[Openswan Users] Random connection error (timeout) for clients

Patrick Naubert patrickn at xelerance.com
Mon Nov 12 14:17:28 EST 2012 

Rescued from the spam bucket.  Please remember to subscribe to the mailing list before posting to it.


From: "Lionel Bernhardt" <lionel.bernhardt at eurocash.eu>
Subject: Random connection error (timeout) for clients
Date: 12 November, 2012 10:40:32 AM EST
To: <users at lists.openswan.org>


Hello,
I am experiencing a weird problem with my server.
Randomly, some users (PC with 3G internet access) can get a timeout error when trying to connect to the server. The connection problem can sometimes be solved with a PC reboot but not anytime.
The strange thing is that while he’s trying to connect, I can separately connect with my 3G phone connection without any trouble.
This problem occurs randomly but most often daytime.
I didn’t experience it with my ADSL internet connection from home.
 
The only thing I noted in /var/log/auth.log is :
 
Nov 12 15:48:46 vpn pluto[1292]: packet from 80.214.9.52:3241: received and ignored informational message
Nov 12 15:50:18 vpn pluto[1292]: packet from 80.214.1.57:15211: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Nov 12 15:50:18 vpn pluto[1292]: packet from 80.214.1.57:15211: ignoring Vendor ID payload [FRAGMENTATION]
Nov 12 15:50:18 vpn pluto[1292]: packet from 80.214.1.57:15211: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Nov 12 15:50:18 vpn pluto[1292]: packet from 80.214.1.57:15211: ignoring Vendor ID payload [Vid-Initial-Contact]
Nov 12 15:50:18 vpn pluto[1292]: "L2TP-PSK-NAT"[575] 80.214.1.57 #1028: responding to Main Mode from unknown peer 80.214.1.57
Nov 12 15:50:18 vpn pluto[1292]: "L2TP-PSK-NAT"[575] 80.214.1.57 #1028: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 12 15:50:18 vpn pluto[1292]: "L2TP-PSK-NAT"[575] 80.214.1.57 #1028: STATE_MAIN_R1: sent MR1, expecting MI2
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[575] 80.214.1.57 #1028: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[575] 80.214.1.57 #1028: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[575] 80.214.1.57 #1028: STATE_MAIN_R2: sent MR2, expecting MI3
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[575] 80.214.1.57 #1028: Main mode peer ID is ID_FQDN: '@eurocash-67caee'
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[575] 80.214.1.57 #1028: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028: deleting connection "L2TP-PSK-NAT" instance with peer 80.214.1.57 {isakmp=#0/ipsec=#0}
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028: new NAT mapping for #1028, was 80.214.1.57:15211, now 80.214.1.57:38379
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028: peer client type is FQDN
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028: Applying workaround for MS-818043 NAT-T bug
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028: IDci was FQDN: \303\006\214+, using NAT_OA=10.211.63.77/32 0 as IDci
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028: the peer proposed: xxx.xxx.xxx.xxx/32:17/1701 -> 10.211.63.77/32:17/0
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1029: responding to Quick Mode proposal {msgid:6de05eb8}
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1029:     us: xxx.xxx.xxx.xxx<xxx.xxx.xxx.xxx>[+S=C]:17/1701
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1029:   them: 80.214.1.57[@eurocash-67caee,+S=C]:17/1701===10.211.63.77/32
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1029: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1029: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1029: netlink_raw_eroute: WARNING: that_client port 0 and that_host port 1701 don't match. Using that_client port.
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1029: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1029: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0xb714c51c <0xb93bea89 xfrm=3DES_0-HMAC_MD5 NATOA=10.211.63.77 NATD=80.214.1.57:38379 DPD=none}
Nov 12 15:50:21 vpn pluto[1292]: initiate on demand from xxx.xxx.xxx.xxx:1701 to 80.214.1.57:1701 proto=17 state: fos_start because: acquire
Nov 12 15:50:54 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028: received Delete SA(0xb714c51c) payload: deleting IPSEC State #1029
Nov 12 15:50:54 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028: ERROR: netlink XFRM_MSG_DELPOLICY response for flow eroute_connection delete included errno 2: No such file or directory
Nov 12 15:50:54 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028: received and ignored informational message
Nov 12 15:50:55 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028: received Delete SA payload: deleting ISAKMP State #1028
Nov 12 15:50:55 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57: deleting connection "L2TP-PSK-NAT" instance with peer 80.214.1.57 {isakmp=#0/ipsec=#0}
 
 
How can I solve this one?
Thanks for your valuable help.
lionel
 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20121112/a6988e91/attachment.html>

More information about the Users mailing list