[Openswan Users] Tunnel will not stay up
Barry Cisna
brcisna at gmail.com
Mon Nov 5 13:29:17 EST 2012
Kit,
I am very much a novice with Openswan having used it only for about 1
year.
That being said,I have three tunnels setup between my home server to
servers at work which run pfSense,and the vpn remote connection.
I have found that if i lose power on my home server CentOS 6.x running
Openswan,and also repowering the server as well, I have to manually
'shut off' the openswan server re-start it (after bootup)then establish
each of the three connections. I have watched the bootup sequence and
Openswan is started after the nics are initialized and obtained their
ip.I never have a problem with any of the three tunnels going
down,though.
An intermedent disconnect like you are experiencing is very tough to
troubleshoot . Something worth noting is if you do in fact lose the
tunnel, on each end point (if this is linux) simply run the route
command , (no switches used),,,to see if you are seeing the correct
route tables on each endpoint.
Barry
On Mon, 2012-11-05 at 08:54 -0600, Kit Peters wrote:
> I have an L2TP / IPsec VPN set up with OpenSwan. I have one
> particular client machine that I'm using to bridge my local network to
> a remote network. The VPN connection for that machine will stay up
> for days at a time, but if the connection is lost, I sometimes have to
> restart Openswan and xl2tpd on both sides. When the connection goes
> down, I see lots of this in the log on the local side (note that
> actual IP addresses have been redacted):
>
>
>
> Oct 30 06:49:14 kmos-vpn-bridge xl2tpd[1157]: Maximum retries exceeded
> for tunnel 10391. Closing.
> Oct 30 06:49:14 kmos-vpn-bridge xl2tpd[1157]: Connection 0 closed to
> <REMOTE IP>, port 1701 (Timeout)
> Oct 30 06:49:15 kmos-vpn-bridge xl2tpd[1157]: Disconnecting from
> <REMOTE IP>, Local: 10391, Remote: 0
> Oct 30 06:49:15 kmos-vpn-bridge xl2tpd[1157]: Connecting to host
> <REMOTE IP>, port 1701
>
>
> And on the remote side:
>
>
> Oct 30 06:49:12 como-firewall xl2tpd[25142]: check_control: Received
> out of order control packet on tunnel -1 (got 1, expected 0)
> Oct 30 06:49:12 como-firewall xl2tpd[25142]: handle_packet: bad
> control packet!
> Oct 30 06:49:15 como-firewall xl2tpd[25142]: Maximum retries exceeded
> for tunnel 64613. Closing.
> Oct 30 06:49:15 como-firewall xl2tpd[25142]: Unable to deliver closing
> message for tunnel 7600. Destroying anyway.
> Oct 30 06:49:15 como-firewall xl2tpd[25142]: control_finish: Peer
> requested tunnel 1814 twice, ignoring second one.
> Oct 30 06:49:15 como-firewall xl2tpd[25142]: Connection 10391 closed
> to <LOCAL IP>, port 1701 (Timeout)
> Oct 30 06:49:15 como-firewall xl2tpd[25142]: control_finish: Peer
> requested tunnel 1814 twice, ignoring second one.
> Oct 30 06:49:18 xl2tpd[25142]: last message repeated 2 times
>
>
> I should point out that the local machine is behind a NAT.
>
>
> The last time this happened was this past Sunday morning, when we had
> a power failure at the studio. This caused the bridge machine to lose
> power. When power was restored to the bridge machine, it tried to
> re-establish the connection with the remote end, but was unable to do
> so. I had to restart xl2tpd and Openswan.
>
>
> Any thoughts?
>
>
> --
> -
> Kit Peters (W0KEH), Engineer II
> KMOS TV Channel 6 / KTBG 90.9 FM
> University of Central Missouri
> http://kmos.org/ | http://ktbg.fm/
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments:
https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
>
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list