 brent pluto[15294]: "L2TP-PSK-NAT"[25] 21.5.3.5 #250: ERROR: netlink XFRM_MSG_DELPOLICY response for flow eroute_connection delete included errno 2: No such file or directory
> May 23 05:07:03 brent pluto[15294]: "L2TP-PSK-NAT"[25] 21.5.3.5: deleting connection "L2TP-PSK-NAT" instance with peer 21.5.3.5 {isakmp=#0/ipsec=#0}
> May 23 05:07:12 brent pluto[15294]: initiate on demand from 2.1.21.22:1701 to 21.5.3.5:55728 proto=17 state: fos_start because: acquire
> May 23 05:07:45 brent pluto[15294]: initiate on demand from 2.1.21.22:1701 to 21.5.3.5:55728 proto=17 state: fos_start because: acquire
> 
> Any idea what the problem is here.  Clearly the IPsec tunnel is
> not being renewed, but why?

In case anyone might know what is going on here, I've gotten a pluto
debug all from the side that was upgraded (and started this problem)
which can be fetched from http://brian.interlinx.bc.ca/pluto.log.gz.

Cheers, and thanks for any insight,
b.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <https://lists.openswan.org/pipermail/users/attachments/20120601/c21c5d24/attachment.sig>