Dead Peer Detection kills IPsec after 3min

Question

Hello guys, 
 
 I just created first IPsec connection with my UTM. 
 The connection is established successfully (I can ping and transfer over vpn), but after ~3min the DeadPeerDetection kills the vpn, so it must be re-established. 
 If I disable DPD the connections stays connected, but after next provider-disconnect there are multiple vpn's opnened on UTM-site and nothing works, so this dont seems to be a solution. 
 scenario: 
 main-office: Sophos UTM SG115, lan: 192.168.1.253/24, wan: 172.16.0.253/24 (exposed host behind a router, cannot change this atm), is waiting for vpn-connect 
 branch-office: fritzbox, lan: 192.168.178.1/24, wan: jgmn6nejdu33.myfritz.net, initiating vpn-connection 
 
 attached is protocol: 09:30:47 -> IPsec SA established, 09:33:28 -> dead peer detected 
 
 hope somebody has an idea

Fullscreen 
 protocol.txt 
 Download 
 
 
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | *received 496 bytes from 45.217.20.197:500 on eth1
2019:02:05-09:30:46 tf-fw01 pluto[20108]: packet from 45.217.20.197:500: received Vendor ID payload [XAUTH]
2019:02:05-09:30:46 tf-fw01 pluto[20108]: packet from 45.217.20.197:500: received Vendor ID payload [Dead Peer Detection]
2019:02:05-09:30:46 tf-fw01 pluto[20108]: packet from 45.217.20.197:500: received Vendor ID payload [RFC 3947]
2019:02:05-09:30:46 tf-fw01 pluto[20108]: packet from 45.217.20.197:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2019:02:05-09:30:46 tf-fw01 pluto[20108]: packet from 45.217.20.197:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2019:02:05-09:30:46 tf-fw01 pluto[20108]: packet from 45.217.20.197:500: ignoring Vendor ID payload [a2226fc364500f5634ff77db3b74f41b]
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | preparse_isakmp_policy: peer requests PSK authentication
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | instantiated "S_VPN BRANCH-OFFICE" for 45.217.20.197
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | creating state object #5 at 0x8c363b0
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | ICOOKIE: 9d 00 cb d2 80 cb 37 28
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | RCOOKIE: 63 ec 2a d2 fd 87 de d6
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | peer: 59 f7 d1 c5
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | state hash entry 15
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #5
2019:02:05-09:30:46 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[5] 45.217.20.197 #5: responding to Main Mode from unknown peer 45.217.20.197
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #5
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | next event EVENT_RETRANSMIT in 10 seconds for #5
2019:02:05-09:30:46 tf-fw01 pluto[20108]: |
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | *received 228 bytes from 45.217.20.197:500 on eth1
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | ICOOKIE: 9d 00 cb d2 80 cb 37 28
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | RCOOKIE: 63 ec 2a d2 fd 87 de d6
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | peer: 59 f7 d1 c5
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | state hash entry 15
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | state object #5 found, in STATE_MAIN_R1
2019:02:05-09:30:46 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[5] 45.217.20.197 #5: NAT-Traversal: Result using RFC 3947: i am NATed
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #5
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | next event EVENT_RETRANSMIT in 10 seconds for #5
2019:02:05-09:30:46 tf-fw01 pluto[20108]: |
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | *received 124 bytes from 45.217.20.197:4500 on eth1
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | ICOOKIE: 9d 00 cb d2 80 cb 37 28
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | RCOOKIE: 63 ec 2a d2 fd 87 de d6
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | peer: 59 f7 d1 c5
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | state hash entry 15
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | state object #5 found, in STATE_MAIN_R2
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | NAT-T: new mapping 45.217.20.197:500/4500)
2019:02:05-09:30:46 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[5] 45.217.20.197:4500 #5: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2019:02:05-09:30:46 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[5] 45.217.20.197:4500 #5: Peer ID is ID_FQDN: 'jgmn6nejdu33.myfritz.net'
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | peer CA: %none
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | S_VPN BRANCH-OFFICE: no match (id: no, auth: ok, trust: ok, request: ok, prio: 2048)
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | S_VPN BRANCH-OFFICE: full match (id: ok, auth: ok, trust: ok, request: ok, prio: 1216)
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | offered CA: %none
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | switched from "S_VPN BRANCH-OFFICE" to "S_VPN BRANCH-OFFICE"
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | instantiated "S_VPN BRANCH-OFFICE" for 45.217.20.197
2019:02:05-09:30:46 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[6] 45.217.20.197:4500 #5: deleting connection "S_VPN BRANCH-OFFICE"[5] instance with peer 45.217.20.197 {isakmp=#0/ipsec=#0}
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | certs and keys locked by 'delete_connection'
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | certs and keys unlocked by 'delete_connection'
2019:02:05-09:30:46 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[6] 45.217.20.197:4500 #5: Dead Peer Detection (RFC 3706) enabled
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | inserting event EVENT_DPD, timeout in 42 seconds for #5
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | inserting event EVENT_SA_REPLACE, timeout in 3330 seconds for #5
2019:02:05-09:30:46 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[6] 45.217.20.197:4500 #5: sent MR3, ISAKMP SA established
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | next event EVENT_NAT_T_KEEPALIVE in 40 seconds
2019:02:05-09:30:46 tf-fw01 pluto[20108]: |
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | *received 332 bytes from 45.217.20.197:4500 on eth1
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | ICOOKIE: 9d 00 cb d2 80 cb 37 28
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | RCOOKIE: 63 ec 2a d2 fd 87 de d6
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | peer: 59 f7 d1 c5
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | state hash entry 15
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | state object not found
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | ICOOKIE: 9d 00 cb d2 80 cb 37 28
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | RCOOKIE: 63 ec 2a d2 fd 87 de d6
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | peer: 59 f7 d1 c5
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | state hash entry 15
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | state object #5 found, in STATE_MAIN_R3
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | peer client is subnet 192.168.178.0/24
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | peer client protocol/port is 0/0
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | our client is subnet 192.168.1.0/24
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | our client protocol/port is 0/0
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | find_client_connection starting with S_VPN BRANCH-OFFICE
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | looking for 192.168.1.0/24:0/0 -> 192.168.178.0/24:0/0
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | concrete checking against sr#0 192.168.1.0/24 -> 192.168.178.0/24
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | fc_try trying S_VPN BRANCH-OFFICE:192.168.1.0/24:0/0 -> 192.168.178.0/24:0/0 vs S_VPN BRANCH-OFFICE:192.168.1.0/24:0/0 -> 192.168.178.0/24:0/0
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | fc_try concluding with S_VPN BRANCH-OFFICE [168]
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | fc_try S_VPN BRANCH-OFFICE gives S_VPN BRANCH-OFFICE
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | concluding with d = S_VPN BRANCH-OFFICE
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | duplicating state object #5
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | creating state object #6 at 0x8c376f0
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | ICOOKIE: 9d 00 cb d2 80 cb 37 28
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | RCOOKIE: 63 ec 2a d2 fd 87 de d6
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | peer: 59 f7 d1 c5
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | state hash entry 15
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #6
2019:02:05-09:30:46 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[6] 45.217.20.197:4500 #6: responding to Quick Mode
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | kernel_alg_esp_auth_keylen(auth=2, sadb_aalg=3): a_keylen=20
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #6
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | next event EVENT_RETRANSMIT in 10 seconds for #6
2019:02:05-09:30:46 tf-fw01 pluto[20108]: |
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | *received 60 bytes from 45.217.20.197:4500 on eth1
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | ICOOKIE: 9d 00 cb d2 80 cb 37 28
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | RCOOKIE: 63 ec 2a d2 fd 87 de d6
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | peer: 59 f7 d1 c5
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | state hash entry 15
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | state object #6 found, in STATE_QUICK_R1
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | install_ipsec_sas() for #6: inbound and outbound
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | route owner of "S_VPN BRANCH-OFFICE"[6] 45.217.20.197:4500 unrouted: NULL; eroute owner: NULL
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | add inbound eroute 192.168.178.0/24:0 -> 192.168.1.0/24:0 => tun.10000@172.16.0.253:0
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | sr for #6: unrouted
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | route owner of "S_VPN BRANCH-OFFICE"[6] 45.217.20.197:4500 unrouted: NULL; eroute owner: NULL
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | route_and_eroute with c: S_VPN BRANCH-OFFICE (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 6
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | eroute_connection add eroute 192.168.1.0/24:0 -> 192.168.178.0/24:0 => tun.0@45.217.20.197:0
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | executing up-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='up-client' PLUTO_CONNECTION='S_VPN BRANCH-OFFICE' PLUTO_NEXT_HOP='45.217.20.197' PLUTO_INTERFACE='eth1' PLUTO_REQID='16409' PLUTO_ME='172.16.0.253' PLUTO_MY_ID='tf-vpn.tf-stiftung.de' PLUTO_MY_CLIENT='192.168.1.0/24' PLUTO_MY_CLIENT_NET='192.168.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='45.217.20.197' PLUTO_PEER_ID='jgmn6nejdu33.myfritz.net' PLUTO_PEER_CLIENT='192.168.178.0/24' PLUTO_PEER_CLIENT_NET='192.168.178.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_MY_SOURCEIP='192.168.1.253' /usr/libexec/ipsec/updown classic
2019:02:05-09:30:46 tf-fw01 pluto[20108]: id="2203" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN up" variant="ipsec" connection="VPN BRANCH-OFFICE" address="172.16.0.253" local_net="192.168.1.0/24" remote_net="192.168.178.0/24"
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | route_and_eroute: firewall_notified: true
2019:02:05-09:30:46 tf-fw01 pluto[20108]: | executing prepare-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-client' PLUTO_CONNECTION='S_VPN BRANCH-OFFICE' PLUTO_NEXT_HOP='45.217.20.197' PLUTO_INTERFACE='eth1' PLUTO_REQID='16409' PLUTO_ME='172.16.0.253' PLUTO_MY_ID='tf-vpn.tf-stiftung.de' PLUTO_MY_CLIENT='192.168.1.0/24' PLUTO_MY_CLIENT_NET='192.168.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='45.217.20.197' PLUTO_PEER_ID='jgmn6nejdu33.myfritz.net' PLUTO_PEER_CLIENT='192.168.178.0/24' PLUTO_PEER_CLIENT_NET='192.168.178.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_MY_SOURCEIP='192.168.1.253' /usr/libexec/ipsec/updown classic
2019:02:05-09:30:47 tf-fw01 pluto[20108]: | executing route-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-client' PLUTO_CONNECTION='S_VPN BRANCH-OFFICE' PLUTO_NEXT_HOP='45.217.20.197' PLUTO_INTERFACE='eth1' PLUTO_REQID='16409' PLUTO_ME='172.16.0.253' PLUTO_MY_ID='tf-vpn.tf-stiftung.de' PLUTO_MY_CLIENT='192.168.1.0/24' PLUTO_MY_CLIENT_NET='192.168.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='45.217.20.197' PLUTO_PEER_ID='jgmn6nejdu33.myfritz.net' PLUTO_PEER_CLIENT='192.168.178.0/24' PLUTO_PEER_CLIENT_NET='192.168.178.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_MY_SOURCEIP='192.168.1.253' /usr/libexec/ipsec/updown classic
2019:02:05-09:30:47 tf-fw01 pluto[20108]: updown: called /sbin/ip -4 route replace 192.168.178.0/24 dev eth1 table main src 192.168.1.253 proto ipsec metric 0 (0)
2019:02:05-09:30:47 tf-fw01 pluto[20108]: updown: called /usr/local/bin/ct -D -s 192.168.1.0/24 -d 192.168.178.0/24 (0)
2019:02:05-09:30:47 tf-fw01 pluto[20108]: | route_and_eroute: instance "S_VPN BRANCH-OFFICE"[6] 45.217.20.197:4500, setting eroute_owner {spd=0x8c372e8,sr=0x8c372e8} to #6 (was #0) (newest_ipsec_sa=#0)
2019:02:05-09:30:47 tf-fw01 pluto[20108]: | inI2: instance S_VPN BRANCH-OFFICE[6], setting newest_ipsec_sa to #6 (was #0) (spd.eroute=#6)
2019:02:05-09:30:47 tf-fw01 pluto[20108]: | ICOOKIE: 9d 00 cb d2 80 cb 37 28
2019:02:05-09:30:47 tf-fw01 pluto[20108]: | RCOOKIE: 63 ec 2a d2 fd 87 de d6
2019:02:05-09:30:47 tf-fw01 pluto[20108]: | peer: 59 f7 d1 c5
2019:02:05-09:30:47 tf-fw01 pluto[20108]: | state hash entry 15
2019:02:05-09:30:47 tf-fw01 pluto[20108]: | state object #5 found, in STATE_MAIN_R3
2019:02:05-09:30:47 tf-fw01 pluto[20108]: | inserting event EVENT_DPD_UPDATE, timeout in 20 seconds for #6
2019:02:05-09:30:47 tf-fw01 pluto[20108]: | inserting event EVENT_SA_REPLACE, timeout in 3330 seconds for #6
2019:02:05-09:30:47 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[6] 45.217.20.197:4500 #6: IPsec SA established {ESP=>0xe3c4dc8a <0xe309f142 NATOA=0.0.0.0 DPD}
2019:02:05-09:30:47 tf-fw01 pluto[20108]: | next event EVENT_DPD_UPDATE in 20 seconds for #6
2019:02:05-09:31:07 tf-fw01 pluto[20108]: |
2019:02:05-09:31:07 tf-fw01 pluto[20108]: | *time to handle event
2019:02:05-09:31:07 tf-fw01 pluto[20108]: | event after this is EVENT_NAT_T_KEEPALIVE in 19 seconds
2019:02:05-09:31:07 tf-fw01 pluto[20108]: | inserting event EVENT_DPD_UPDATE, timeout in 30 seconds for #6
2019:02:05-09:31:07 tf-fw01 pluto[20108]: | next event EVENT_NAT_T_KEEPALIVE in 19 seconds
2019:02:05-09:31:26 tf-fw01 pluto[20108]: |
2019:02:05-09:31:26 tf-fw01 pluto[20108]: | *time to handle event
2019:02:05-09:31:26 tf-fw01 pluto[20108]: | event after this is EVENT_DPD in 2 seconds
2019:02:05-09:31:26 tf-fw01 pluto[20108]: | inserting event EVENT_NAT_T_KEEPALIVE, timeout in 60 seconds
2019:02:05-09:31:26 tf-fw01 pluto[20108]: | next event EVENT_DPD in 2 seconds for #5
2019:02:05-09:31:28 tf-fw01 pluto[20108]: |
2019:02:05-09:31:28 tf-fw01 pluto[20108]: | *time to handle event
2019:02:05-09:31:28 tf-fw01 pluto[20108]: | event after this is EVENT_DPD_UPDATE in 9 seconds
2019:02:05-09:31:28 tf-fw01 pluto[20108]: | sent DPD notification R_U_THERE with seqno = 26524
2019:02:05-09:31:28 tf-fw01 pluto[20108]: | inserting event EVENT_DPD, timeout in 30 seconds for #5
2019:02:05-09:31:28 tf-fw01 pluto[20108]: | next event EVENT_DPD_UPDATE in 9 seconds for #6
2019:02:05-09:31:28 tf-fw01 pluto[20108]: |
2019:02:05-09:31:28 tf-fw01 pluto[20108]: | *received 92 bytes from 45.217.20.197:4500 on eth1
2019:02:05-09:31:28 tf-fw01 pluto[20108]: | ICOOKIE: 9d 00 cb d2 80 cb 37 28
2019:02:05-09:31:28 tf-fw01 pluto[20108]: | RCOOKIE: 63 ec 2a d2 fd 87 de d6
2019:02:05-09:31:28 tf-fw01 pluto[20108]: | peer: 59 f7 d1 c5
2019:02:05-09:31:28 tf-fw01 pluto[20108]: | state hash entry 15
2019:02:05-09:31:28 tf-fw01 pluto[20108]: | state object #5 found, in STATE_MAIN_R3
2019:02:05-09:31:28 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[6] 45.217.20.197:4500 #5: Informational Exchange message is invalid because it has a previously used Message ID (0x4180b0c2)
2019:02:05-09:31:28 tf-fw01 pluto[20108]: | next event EVENT_DPD_UPDATE in 9 seconds for #6
2019:02:05-09:31:37 tf-fw01 pluto[20108]: |
2019:02:05-09:31:37 tf-fw01 pluto[20108]: | *time to handle event
2019:02:05-09:31:37 tf-fw01 pluto[20108]: | event after this is EVENT_DPD in 21 seconds
2019:02:05-09:31:37 tf-fw01 pluto[20108]: | inserting event EVENT_DPD_UPDATE, timeout in 30 seconds for #6
2019:02:05-09:31:37 tf-fw01 pluto[20108]: | next event EVENT_DPD in 21 seconds for #5
2019:02:05-09:31:58 tf-fw01 pluto[20108]: |
2019:02:05-09:31:58 tf-fw01 pluto[20108]: | *time to handle event
2019:02:05-09:31:58 tf-fw01 pluto[20108]: | event after this is EVENT_DPD_UPDATE in 9 seconds
2019:02:05-09:31:58 tf-fw01 pluto[20108]: | sent DPD notification R_U_THERE with seqno = 26525
2019:02:05-09:31:58 tf-fw01 pluto[20108]: | inserting event EVENT_DPD, timeout in 30 seconds for #5
2019:02:05-09:31:58 tf-fw01 pluto[20108]: | next event EVENT_DPD_UPDATE in 9 seconds for #6
2019:02:05-09:31:58 tf-fw01 pluto[20108]: |
2019:02:05-09:31:58 tf-fw01 pluto[20108]: | *received 92 bytes from 45.217.20.197:4500 on eth1
2019:02:05-09:31:58 tf-fw01 pluto[20108]: | ICOOKIE: 9d 00 cb d2 80 cb 37 28
2019:02:05-09:31:58 tf-fw01 pluto[20108]: | RCOOKIE: 63 ec 2a d2 fd 87 de d6
2019:02:05-09:31:58 tf-fw01 pluto[20108]: | peer: 59 f7 d1 c5
2019:02:05-09:31:58 tf-fw01 pluto[20108]: | state hash entry 15
2019:02:05-09:31:58 tf-fw01 pluto[20108]: | state object #5 found, in STATE_MAIN_R3
2019:02:05-09:31:58 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[6] 45.217.20.197:4500 #5: Informational Exchange message is invalid because it has a previously used Message ID (0x564e50eb)
2019:02:05-09:31:58 tf-fw01 pluto[20108]: | next event EVENT_DPD_UPDATE in 9 seconds for #6
2019:02:05-09:32:07 tf-fw01 pluto[20108]: |
2019:02:05-09:32:07 tf-fw01 pluto[20108]: | *time to handle event
2019:02:05-09:32:07 tf-fw01 pluto[20108]: | event after this is EVENT_NAT_T_KEEPALIVE in 19 seconds
2019:02:05-09:32:07 tf-fw01 pluto[20108]: | inserting event EVENT_DPD_UPDATE, timeout in 30 seconds for #6
2019:02:05-09:32:07 tf-fw01 pluto[20108]: | next event EVENT_NAT_T_KEEPALIVE in 19 seconds
2019:02:05-09:32:26 tf-fw01 pluto[20108]: |
2019:02:05-09:32:26 tf-fw01 pluto[20108]: | *time to handle event
2019:02:05-09:32:26 tf-fw01 pluto[20108]: | event after this is EVENT_DPD in 2 seconds
2019:02:05-09:32:26 tf-fw01 pluto[20108]: | inserting event EVENT_NAT_T_KEEPALIVE, timeout in 60 seconds
2019:02:05-09:32:26 tf-fw01 pluto[20108]: | next event EVENT_DPD in 2 seconds for #5
2019:02:05-09:32:28 tf-fw01 pluto[20108]: |
2019:02:05-09:32:28 tf-fw01 pluto[20108]: | *time to handle event
2019:02:05-09:32:28 tf-fw01 pluto[20108]: | event after this is EVENT_DPD_UPDATE in 9 seconds
2019:02:05-09:32:28 tf-fw01 pluto[20108]: | sent DPD notification R_U_THERE with seqno = 26526
2019:02:05-09:32:28 tf-fw01 pluto[20108]: | inserting event EVENT_DPD, timeout in 30 seconds for #5
2019:02:05-09:32:28 tf-fw01 pluto[20108]: | next event EVENT_DPD_UPDATE in 9 seconds for #6
2019:02:05-09:32:28 tf-fw01 pluto[20108]: |
2019:02:05-09:32:28 tf-fw01 pluto[20108]: | *received 92 bytes from 45.217.20.197:4500 on eth1
2019:02:05-09:32:28 tf-fw01 pluto[20108]: | ICOOKIE: 9d 00 cb d2 80 cb 37 28
2019:02:05-09:32:28 tf-fw01 pluto[20108]: | RCOOKIE: 63 ec 2a d2 fd 87 de d6
2019:02:05-09:32:28 tf-fw01 pluto[20108]: | peer: 59 f7 d1 c5
2019:02:05-09:32:28 tf-fw01 pluto[20108]: | state hash entry 15
2019:02:05-09:32:28 tf-fw01 pluto[20108]: | state object #5 found, in STATE_MAIN_R3
2019:02:05-09:32:28 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[6] 45.217.20.197:4500 #5: Informational Exchange message is invalid because it has a previously used Message ID (0xd4c25dce)
2019:02:05-09:32:28 tf-fw01 pluto[20108]: | next event EVENT_DPD_UPDATE in 9 seconds for #6
2019:02:05-09:32:37 tf-fw01 pluto[20108]: |
2019:02:05-09:32:37 tf-fw01 pluto[20108]: | *time to handle event
2019:02:05-09:32:37 tf-fw01 pluto[20108]: | event after this is EVENT_DPD in 21 seconds
2019:02:05-09:32:37 tf-fw01 pluto[20108]: | inserting event EVENT_DPD_UPDATE, timeout in 30 seconds for #6
2019:02:05-09:32:37 tf-fw01 pluto[20108]: | next event EVENT_DPD in 21 seconds for #5
2019:02:05-09:32:58 tf-fw01 pluto[20108]: |
2019:02:05-09:32:58 tf-fw01 pluto[20108]: | *time to handle event
2019:02:05-09:32:58 tf-fw01 pluto[20108]: | event after this is EVENT_DPD_UPDATE in 9 seconds
2019:02:05-09:32:58 tf-fw01 pluto[20108]: | sent DPD notification R_U_THERE with seqno = 26527
2019:02:05-09:32:58 tf-fw01 pluto[20108]: | inserting event EVENT_DPD, timeout in 30 seconds for #5
2019:02:05-09:32:58 tf-fw01 pluto[20108]: | next event EVENT_DPD_UPDATE in 9 seconds for #6
2019:02:05-09:32:58 tf-fw01 pluto[20108]: |
2019:02:05-09:32:58 tf-fw01 pluto[20108]: | *received 92 bytes from 45.217.20.197:4500 on eth1
2019:02:05-09:32:58 tf-fw01 pluto[20108]: | ICOOKIE: 9d 00 cb d2 80 cb 37 28
2019:02:05-09:32:58 tf-fw01 pluto[20108]: | RCOOKIE: 63 ec 2a d2 fd 87 de d6
2019:02:05-09:32:58 tf-fw01 pluto[20108]: | peer: 59 f7 d1 c5
2019:02:05-09:32:58 tf-fw01 pluto[20108]: | state hash entry 15
2019:02:05-09:32:58 tf-fw01 pluto[20108]: | state object #5 found, in STATE_MAIN_R3
2019:02:05-09:32:58 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[6] 45.217.20.197:4500 #5: Informational Exchange message is invalid because it has a previously used Message ID (0x8e78484b)
2019:02:05-09:32:58 tf-fw01 pluto[20108]: | next event EVENT_DPD_UPDATE in 9 seconds for #6
2019:02:05-09:33:07 tf-fw01 pluto[20108]: |
2019:02:05-09:33:07 tf-fw01 pluto[20108]: | *time to handle event
2019:02:05-09:33:07 tf-fw01 pluto[20108]: | event after this is EVENT_NAT_T_KEEPALIVE in 19 seconds
2019:02:05-09:33:07 tf-fw01 pluto[20108]: | inserting event EVENT_DPD_UPDATE, timeout in 30 seconds for #6
2019:02:05-09:33:07 tf-fw01 pluto[20108]: | next event EVENT_NAT_T_KEEPALIVE in 19 seconds
2019:02:05-09:33:26 tf-fw01 pluto[20108]: |
2019:02:05-09:33:26 tf-fw01 pluto[20108]: | *time to handle event
2019:02:05-09:33:26 tf-fw01 pluto[20108]: | event after this is EVENT_DPD in 2 seconds
2019:02:05-09:33:26 tf-fw01 pluto[20108]: | inserting event EVENT_NAT_T_KEEPALIVE, timeout in 60 seconds
2019:02:05-09:33:26 tf-fw01 pluto[20108]: | next event EVENT_DPD in 2 seconds for #5
2019:02:05-09:33:28 tf-fw01 pluto[20108]: |
2019:02:05-09:33:28 tf-fw01 pluto[20108]: | *time to handle event
2019:02:05-09:33:28 tf-fw01 pluto[20108]: | event after this is EVENT_DPD_UPDATE in 9 seconds
2019:02:05-09:33:28 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[6] 45.217.20.197:4500 #5: DPD: No response from peer - declaring peer dead
2019:02:05-09:33:28 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[6] 45.217.20.197:4500 #5: DPD: Terminating all SAs using this connection
2019:02:05-09:33:28 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE"[6] 45.217.20.197:4500 #5: deleting connection "S_VPN BRANCH-OFFICE"[6] instance with peer 45.217.20.197 {isakmp=#5/ipsec=#6}
2019:02:05-09:33:28 tf-fw01 pluto[20108]: "S_VPN BRANCH-OFFICE" #6: deleting state (STATE_QUICK_R2)