[Openswan Users] tunnels timing out since upgrading to 3.2.0
Brian J. Murrell
brian at interlinx.bc.ca
Wed May 23 08:35:30 EDT 2012
I did an upgrade of my Ubuntu system which included an upgrade of the
kernel to 3.2.0. Since then, my l2tp tunnels seem to be timing out and
being destroyed, at which point I have to manually restart it.
On the 3.2.0 end, the following is logged when this happens:
May 23 08:07:03 brian-laptop pluto[14651]: "nm-ipsec-l2tpd-14325" #80: IPsec SA expired (LATEST!)
May 23 08:07:07 brian-laptop pluto[14651]: initiate on demand from 10.75.22.228:55728 to 2.1.21.22:1701 proto=17 state: fos_start because: acquire
May 23 08:07:39 brian-laptop pluto[14651]: initiate on demand from 10.75.22.228:55728 to 2.1.21.22:1701 proto=17 state: fos_start because: acquire
May 23 08:07:41 brian-laptop dbus[1536]: [system] Rejected send message, 2 matched rules; type="error", sender=":1.479" (uid=0 pid=14325 comm="/usr/lib/NetworkManager/nm-l2tp-service ") interface="(unset)" member="(unset)" error name="org.freedesktop.DBus.Error.UnknownMethod" requested_reply="0" destination=":1.480" (uid=0 pid=14382 comm="/usr/sbin/pppd passive nodetach : name brian file ")
May 23 08:07:44 brian-laptop pluto[14651]: "nm-ipsec-l2tpd-14325": deleting connection
May 23 08:07:44 brian-laptop pluto[14651]: "nm-ipsec-l2tpd-14325" #78: deleting state (STATE_QUICK_I2)
May 23 08:07:44 brian-laptop pluto[14651]: "nm-ipsec-l2tpd-14325" #79: deleting state (STATE_MAIN_I1)
and on the other end, which is a Ubuntu machine also with kernel
2.6.32-37-server
May 23 05:07:03 brent pluto[15294]: "L2TP-PSK-NAT"[25] 21.5.3.5 #250: IPsec SA expired (--dontrekey)
May 23 05:07:03 brent pluto[15294]: "L2TP-PSK-NAT"[25] 21.5.3.5 #250: ERROR: netlink XFRM_MSG_DELPOLICY response for flow eroute_connection delete included errno 2: No such file or directory
May 23 05:07:03 brent pluto[15294]: "L2TP-PSK-NAT"[25] 21.5.3.5: deleting connection "L2TP-PSK-NAT" instance with peer 21.5.3.5 {isakmp=#0/ipsec=#0}
May 23 05:07:12 brent pluto[15294]: initiate on demand from 2.1.21.22:1701 to 21.5.3.5:55728 proto=17 state: fos_start because: acquire
May 23 05:07:45 brent pluto[15294]: initiate on demand from 2.1.21.22:1701 to 21.5.3.5:55728 proto=17 state: fos_start because: acquire
Any idea what the problem is here. Clearly the IPsec tunnel is
not being renewed, but why?
Cheers,
b.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <https://lists.openswan.org/pipermail/users/attachments/20120523/28e37f2c/attachment.sig>
More information about the Users
mailing list