[Openswan Users] Tunnel will not stay up

Kit Peters cpeters at ucmo.edu
Mon Nov 5 09:54:13 EST 2012 

I have an L2TP / IPsec VPN set up with OpenSwan.  I have one particular
client machine that I'm using to bridge my local network to a remote
network.  The VPN connection for that machine will stay up for days at a
time, but if the connection is lost, I sometimes have to restart Openswan
and xl2tpd on both sides.  When the connection goes down, I see lots of
this in the log on the local side (note that actual IP addresses have been
redacted):


Oct 30 06:49:14 kmos-vpn-bridge xl2tpd[1157]: Maximum retries exceeded for
tunnel 10391.  Closing.
Oct 30 06:49:14 kmos-vpn-bridge xl2tpd[1157]: Connection 0 closed to
<REMOTE IP>, port 1701 (Timeout)
Oct 30 06:49:15 kmos-vpn-bridge xl2tpd[1157]: Disconnecting from <REMOTE
IP>, Local: 10391, Remote: 0
Oct 30 06:49:15 kmos-vpn-bridge xl2tpd[1157]: Connecting to host <REMOTE
IP>, port 1701

And on the remote side:

Oct 30 06:49:12 como-firewall xl2tpd[25142]: check_control: Received out of
order control packet on tunnel -1 (got 1, expected 0)
Oct 30 06:49:12 como-firewall xl2tpd[25142]: handle_packet: bad control
packet!
Oct 30 06:49:15 como-firewall xl2tpd[25142]: Maximum retries exceeded for
tunnel 64613.  Closing.
Oct 30 06:49:15 como-firewall xl2tpd[25142]: Unable to deliver closing
message for tunnel 7600. Destroying anyway.
Oct 30 06:49:15 como-firewall xl2tpd[25142]: control_finish: Peer requested
tunnel 1814 twice, ignoring second one.
Oct 30 06:49:15 como-firewall xl2tpd[25142]: Connection 10391 closed to
<LOCAL IP>, port 1701 (Timeout)
Oct 30 06:49:15 como-firewall xl2tpd[25142]: control_finish: Peer requested
tunnel 1814 twice, ignoring second one.
Oct 30 06:49:18  xl2tpd[25142]: last message repeated 2 times

I should point out that the local machine is behind a NAT.

The last time this happened was this past Sunday morning, when we had a
power failure at the studio.  This caused the bridge machine to lose power.
 When power was restored to the bridge machine, it tried to re-establish
the connection with the remote end, but was unable to do so.  I had to
restart xl2tpd and Openswan.

Any thoughts?

-- 
-
Kit Peters (W0KEH), Engineer II
KMOS TV Channel 6 / KTBG 90.9 FM
University of Central Missouri
http://kmos.org/ | http://ktbg.fm/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20121105/dea81034/attachment.html>

More information about the Users mailing list