Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 2 subscribers
  • Views 5404 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Dead Peer Detection kills IPsec after 3min

Sebastian R

Hello guys,

 

I just created first IPsec connection with my UTM.

The connection is established successfully (I can ping and transfer over vpn), but after ~3min the DeadPeerDetection kills the vpn, so it must be re-established.

If I disable DPD the connections stays connected, but after next provider-disconnect there are multiple vpn's opnened on UTM-site and nothing works, so this dont seems to be a solution.

scenario:

main-office: Sophos UTM SG115, lan: 192.168.1.253/24, wan: 172.16.0.253/24 (exposed host behind a router, cannot change this atm), is waiting for vpn-connect

branch-office: fritzbox, lan: 192.168.178.1/24, wan: jgmn6nejdu33.myfritz.net, initiating vpn-connection

 

attached is protocol: 09:30:47 -> IPsec SA established, 09:33:28 -> dead peer detected

 

hope somebody has an idea

Fullscreen protocol.txt Download 
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | *received 496 bytes from 45.217.20.197:500 on eth1
2019:02:05-09:30:46 tf-fw01 pluto[20108]: packet from 45.217.20.197:500: received Vendor ID payload [XAUTH]
2019:02:05-09:30:46 tf-fw01 pluto[20108]: packet from 45.217.20.197:500: received Vendor ID payload [Dead Peer Detection]
2019:02:05-09:30:46 tf-fw01 pluto[20108]: packet from 45.217.20.197:500: received Vendor ID payload [RFC 3947]
2019:02:05-09:30:46 tf-fw01 pluto[20108]: packet from 45.217.20.197:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2019:02:05-09:30:46 tf-fw01 pluto[20108]: packet from 45.217.20.197:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2019:02:05-09:30:46 tf-fw01 pluto[20108]: packet from 45.217.20.197:500: ignoring Vendor ID payload [a2226fc364500f5634ff77db3b74f41b]
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | preparse_isakmp_policy: peer requests PSK authentication
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | instantiated "S_VPN BRANCH-OFFICE" for 45.217.20.197
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | creating state object #5 at 0x8c363b0
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | ICOOKIE: 9d 00 cb d2 80 cb 37 28
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | RCOOKIE: 63 ec 2a d2 fd 87 de d6
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | peer: 59 f7 d1 c5
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | state hash entry 15
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #5
2019:02:05-09:30:46 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[5] 45.217.20.197 #5: responding to Main Mode from unknown peer 45.217.20.197
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #5
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | next event EVENT_RETRANSMIT in 10 seconds for #5
2019:02:05-09:30:46 tf-fw01 pluto[20108]: |
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | *received 228 bytes from 45.217.20.197:500 on eth1
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | ICOOKIE: 9d 00 cb d2 80 cb 37 28
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | RCOOKIE: 63 ec 2a d2 fd 87 de d6
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | peer: 59 f7 d1 c5
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | state hash entry 15
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | state object #5 found, in STATE_MAIN_R1
2019:02:05-09:30:46 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[5] 45.217.20.197 #5: NAT-Traversal: Result using RFC 3947: i am NATed
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #5
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | next event EVENT_RETRANSMIT in 10 seconds for #5
2019:02:05-09:30:46 tf-fw01 pluto[20108]: |
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | *received 124 bytes from 45.217.20.197:4500 on eth1
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | ICOOKIE: 9d 00 cb d2 80 cb 37 28
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | RCOOKIE: 63 ec 2a d2 fd 87 de d6
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | peer: 59 f7 d1 c5
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | state hash entry 15
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | state object #5 found, in STATE_MAIN_R2
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | NAT-T: new mapping 45.217.20.197:500/4500)
2019:02:05-09:30:46 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[5] 45.217.20.197:4500 #5: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2019:02:05-09:30:46 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[5] 45.217.20.197:4500 #5: Peer ID is ID_FQDN: 'jgmn6nejdu33.myfritz.net'
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | peer CA: %none
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | S_VPN BRANCH-OFFICE: no match (id: no, auth: ok, trust: ok, request: ok, prio: 2048)
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | S_VPN BRANCH-OFFICE: full match (id: ok, auth: ok, trust: ok, request: ok, prio: 1216)
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | offered CA: %none
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | switched from "S_VPN BRANCH-OFFICE" to "S_VPN BRANCH-OFFICE"
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | instantiated "S_VPN BRANCH-OFFICE" for 45.217.20.197
2019:02:05-09:30:46 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[6] 45.217.20.197:4500 #5: deleting connection "S_VPN BRANCH-OFFICE"[5] instance with peer 45.217.20.197 {isakmp=#0/ipsec=#0}
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | certs and keys locked by 'delete_connection'
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | certs and keys unlocked by 'delete_connection'
2019:02:05-09:30:46 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[6] 45.217.20.197:4500 #5: Dead Peer Detection (RFC 3706) enabled
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | inserting event EVENT_DPD, timeout in 42 seconds for #5
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | inserting event EVENT_SA_REPLACE, timeout in 3330 seconds for #5
2019:02:05-09:30:46 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[6] 45.217.20.197:4500 #5: sent MR3, ISAKMP SA established
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | next event EVENT_NAT_T_KEEPALIVE in 40 seconds
2019:02:05-09:30:46 tf-fw01 pluto[20108]: |
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | *received 332 bytes from 45.217.20.197:4500 on eth1
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | ICOOKIE: 9d 00 cb d2 80 cb 37 28
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | RCOOKIE: 63 ec 2a d2 fd 87 de d6
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | peer: 59 f7 d1 c5
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | state hash entry 15
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | state object not found
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | ICOOKIE: 9d 00 cb d2 80 cb 37 28
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | RCOOKIE: 63 ec 2a d2 fd 87 de d6
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | peer: 59 f7 d1 c5
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | state hash entry 15
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | state object #5 found, in STATE_MAIN_R3
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | peer client is subnet 192.168.178.0/24
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | peer client protocol/port is 0/0
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | our client is subnet 192.168.1.0/24
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | our client protocol/port is 0/0
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | find_client_connection starting with S_VPN BRANCH-OFFICE
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | looking for 192.168.1.0/24:0/0 -> 192.168.178.0/24:0/0
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | concrete checking against sr#0 192.168.1.0/24 -> 192.168.178.0/24
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | fc_try trying S_VPN BRANCH-OFFICE:192.168.1.0/24:0/0 -> 192.168.178.0/24:0/0 vs S_VPN BRANCH-OFFICE:192.168.1.0/24:0/0 -> 192.168.178.0/24:0/0
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | fc_try concluding with S_VPN BRANCH-OFFICE [168]
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | fc_try S_VPN BRANCH-OFFICE gives S_VPN BRANCH-OFFICE
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | concluding with d = S_VPN BRANCH-OFFICE
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | duplicating state object #5
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | creating state object #6 at 0x8c376f0
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | ICOOKIE: 9d 00 cb d2 80 cb 37 28
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | RCOOKIE: 63 ec 2a d2 fd 87 de d6
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | peer: 59 f7 d1 c5
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | state hash entry 15
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #6
2019:02:05-09:30:46 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[6] 45.217.20.197:4500 #6: responding to Quick Mode
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | kernel_alg_esp_auth_keylen(auth=2, sadb_aalg=3): a_keylen=20
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #6
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | next event EVENT_RETRANSMIT in 10 seconds for #6
2019:02:05-09:30:46 tf-fw01 pluto[20108]: |
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | *received 60 bytes from 45.217.20.197:4500 on eth1
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | ICOOKIE: 9d 00 cb d2 80 cb 37 28
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | RCOOKIE: 63 ec 2a d2 fd 87 de d6
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | peer: 59 f7 d1 c5
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | state hash entry 15
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | state object #6 found, in STATE_QUICK_R1
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | install_ipsec_sas() for #6: inbound and outbound
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | route owner of "S_VPN BRANCH-OFFICE"[6] 45.217.20.197:4500 unrouted: NULL; eroute owner: NULL
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | add inbound eroute 192.168.178.0/24:0 -> 192.168.1.0/24:0 => tun.10000@172.16.0.253:0
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | sr for #6: unrouted
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | route owner of "S_VPN BRANCH-OFFICE"[6] 45.217.20.197:4500 unrouted: NULL; eroute owner: NULL
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | route_and_eroute with c: S_VPN BRANCH-OFFICE (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 6
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | eroute_connection add eroute 192.168.1.0/24:0 -> 192.168.178.0/24:0 => tun.0@45.217.20.197:0
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | executing up-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='up-client' PLUTO_CONNECTION='S_VPN BRANCH-OFFICE' PLUTO_NEXT_HOP='45.217.20.197' PLUTO_INTERFACE='eth1' PLUTO_REQID='16409' PLUTO_ME='172.16.0.253' PLUTO_MY_ID='tf-vpn.tf-stiftung.de' PLUTO_MY_CLIENT='192.168.1.0/24' PLUTO_MY_CLIENT_NET='192.168.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='45.217.20.197' PLUTO_PEER_ID='jgmn6nejdu33.myfritz.net' PLUTO_PEER_CLIENT='192.168.178.0/24' PLUTO_PEER_CLIENT_NET='192.168.178.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_MY_SOURCEIP='192.168.1.253' /usr/libexec/ipsec/updown classic
2019:02:05-09:30:46 tf-fw01 pluto[20108]: id="2203" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN up" variant="ipsec" connection="VPN BRANCH-OFFICE" address="172.16.0.253" local_net="192.168.1.0/24" remote_net="192.168.178.0/24"
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | route_and_eroute: firewall_notified: true
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | executing prepare-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-client' PLUTO_CONNECTION='S_VPN BRANCH-OFFICE' PLUTO_NEXT_HOP='45.217.20.197' PLUTO_INTERFACE='eth1' PLUTO_REQID='16409' PLUTO_ME='172.16.0.253' PLUTO_MY_ID='tf-vpn.tf-stiftung.de' PLUTO_MY_CLIENT='192.168.1.0/24' PLUTO_MY_CLIENT_NET='192.168.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='45.217.20.197' PLUTO_PEER_ID='jgmn6nejdu33.myfritz.net' PLUTO_PEER_CLIENT='192.168.178.0/24' PLUTO_PEER_CLIENT_NET='192.168.178.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_MY_SOURCEIP='192.168.1.253' /usr/libexec/ipsec/updown classic
2019:02:05-09:30:47 tf-fw01 pluto[20108]: | executing route-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-client' PLUTO_CONNECTION='S_VPN BRANCH-OFFICE' PLUTO_NEXT_HOP='45.217.20.197' PLUTO_INTERFACE='eth1' PLUTO_REQID='16409' PLUTO_ME='172.16.0.253' PLUTO_MY_ID='tf-vpn.tf-stiftung.de' PLUTO_MY_CLIENT='192.168.1.0/24' PLUTO_MY_CLIENT_NET='192.168.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='45.217.20.197' PLUTO_PEER_ID='jgmn6nejdu33.myfritz.net' PLUTO_PEER_CLIENT='192.168.178.0/24' PLUTO_PEER_CLIENT_NET='192.168.178.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_MY_SOURCEIP='192.168.1.253' /usr/libexec/ipsec/updown classic
2019:02:05-09:30:47 tf-fw01 pluto[20108]: updown: called /sbin/ip -4 route replace 192.168.178.0/24 dev eth1 table main src 192.168.1.253 proto ipsec metric 0 (0)
2019:02:05-09:30:47 tf-fw01 pluto[20108]: updown: called /usr/local/bin/ct -D -s 192.168.1.0/24 -d 192.168.178.0/24 (0)
2019:02:05-09:30:47 tf-fw01 pluto[20108]: | route_and_eroute: instance "S_VPN BRANCH-OFFICE"[6] 45.217.20.197:4500, setting eroute_owner {spd=0x8c372e8,sr=0x8c372e8} to #6 (was #0) (newest_ipsec_sa=#0)
2019:02:05-09:30:47 tf-fw01 pluto[20108]: | inI2: instance S_VPN BRANCH-OFFICE[6], setting newest_ipsec_sa to #6 (was #0) (spd.eroute=#6)
2019:02:05-09:30:47 tf-fw01 pluto[20108]: | ICOOKIE: 9d 00 cb d2 80 cb 37 28
2019:02:05-09:30:47 tf-fw01 pluto[20108]: | RCOOKIE: 63 ec 2a d2 fd 87 de d6
2019:02:05-09:30:47 tf-fw01 pluto[20108]: | peer: 59 f7 d1 c5
2019:02:05-09:30:47 tf-fw01 pluto[20108]: | state hash entry 15
2019:02:05-09:30:47 tf-fw01 pluto[20108]: | state object #5 found, in STATE_MAIN_R3
2019:02:05-09:30:47 tf-fw01 pluto[20108]: | inserting event EVENT_DPD_UPDATE, timeout in 20 seconds for #6
2019:02:05-09:30:47 tf-fw01 pluto[20108]: | inserting event EVENT_SA_REPLACE, timeout in 3330 seconds for #6
2019:02:05-09:30:47 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[6] 45.217.20.197:4500 #6: IPsec SA established {ESP=>0xe3c4dc8a <0xe309f142 NATOA=0.0.0.0 DPD}
2019:02:05-09:30:47 tf-fw01 pluto[20108]: | next event EVENT_DPD_UPDATE in 20 seconds for #6
2019:02:05-09:31:07 tf-fw01 pluto[20108]: |
2019:02:05-09:31:07 tf-fw01 pluto[20108]: | *time to handle event
2019:02:05-09:31:07 tf-fw01 pluto[20108]: | event after this is EVENT_NAT_T_KEEPALIVE in 19 seconds
2019:02:05-09:31:07 tf-fw01 pluto[20108]: | inserting event EVENT_DPD_UPDATE, timeout in 30 seconds for #6
2019:02:05-09:31:07 tf-fw01 pluto[20108]: | next event EVENT_NAT_T_KEEPALIVE in 19 seconds
2019:02:05-09:31:26 tf-fw01 pluto[20108]: |
2019:02:05-09:31:26 tf-fw01 pluto[20108]: | *time to handle event
2019:02:05-09:31:26 tf-fw01 pluto[20108]: | event after this is EVENT_DPD in 2 seconds
2019:02:05-09:31:26 tf-fw01 pluto[20108]: | inserting event EVENT_NAT_T_KEEPALIVE, timeout in 60 seconds
2019:02:05-09:31:26 tf-fw01 pluto[20108]: | next event EVENT_DPD in 2 seconds for #5
2019:02:05-09:31:28 tf-fw01 pluto[20108]: |
2019:02:05-09:31:28 tf-fw01 pluto[20108]: | *time to handle event
2019:02:05-09:31:28 tf-fw01 pluto[20108]: | event after this is EVENT_DPD_UPDATE in 9 seconds
2019:02:05-09:31:28 tf-fw01 pluto[20108]: | sent DPD notification R_U_THERE with seqno = 26524
2019:02:05-09:31:28 tf-fw01 pluto[20108]: | inserting event EVENT_DPD, timeout in 30 seconds for #5
2019:02:05-09:31:28 tf-fw01 pluto[20108]: | next event EVENT_DPD_UPDATE in 9 seconds for #6
2019:02:05-09:31:28 tf-fw01 pluto[20108]: |
2019:02:05-09:31:28 tf-fw01 pluto[20108]: | *received 92 bytes from 45.217.20.197:4500 on eth1
2019:02:05-09:31:28 tf-fw01 pluto[20108]: | ICOOKIE: 9d 00 cb d2 80 cb 37 28
2019:02:05-09:31:28 tf-fw01 pluto[20108]: | RCOOKIE: 63 ec 2a d2 fd 87 de d6
2019:02:05-09:31:28 tf-fw01 pluto[20108]: | peer: 59 f7 d1 c5
2019:02:05-09:31:28 tf-fw01 pluto[20108]: | state hash entry 15
2019:02:05-09:31:28 tf-fw01 pluto[20108]: | state object #5 found, in STATE_MAIN_R3
2019:02:05-09:31:28 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[6] 45.217.20.197:4500 #5: Informational Exchange message is invalid because it has a previously used Message ID (0x4180b0c2)
2019:02:05-09:31:28 tf-fw01 pluto[20108]: | next event EVENT_DPD_UPDATE in 9 seconds for #6
2019:02:05-09:31:37 tf-fw01 pluto[20108]: |
2019:02:05-09:31:37 tf-fw01 pluto[20108]: | *time to handle event
2019:02:05-09:31:37 tf-fw01 pluto[20108]: | event after this is EVENT_DPD in 21 seconds
2019:02:05-09:31:37 tf-fw01 pluto[20108]: | inserting event EVENT_DPD_UPDATE, timeout in 30 seconds for #6
2019:02:05-09:31:37 tf-fw01 pluto[20108]: | next event EVENT_DPD in 21 seconds for #5
2019:02:05-09:31:58 tf-fw01 pluto[20108]: |
2019:02:05-09:31:58 tf-fw01 pluto[20108]: | *time to handle event
2019:02:05-09:31:58 tf-fw01 pluto[20108]: | event after this is EVENT_DPD_UPDATE in 9 seconds
2019:02:05-09:31:58 tf-fw01 pluto[20108]: | sent DPD notification R_U_THERE with seqno = 26525
2019:02:05-09:31:58 tf-fw01 pluto[20108]: | inserting event EVENT_DPD, timeout in 30 seconds for #5
2019:02:05-09:31:58 tf-fw01 pluto[20108]: | next event EVENT_DPD_UPDATE in 9 seconds for #6
2019:02:05-09:31:58 tf-fw01 pluto[20108]: |
2019:02:05-09:31:58 tf-fw01 pluto[20108]: | *received 92 bytes from 45.217.20.197:4500 on eth1
2019:02:05-09:31:58 tf-fw01 pluto[20108]: | ICOOKIE: 9d 00 cb d2 80 cb 37 28
2019:02:05-09:31:58 tf-fw01 pluto[20108]: | RCOOKIE: 63 ec 2a d2 fd 87 de d6
2019:02:05-09:31:58 tf-fw01 pluto[20108]: | peer: 59 f7 d1 c5
2019:02:05-09:31:58 tf-fw01 pluto[20108]: | state hash entry 15
2019:02:05-09:31:58 tf-fw01 pluto[20108]: | state object #5 found, in STATE_MAIN_R3
2019:02:05-09:31:58 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[6] 45.217.20.197:4500 #5: Informational Exchange message is invalid because it has a previously used Message ID (0x564e50eb)
2019:02:05-09:31:58 tf-fw01 pluto[20108]: | next event EVENT_DPD_UPDATE in 9 seconds for #6
2019:02:05-09:32:07 tf-fw01 pluto[20108]: |
2019:02:05-09:32:07 tf-fw01 pluto[20108]: | *time to handle event
2019:02:05-09:32:07 tf-fw01 pluto[20108]: | event after this is EVENT_NAT_T_KEEPALIVE in 19 seconds
2019:02:05-09:32:07 tf-fw01 pluto[20108]: | inserting event EVENT_DPD_UPDATE, timeout in 30 seconds for #6
2019:02:05-09:32:07 tf-fw01 pluto[20108]: | next event EVENT_NAT_T_KEEPALIVE in 19 seconds
2019:02:05-09:32:26 tf-fw01 pluto[20108]: |
2019:02:05-09:32:26 tf-fw01 pluto[20108]: | *time to handle event
2019:02:05-09:32:26 tf-fw01 pluto[20108]: | event after this is EVENT_DPD in 2 seconds
2019:02:05-09:32:26 tf-fw01 pluto[20108]: | inserting event EVENT_NAT_T_KEEPALIVE, timeout in 60 seconds
2019:02:05-09:32:26 tf-fw01 pluto[20108]: | next event EVENT_DPD in 2 seconds for #5
2019:02:05-09:32:28 tf-fw01 pluto[20108]: |
2019:02:05-09:32:28 tf-fw01 pluto[20108]: | *time to handle event
2019:02:05-09:32:28 tf-fw01 pluto[20108]: | event after this is EVENT_DPD_UPDATE in 9 seconds
2019:02:05-09:32:28 tf-fw01 pluto[20108]: | sent DPD notification R_U_THERE with seqno = 26526
2019:02:05-09:32:28 tf-fw01 pluto[20108]: | inserting event EVENT_DPD, timeout in 30 seconds for #5
2019:02:05-09:32:28 tf-fw01 pluto[20108]: | next event EVENT_DPD_UPDATE in 9 seconds for #6
2019:02:05-09:32:28 tf-fw01 pluto[20108]: |
2019:02:05-09:32:28 tf-fw01 pluto[20108]: | *received 92 bytes from 45.217.20.197:4500 on eth1
2019:02:05-09:32:28 tf-fw01 pluto[20108]: | ICOOKIE: 9d 00 cb d2 80 cb 37 28
2019:02:05-09:32:28 tf-fw01 pluto[20108]: | RCOOKIE: 63 ec 2a d2 fd 87 de d6
2019:02:05-09:32:28 tf-fw01 pluto[20108]: | peer: 59 f7 d1 c5
2019:02:05-09:32:28 tf-fw01 pluto[20108]: | state hash entry 15
2019:02:05-09:32:28 tf-fw01 pluto[20108]: | state object #5 found, in STATE_MAIN_R3
2019:02:05-09:32:28 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[6] 45.217.20.197:4500 #5: Informational Exchange message is invalid because it has a previously used Message ID (0xd4c25dce)
2019:02:05-09:32:28 tf-fw01 pluto[20108]: | next event EVENT_DPD_UPDATE in 9 seconds for #6
2019:02:05-09:32:37 tf-fw01 pluto[20108]: |
2019:02:05-09:32:37 tf-fw01 pluto[20108]: | *time to handle event
2019:02:05-09:32:37 tf-fw01 pluto[20108]: | event after this is EVENT_DPD in 21 seconds
2019:02:05-09:32:37 tf-fw01 pluto[20108]: | inserting event EVENT_DPD_UPDATE, timeout in 30 seconds for #6
2019:02:05-09:32:37 tf-fw01 pluto[20108]: | next event EVENT_DPD in 21 seconds for #5
2019:02:05-09:32:58 tf-fw01 pluto[20108]: |
2019:02:05-09:32:58 tf-fw01 pluto[20108]: | *time to handle event
2019:02:05-09:32:58 tf-fw01 pluto[20108]: | event after this is EVENT_DPD_UPDATE in 9 seconds
2019:02:05-09:32:58 tf-fw01 pluto[20108]: | sent DPD notification R_U_THERE with seqno = 26527
2019:02:05-09:32:58 tf-fw01 pluto[20108]: | inserting event EVENT_DPD, timeout in 30 seconds for #5
2019:02:05-09:32:58 tf-fw01 pluto[20108]: | next event EVENT_DPD_UPDATE in 9 seconds for #6
2019:02:05-09:32:58 tf-fw01 pluto[20108]: |
2019:02:05-09:32:58 tf-fw01 pluto[20108]: | *received 92 bytes from 45.217.20.197:4500 on eth1
2019:02:05-09:32:58 tf-fw01 pluto[20108]: | ICOOKIE: 9d 00 cb d2 80 cb 37 28
2019:02:05-09:32:58 tf-fw01 pluto[20108]: | RCOOKIE: 63 ec 2a d2 fd 87 de d6
2019:02:05-09:32:58 tf-fw01 pluto[20108]: | peer: 59 f7 d1 c5
2019:02:05-09:32:58 tf-fw01 pluto[20108]: | state hash entry 15
2019:02:05-09:32:58 tf-fw01 pluto[20108]: | state object #5 found, in STATE_MAIN_R3
2019:02:05-09:32:58 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[6] 45.217.20.197:4500 #5: Informational Exchange message is invalid because it has a previously used Message ID (0x8e78484b)
2019:02:05-09:32:58 tf-fw01 pluto[20108]: | next event EVENT_DPD_UPDATE in 9 seconds for #6
2019:02:05-09:33:07 tf-fw01 pluto[20108]: |
2019:02:05-09:33:07 tf-fw01 pluto[20108]: | *time to handle event
2019:02:05-09:33:07 tf-fw01 pluto[20108]: | event after this is EVENT_NAT_T_KEEPALIVE in 19 seconds
2019:02:05-09:33:07 tf-fw01 pluto[20108]: | inserting event EVENT_DPD_UPDATE, timeout in 30 seconds for #6
2019:02:05-09:33:07 tf-fw01 pluto[20108]: | next event EVENT_NAT_T_KEEPALIVE in 19 seconds
2019:02:05-09:33:26 tf-fw01 pluto[20108]: |
2019:02:05-09:33:26 tf-fw01 pluto[20108]: | *time to handle event
2019:02:05-09:33:26 tf-fw01 pluto[20108]: | event after this is EVENT_DPD in 2 seconds
2019:02:05-09:33:26 tf-fw01 pluto[20108]: | inserting event EVENT_NAT_T_KEEPALIVE, timeout in 60 seconds
2019:02:05-09:33:26 tf-fw01 pluto[20108]: | next event EVENT_DPD in 2 seconds for #5
2019:02:05-09:33:28 tf-fw01 pluto[20108]: |
2019:02:05-09:33:28 tf-fw01 pluto[20108]: | *time to handle event
2019:02:05-09:33:28 tf-fw01 pluto[20108]: | event after this is EVENT_DPD_UPDATE in 9 seconds
2019:02:05-09:33:28 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[6] 45.217.20.197:4500 #5: DPD: No response from peer - declaring peer dead
2019:02:05-09:33:28 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[6] 45.217.20.197:4500 #5: DPD: Terminating all SAs using this connection
2019:02:05-09:33:28 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[6] 45.217.20.197:4500 #5: deleting connection "S_VPN BRANCH-OFFICE"[6] instance with peer 45.217.20.197 {isakmp=#5/ipsec=#6}
2019:02:05-09:33:28 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE" #6: deleting state (STATE_QUICK_R2)



This thread was automatically locked due to age.
  • 0

    Hallo Sebastian and welcome to the UTM Community!

    The DPD selections must match on the endpoints.  The FritzBox admin needs to enable that in that device.  If that doesn't solve the issue, then please show us a few related lined from the IPsec log.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML