This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec VPN keeps down after DSL lines reconnects...

i run several ipsec tunnel for years without any problems... all runs fine with 9.355-1


since the update to 9.402-7 all ipsec tunnels are down every morning.


i checked the ipsec-logs and found out that after my dsl-lines reconnect the tunnels will not come up again.

i have to turn them off and on and then all works....


anyone can help?



This thread was automatically locked due to age.
Parents
  • Hi,

    Please post IPsec logs. 

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Here are some logs from my life production system:


    i have pressed "reconnect" on a dsl line (DSL16K_1). got 2 IPSEC Tunnels on this interface (S_VPN_EC and S_VPN_UHAB). both going down and will not come up again.

    2016:05:23-15:03:10 vpn-1 pluto[5152]: shutting down interface ppp0/ppp0 80.153.47.40
    2016:05:23-15:03:10 vpn-1 pluto[5152]: shutting down interface ppp0/ppp0 80.153.47.40
    2016:05:23-15:03:10 vpn-1 pluto[5152]: "S_VPN_2_UHAB" #22: deleting state (STATE_QUICK_I2)
    2016:05:23-15:03:10 vpn-1 pluto[5152]: ERROR: "S_VPN_2_UHAB" #22: sendto on ppp0 to 193.159.189.99:500 failed in delete notify. Errno 22: Invalid argument
    2016:05:23-15:03:10 vpn-2 pluto[32759]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="VPN_2_UHAB" address="80.153.47.40" local_net="10.2.128.0/23" remote_net="192.168.12.0/24"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="VPN_2_UHAB" address="80.153.47.40" local_net="10.2.128.0/23" remote_net="192.168.12.0/24"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: "S_VPN_2_UHAB" #2: deleting state (STATE_MAIN_I4)
    2016:05:23-15:03:10 vpn-1 pluto[5152]: ERROR: "S_VPN_2_UHAB" #2: sendto on ppp0 to 193.159.189.99:500 failed in delete notify. Errno 22: Invalid argument
    2016:05:23-15:03:10 vpn-1 pluto[5152]: updown: /sbin/ip -4 route del 192.168.12.0/24 dev ppp0 src 10.2.128.10 proto ipsec metric 0 failed with status 1:
    2016:05:23-15:03:10 vpn-1 pluto[5152]: updown: Cannot find device "ppp0"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: "S_VPN_2_EC" #30: deleting state (STATE_QUICK_I2)
    2016:05:23-15:03:10 vpn-1 pluto[5152]: ERROR: "S_VPN_2_EC" #30: sendto on ppp0 to 91.6.233.166:4500 failed in delete notify. Errno 22: Invalid argument
    2016:05:23-15:03:10 vpn-2 pluto[32759]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="VPN_2_EC" address="80.153.47.40" local_net="10.10.30.0/24" remote_net="192.168.0.0/24"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="VPN_2_EC" address="80.153.47.40" local_net="10.10.30.0/24" remote_net="192.168.0.0/24"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: updown: /sbin/ip -4 route del 192.168.0.0/24 dev ppp0 src 10.41.10.1 proto ipsec metric 0 failed with status 1:
    2016:05:23-15:03:10 vpn-1 pluto[5152]: updown: Cannot find device "ppp0"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: "S_VPN_2_EC" #31: deleting state (STATE_QUICK_I2)
    2016:05:23-15:03:10 vpn-1 pluto[5152]: ERROR: "S_VPN_2_EC" #31: sendto on ppp0 to 91.6.233.166:4500 failed in delete notify. Errno 22: Invalid argument
    2016:05:23-15:03:10 vpn-2 pluto[32759]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="VPN_2_EC" address="80.153.47.40" local_net="10.2.128.0/23" remote_net="192.168.0.0/24"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="VPN_2_EC" address="80.153.47.40" local_net="10.2.128.0/23" remote_net="192.168.0.0/24"
    2016:05:23-15:03:10 vpn-2 pluto[32759]: shutting down interface ppp0/ppp0 80.153.47.40
    2016:05:23-15:03:10 vpn-2 pluto[32759]: shutting down interface ppp0/ppp0 80.153.47.40
    2016:05:23-15:03:10 vpn-1 pluto[5152]: updown: /sbin/ip -4 route del 192.168.0.0/24 dev ppp0 src 10.41.10.1 proto ipsec metric 0 failed with status 1:
    2016:05:23-15:03:10 vpn-1 pluto[5152]: updown: Cannot find device "ppp0"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: "S_VPN_2_EC" #32: deleting state (STATE_QUICK_I2)
    2016:05:23-15:03:10 vpn-1 pluto[5152]: ERROR: "S_VPN_2_EC" #32: sendto on ppp0 to 91.6.233.166:4500 failed in delete notify. Errno 22: Invalid argument
    2016:05:23-15:03:10 vpn-2 pluto[32759]: updown: /sbin/ip -4 route del 192.168.12.0/24 dev ppp0 src 10.2.128.10 proto ipsec metric 0 failed with status 1:
    2016:05:23-15:03:10 vpn-2 pluto[32759]: updown: Cannot find device "ppp0"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="VPN_2_EC" address="80.153.47.40" local_net="10.35.0.0/16" remote_net="192.168.0.0/24"
    2016:05:23-15:03:10 vpn-2 pluto[32759]: updown: /sbin/ip -4 route del 192.168.0.0/24 dev ppp0 src 10.41.10.1 proto ipsec metric 0 failed with status 1:
    2016:05:23-15:03:10 vpn-2 pluto[32759]: updown: Cannot find device "ppp0"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: updown: /sbin/ip -4 route del 192.168.0.0/24 dev ppp0 src 10.41.10.1 proto ipsec metric 0 failed with status 1:
    2016:05:23-15:03:10 vpn-1 pluto[5152]: updown: Cannot find device "ppp0"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: "S_VPN_2_EC" #33: deleting state (STATE_QUICK_I2)
    2016:05:23-15:03:10 vpn-1 pluto[5152]: ERROR: "S_VPN_2_EC" #33: sendto on ppp0 to 91.6.233.166:4500 failed in delete notify. Errno 22: Invalid argument
    2016:05:23-15:03:10 vpn-2 pluto[32759]: updown: /sbin/ip -4 route del 192.168.0.0/24 dev ppp0 src 10.41.10.1 proto ipsec metric 0 failed with status 1:
    2016:05:23-15:03:10 vpn-2 pluto[32759]: updown: Cannot find device "ppp0"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="VPN_2_EC" address="80.153.47.40" local_net="10.41.10.0/24" remote_net="192.168.0.0/24"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: "S_VPN_2_EC" #1: deleting state (STATE_MAIN_I4)
    2016:05:23-15:03:10 vpn-1 pluto[5152]: ERROR: "S_VPN_2_EC" #1: sendto on ppp0 to 91.6.233.166:4500 failed in delete notify. Errno 22: Invalid argument
    2016:05:23-15:03:10 vpn-2 pluto[32759]: "S_VPN_2_EC" #32: deleting state (STATE_QUICK_I2)
    2016:05:23-15:03:10 vpn-2 pluto[32759]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="VPN_2_EC" address="80.153.47.40" local_net="10.35.0.0/16" remote_net="192.168.0.0/24"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: updown: /sbin/ip -4 route del 192.168.0.0/24 dev ppp0 src 10.41.10.1 proto ipsec metric 0 failed with status 1:
    2016:05:23-15:03:10 vpn-1 pluto[5152]: updown: Cannot find device "ppp0"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: forgetting secrets
    2016:05:23-15:03:10 vpn-1 pluto[5152]: loading secrets from "/etc/ipsec.secrets"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: loaded PSK secret for 80.147.189.220 213.33.54.4
    2016:05:23-15:03:10 vpn-1 pluto[5152]: loaded PSK secret for 80.147.189.220 82.194.122.60
    2016:05:23-15:03:10 vpn-1 pluto[5152]: loaded PSK secret for 80.147.189.220 91.67.35.176
    2016:05:23-15:03:10 vpn-1 pluto[5152]: listening for IKE messages
    2016:05:23-15:03:10 vpn-1 pluto[5152]: forgetting secrets
    2016:05:23-15:03:10 vpn-1 pluto[5152]: loading secrets from "/etc/ipsec.secrets"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: loaded PSK secret for 80.147.189.220 213.33.54.4
    2016:05:23-15:03:10 vpn-1 pluto[5152]: loaded PSK secret for 80.147.189.220 82.194.122.60
    2016:05:23-15:03:10 vpn-1 pluto[5152]: loaded PSK secret for 80.147.189.220 91.67.35.176
    2016:05:23-15:03:10 vpn-1 pluto[5152]: loading ca certificates from '/etc/ipsec.d/cacerts'
    2016:05:23-15:03:10 vpn-1 pluto[5152]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
    2016:05:23-15:03:10 vpn-1 pluto[5152]: loading aa certificates from '/etc/ipsec.d/aacerts'
    2016:05:23-15:03:10 vpn-1 pluto[5152]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
    2016:05:23-15:03:10 vpn-1 pluto[5152]: loading attribute certificates from '/etc/ipsec.d/acerts'
    2016:05:23-15:03:10 vpn-1 pluto[5152]: Changing to directory '/etc/ipsec.d/crls'
    2016:05:23-15:03:10 vpn-2 pluto[32759]: updown: /sbin/ip -4 route del 192.168.0.0/24 dev ppp0 src 10.41.10.1 proto ipsec metric 0 failed with status 1:
    2016:05:23-15:03:10 vpn-2 pluto[32759]: updown: Cannot find device "ppp0"
    2016:05:23-15:03:10 vpn-2 pluto[32759]: "S_VPN_2_EC" #33: deleting state (STATE_QUICK_I2)
    2016:05:23-15:03:10 vpn-1 ipsec_starter[13631]: no default route - cannot cope with %defaultroute!!!
    2016:05:23-15:03:10 vpn-1 pluto[5152]: "S_VPN_2_EC": deleting connection
    2016:05:23-15:03:10 vpn-1 pluto[5152]: "S_VPN_2_EC": deleting connection
    2016:05:23-15:03:10 vpn-1 pluto[5152]: "S_VPN_2_EC": deleting connection
    2016:05:23-15:03:10 vpn-1 pluto[5152]: "S_VPN_2_EC": deleting connection
    2016:05:23-15:03:10 vpn-1 pluto[5152]: "S_VPN_2_UHAB": deleting connection
    2016:05:23-15:03:10 vpn-2 pluto[32759]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="VPN_2_EC" address="80.153.47.40" local_net="10.41.10.0/24" remote_net="192.168.0.0/24"
    2016:05:23-15:03:10 vpn-2 pluto[32759]: "S_VPN_2_EC" #1: deleting state (STATE_MAIN_I4)
    2016:05:23-15:03:10 vpn-2 pluto[32759]: updown: /sbin/ip -4 route del 192.168.0.0/24 dev ppp0 src 10.41.10.1 proto ipsec metric 0 failed with status 1:
    2016:05:23-15:03:10 vpn-2 pluto[32759]: updown: Cannot find device "ppp0"
    2016:05:23-15:03:10 vpn-2 pluto[32759]: forgetting secrets
    2016:05:23-15:03:10 vpn-2 pluto[32759]: loading secrets from "/etc/ipsec.secrets"
    2016:05:23-15:03:10 vpn-2 pluto[32759]: loaded PSK secret for 80.147.189.220 213.33.54.4
    2016:05:23-15:03:10 vpn-2 pluto[32759]: loaded PSK secret for 80.147.189.220 82.194.122.60
    2016:05:23-15:03:10 vpn-2 pluto[32759]: loaded PSK secret for 80.147.189.220 91.67.35.176
    2016:05:23-15:03:10 vpn-2 pluto[32759]: HA System: not master, won't listen for IKE messages
    2016:05:23-15:03:10 vpn-2 pluto[32759]: forgetting secrets
    2016:05:23-15:03:10 vpn-2 pluto[32759]: loading secrets from "/etc/ipsec.secrets"
    2016:05:23-15:03:10 vpn-2 pluto[32759]: loaded PSK secret for 80.147.189.220 213.33.54.4
    2016:05:23-15:03:10 vpn-2 pluto[32759]: loaded PSK secret for 80.147.189.220 82.194.122.60
    2016:05:23-15:03:10 vpn-2 pluto[32759]: loaded PSK secret for 80.147.189.220 91.67.35.176
    2016:05:23-15:03:10 vpn-2 pluto[32759]: loading ca certificates from '/etc/ipsec.d/cacerts'
    2016:05:23-15:03:10 vpn-2 pluto[32759]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
    2016:05:23-15:03:10 vpn-2 pluto[32759]: loading aa certificates from '/etc/ipsec.d/aacerts'
    2016:05:23-15:03:10 vpn-2 pluto[32759]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
    2016:05:23-15:03:10 vpn-2 pluto[32759]: loading attribute certificates from '/etc/ipsec.d/acerts'
    2016:05:23-15:03:10 vpn-2 pluto[32759]: Changing to directory '/etc/ipsec.d/crls'
    2016:05:23-15:03:10 vpn-2 ipsec_starter[28193]: no default route - cannot cope with %defaultroute!!!
    2016:05:23-15:03:10 vpn-2 pluto[32759]: "S_VPN_2_EC": deleting connection
    2016:05:23-15:03:10 vpn-2 pluto[32759]: "S_VPN_2_EC": deleting connection
    2016:05:23-15:03:10 vpn-2 pluto[32759]: "S_VPN_2_EC": deleting connection
    2016:05:23-15:03:10 vpn-2 pluto[32759]: "S_VPN_2_EC": deleting connection
    2016:05:23-15:03:10 vpn-2 pluto[32759]: "S_VPN_2_UHAB": deleting connection
    2016:05:23-15:04:12 vpn-1 pluto[5152]: adding interface ppp0/ppp0 80.153.47.40:500
    2016:05:23-15:04:12 vpn-1 pluto[5152]: adding interface ppp0/ppp0 80.153.47.40:4500
    2016:05:23-15:04:12 vpn-1 pluto[5152]: forgetting secrets
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loading secrets from "/etc/ipsec.secrets"
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loaded PSK secret for 80.147.189.220 213.33.54.4
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loaded PSK secret for 80.153.47.40 193.159.189.99
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loaded PSK secret for 80.147.189.220 82.194.122.60
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loaded PSK secret for 80.147.189.220 91.67.35.176
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loaded PSK secret for 80.153.47.40 rtrec01.wiesbaden.c-ernst.de
    2016:05:23-15:04:12 vpn-1 pluto[5152]: listening for IKE messages
    2016:05:23-15:04:12 vpn-1 pluto[5152]: forgetting secrets
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loading secrets from "/etc/ipsec.secrets"
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loaded PSK secret for 80.147.189.220 213.33.54.4
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loaded PSK secret for 80.153.47.40 193.159.189.99
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loaded PSK secret for 80.147.189.220 82.194.122.60
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loaded PSK secret for 80.147.189.220 91.67.35.176
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loaded PSK secret for 80.153.47.40 rtrec01.wiesbaden.c-ernst.de
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loading ca certificates from '/etc/ipsec.d/cacerts'
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loading aa certificates from '/etc/ipsec.d/aacerts'
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loading attribute certificates from '/etc/ipsec.d/acerts'
    2016:05:23-15:04:12 vpn-1 pluto[5152]: Changing to directory '/etc/ipsec.d/crls'
    2016:05:23-15:04:12 vpn-1 ipsec_starter[13631]: no default route - cannot cope with %defaultroute!!!
    2016:05:23-15:04:12 vpn-1 pluto[5152]: added connection description "S_VPN_2_EC"
    2016:05:23-15:04:12 vpn-1 pluto[5152]: "S_VPN_2_EC" #36: initiating Main Mode
    2016:05:23-15:04:12 vpn-1 pluto[5152]: ERROR: "S_VPN_2_EC" #36: sendto on ppp0 to 91.6.233.166:500 failed in main_outI1. Errno 1: Operation not permitted
    2016:05:23-15:04:12 vpn-1 pluto[5152]: added connection description "S_VPN_2_EC"
    2016:05:23-15:04:12 vpn-1 pluto[5152]: added connection description "S_VPN_2_EC"
    2016:05:23-15:04:12 vpn-1 pluto[5152]: added connection description "S_VPN_2_EC"
    2016:05:23-15:04:12 vpn-1 pluto[5152]: added connection description "S_VPN_2_UHAB"
    2016:05:23-15:04:12 vpn-1 pluto[5152]: "S_VPN_2_UHAB" #37: initiating Main Mode
    2016:05:23-15:04:12 vpn-2 pluto[32759]: adding interface ppp0/ppp0 80.153.47.40:500
    2016:05:23-15:04:12 vpn-2 pluto[32759]: adding interface ppp0/ppp0 80.153.47.40:4500
    2016:05:23-15:04:12 vpn-2 pluto[32759]: forgetting secrets
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loading secrets from "/etc/ipsec.secrets"
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loaded PSK secret for 80.147.189.220 213.33.54.4
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loaded PSK secret for 80.153.47.40 193.159.189.99
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loaded PSK secret for 80.147.189.220 82.194.122.60
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loaded PSK secret for 80.147.189.220 91.67.35.176
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loaded PSK secret for 80.153.47.40 rtrec01.wiesbaden.c-ernst.de
    2016:05:23-15:04:12 vpn-2 pluto[32759]: HA System: not master, won't listen for IKE messages
    2016:05:23-15:04:12 vpn-2 pluto[32759]: forgetting secrets
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loading secrets from "/etc/ipsec.secrets"
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loaded PSK secret for 80.147.189.220 213.33.54.4
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loaded PSK secret for 80.153.47.40 193.159.189.99
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loaded PSK secret for 80.147.189.220 82.194.122.60
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loaded PSK secret for 80.147.189.220 91.67.35.176
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loaded PSK secret for 80.153.47.40 rtrec01.wiesbaden.c-ernst.de
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loading ca certificates from '/etc/ipsec.d/cacerts'
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loading aa certificates from '/etc/ipsec.d/aacerts'
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loading attribute certificates from '/etc/ipsec.d/acerts'
    2016:05:23-15:04:12 vpn-2 pluto[32759]: Changing to directory '/etc/ipsec.d/crls'
    2016:05:23-15:04:12 vpn-2 ipsec_starter[28193]: no default route - cannot cope with %defaultroute!!!
    2016:05:23-15:04:12 vpn-2 pluto[32759]: added connection description "S_VPN_2_EC"
    2016:05:23-15:04:12 vpn-2 pluto[32759]: added connection description "S_VPN_2_EC"
    2016:05:23-15:04:12 vpn-2 pluto[32759]: added connection description "S_VPN_2_EC"
    2016:05:23-15:04:12 vpn-2 pluto[32759]: added connection description "S_VPN_2_EC"
    2016:05:23-15:04:12 vpn-2 pluto[32759]: added connection description "S_VPN_2_UHAB"

    only way to get them up again:

    shut down ALL IPSEC-Tunnels and get them on again (also the ones not on the reconnecting interface) or to turn some debug on and off (which results in an ipsec restart i think...

    hope that helps you to find the error...

    greets

    zaphod
    ___________________________________________

    Home: Zotac CI321 (8GB RAM / 120GB SSD)  with latest Sophos UTM
    Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...

Reply
  • Here are some logs from my life production system:


    i have pressed "reconnect" on a dsl line (DSL16K_1). got 2 IPSEC Tunnels on this interface (S_VPN_EC and S_VPN_UHAB). both going down and will not come up again.

    2016:05:23-15:03:10 vpn-1 pluto[5152]: shutting down interface ppp0/ppp0 80.153.47.40
    2016:05:23-15:03:10 vpn-1 pluto[5152]: shutting down interface ppp0/ppp0 80.153.47.40
    2016:05:23-15:03:10 vpn-1 pluto[5152]: "S_VPN_2_UHAB" #22: deleting state (STATE_QUICK_I2)
    2016:05:23-15:03:10 vpn-1 pluto[5152]: ERROR: "S_VPN_2_UHAB" #22: sendto on ppp0 to 193.159.189.99:500 failed in delete notify. Errno 22: Invalid argument
    2016:05:23-15:03:10 vpn-2 pluto[32759]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="VPN_2_UHAB" address="80.153.47.40" local_net="10.2.128.0/23" remote_net="192.168.12.0/24"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="VPN_2_UHAB" address="80.153.47.40" local_net="10.2.128.0/23" remote_net="192.168.12.0/24"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: "S_VPN_2_UHAB" #2: deleting state (STATE_MAIN_I4)
    2016:05:23-15:03:10 vpn-1 pluto[5152]: ERROR: "S_VPN_2_UHAB" #2: sendto on ppp0 to 193.159.189.99:500 failed in delete notify. Errno 22: Invalid argument
    2016:05:23-15:03:10 vpn-1 pluto[5152]: updown: /sbin/ip -4 route del 192.168.12.0/24 dev ppp0 src 10.2.128.10 proto ipsec metric 0 failed with status 1:
    2016:05:23-15:03:10 vpn-1 pluto[5152]: updown: Cannot find device "ppp0"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: "S_VPN_2_EC" #30: deleting state (STATE_QUICK_I2)
    2016:05:23-15:03:10 vpn-1 pluto[5152]: ERROR: "S_VPN_2_EC" #30: sendto on ppp0 to 91.6.233.166:4500 failed in delete notify. Errno 22: Invalid argument
    2016:05:23-15:03:10 vpn-2 pluto[32759]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="VPN_2_EC" address="80.153.47.40" local_net="10.10.30.0/24" remote_net="192.168.0.0/24"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="VPN_2_EC" address="80.153.47.40" local_net="10.10.30.0/24" remote_net="192.168.0.0/24"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: updown: /sbin/ip -4 route del 192.168.0.0/24 dev ppp0 src 10.41.10.1 proto ipsec metric 0 failed with status 1:
    2016:05:23-15:03:10 vpn-1 pluto[5152]: updown: Cannot find device "ppp0"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: "S_VPN_2_EC" #31: deleting state (STATE_QUICK_I2)
    2016:05:23-15:03:10 vpn-1 pluto[5152]: ERROR: "S_VPN_2_EC" #31: sendto on ppp0 to 91.6.233.166:4500 failed in delete notify. Errno 22: Invalid argument
    2016:05:23-15:03:10 vpn-2 pluto[32759]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="VPN_2_EC" address="80.153.47.40" local_net="10.2.128.0/23" remote_net="192.168.0.0/24"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="VPN_2_EC" address="80.153.47.40" local_net="10.2.128.0/23" remote_net="192.168.0.0/24"
    2016:05:23-15:03:10 vpn-2 pluto[32759]: shutting down interface ppp0/ppp0 80.153.47.40
    2016:05:23-15:03:10 vpn-2 pluto[32759]: shutting down interface ppp0/ppp0 80.153.47.40
    2016:05:23-15:03:10 vpn-1 pluto[5152]: updown: /sbin/ip -4 route del 192.168.0.0/24 dev ppp0 src 10.41.10.1 proto ipsec metric 0 failed with status 1:
    2016:05:23-15:03:10 vpn-1 pluto[5152]: updown: Cannot find device "ppp0"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: "S_VPN_2_EC" #32: deleting state (STATE_QUICK_I2)
    2016:05:23-15:03:10 vpn-1 pluto[5152]: ERROR: "S_VPN_2_EC" #32: sendto on ppp0 to 91.6.233.166:4500 failed in delete notify. Errno 22: Invalid argument
    2016:05:23-15:03:10 vpn-2 pluto[32759]: updown: /sbin/ip -4 route del 192.168.12.0/24 dev ppp0 src 10.2.128.10 proto ipsec metric 0 failed with status 1:
    2016:05:23-15:03:10 vpn-2 pluto[32759]: updown: Cannot find device "ppp0"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="VPN_2_EC" address="80.153.47.40" local_net="10.35.0.0/16" remote_net="192.168.0.0/24"
    2016:05:23-15:03:10 vpn-2 pluto[32759]: updown: /sbin/ip -4 route del 192.168.0.0/24 dev ppp0 src 10.41.10.1 proto ipsec metric 0 failed with status 1:
    2016:05:23-15:03:10 vpn-2 pluto[32759]: updown: Cannot find device "ppp0"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: updown: /sbin/ip -4 route del 192.168.0.0/24 dev ppp0 src 10.41.10.1 proto ipsec metric 0 failed with status 1:
    2016:05:23-15:03:10 vpn-1 pluto[5152]: updown: Cannot find device "ppp0"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: "S_VPN_2_EC" #33: deleting state (STATE_QUICK_I2)
    2016:05:23-15:03:10 vpn-1 pluto[5152]: ERROR: "S_VPN_2_EC" #33: sendto on ppp0 to 91.6.233.166:4500 failed in delete notify. Errno 22: Invalid argument
    2016:05:23-15:03:10 vpn-2 pluto[32759]: updown: /sbin/ip -4 route del 192.168.0.0/24 dev ppp0 src 10.41.10.1 proto ipsec metric 0 failed with status 1:
    2016:05:23-15:03:10 vpn-2 pluto[32759]: updown: Cannot find device "ppp0"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="VPN_2_EC" address="80.153.47.40" local_net="10.41.10.0/24" remote_net="192.168.0.0/24"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: "S_VPN_2_EC" #1: deleting state (STATE_MAIN_I4)
    2016:05:23-15:03:10 vpn-1 pluto[5152]: ERROR: "S_VPN_2_EC" #1: sendto on ppp0 to 91.6.233.166:4500 failed in delete notify. Errno 22: Invalid argument
    2016:05:23-15:03:10 vpn-2 pluto[32759]: "S_VPN_2_EC" #32: deleting state (STATE_QUICK_I2)
    2016:05:23-15:03:10 vpn-2 pluto[32759]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="VPN_2_EC" address="80.153.47.40" local_net="10.35.0.0/16" remote_net="192.168.0.0/24"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: updown: /sbin/ip -4 route del 192.168.0.0/24 dev ppp0 src 10.41.10.1 proto ipsec metric 0 failed with status 1:
    2016:05:23-15:03:10 vpn-1 pluto[5152]: updown: Cannot find device "ppp0"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: forgetting secrets
    2016:05:23-15:03:10 vpn-1 pluto[5152]: loading secrets from "/etc/ipsec.secrets"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: loaded PSK secret for 80.147.189.220 213.33.54.4
    2016:05:23-15:03:10 vpn-1 pluto[5152]: loaded PSK secret for 80.147.189.220 82.194.122.60
    2016:05:23-15:03:10 vpn-1 pluto[5152]: loaded PSK secret for 80.147.189.220 91.67.35.176
    2016:05:23-15:03:10 vpn-1 pluto[5152]: listening for IKE messages
    2016:05:23-15:03:10 vpn-1 pluto[5152]: forgetting secrets
    2016:05:23-15:03:10 vpn-1 pluto[5152]: loading secrets from "/etc/ipsec.secrets"
    2016:05:23-15:03:10 vpn-1 pluto[5152]: loaded PSK secret for 80.147.189.220 213.33.54.4
    2016:05:23-15:03:10 vpn-1 pluto[5152]: loaded PSK secret for 80.147.189.220 82.194.122.60
    2016:05:23-15:03:10 vpn-1 pluto[5152]: loaded PSK secret for 80.147.189.220 91.67.35.176
    2016:05:23-15:03:10 vpn-1 pluto[5152]: loading ca certificates from '/etc/ipsec.d/cacerts'
    2016:05:23-15:03:10 vpn-1 pluto[5152]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
    2016:05:23-15:03:10 vpn-1 pluto[5152]: loading aa certificates from '/etc/ipsec.d/aacerts'
    2016:05:23-15:03:10 vpn-1 pluto[5152]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
    2016:05:23-15:03:10 vpn-1 pluto[5152]: loading attribute certificates from '/etc/ipsec.d/acerts'
    2016:05:23-15:03:10 vpn-1 pluto[5152]: Changing to directory '/etc/ipsec.d/crls'
    2016:05:23-15:03:10 vpn-2 pluto[32759]: updown: /sbin/ip -4 route del 192.168.0.0/24 dev ppp0 src 10.41.10.1 proto ipsec metric 0 failed with status 1:
    2016:05:23-15:03:10 vpn-2 pluto[32759]: updown: Cannot find device "ppp0"
    2016:05:23-15:03:10 vpn-2 pluto[32759]: "S_VPN_2_EC" #33: deleting state (STATE_QUICK_I2)
    2016:05:23-15:03:10 vpn-1 ipsec_starter[13631]: no default route - cannot cope with %defaultroute!!!
    2016:05:23-15:03:10 vpn-1 pluto[5152]: "S_VPN_2_EC": deleting connection
    2016:05:23-15:03:10 vpn-1 pluto[5152]: "S_VPN_2_EC": deleting connection
    2016:05:23-15:03:10 vpn-1 pluto[5152]: "S_VPN_2_EC": deleting connection
    2016:05:23-15:03:10 vpn-1 pluto[5152]: "S_VPN_2_EC": deleting connection
    2016:05:23-15:03:10 vpn-1 pluto[5152]: "S_VPN_2_UHAB": deleting connection
    2016:05:23-15:03:10 vpn-2 pluto[32759]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="VPN_2_EC" address="80.153.47.40" local_net="10.41.10.0/24" remote_net="192.168.0.0/24"
    2016:05:23-15:03:10 vpn-2 pluto[32759]: "S_VPN_2_EC" #1: deleting state (STATE_MAIN_I4)
    2016:05:23-15:03:10 vpn-2 pluto[32759]: updown: /sbin/ip -4 route del 192.168.0.0/24 dev ppp0 src 10.41.10.1 proto ipsec metric 0 failed with status 1:
    2016:05:23-15:03:10 vpn-2 pluto[32759]: updown: Cannot find device "ppp0"
    2016:05:23-15:03:10 vpn-2 pluto[32759]: forgetting secrets
    2016:05:23-15:03:10 vpn-2 pluto[32759]: loading secrets from "/etc/ipsec.secrets"
    2016:05:23-15:03:10 vpn-2 pluto[32759]: loaded PSK secret for 80.147.189.220 213.33.54.4
    2016:05:23-15:03:10 vpn-2 pluto[32759]: loaded PSK secret for 80.147.189.220 82.194.122.60
    2016:05:23-15:03:10 vpn-2 pluto[32759]: loaded PSK secret for 80.147.189.220 91.67.35.176
    2016:05:23-15:03:10 vpn-2 pluto[32759]: HA System: not master, won't listen for IKE messages
    2016:05:23-15:03:10 vpn-2 pluto[32759]: forgetting secrets
    2016:05:23-15:03:10 vpn-2 pluto[32759]: loading secrets from "/etc/ipsec.secrets"
    2016:05:23-15:03:10 vpn-2 pluto[32759]: loaded PSK secret for 80.147.189.220 213.33.54.4
    2016:05:23-15:03:10 vpn-2 pluto[32759]: loaded PSK secret for 80.147.189.220 82.194.122.60
    2016:05:23-15:03:10 vpn-2 pluto[32759]: loaded PSK secret for 80.147.189.220 91.67.35.176
    2016:05:23-15:03:10 vpn-2 pluto[32759]: loading ca certificates from '/etc/ipsec.d/cacerts'
    2016:05:23-15:03:10 vpn-2 pluto[32759]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
    2016:05:23-15:03:10 vpn-2 pluto[32759]: loading aa certificates from '/etc/ipsec.d/aacerts'
    2016:05:23-15:03:10 vpn-2 pluto[32759]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
    2016:05:23-15:03:10 vpn-2 pluto[32759]: loading attribute certificates from '/etc/ipsec.d/acerts'
    2016:05:23-15:03:10 vpn-2 pluto[32759]: Changing to directory '/etc/ipsec.d/crls'
    2016:05:23-15:03:10 vpn-2 ipsec_starter[28193]: no default route - cannot cope with %defaultroute!!!
    2016:05:23-15:03:10 vpn-2 pluto[32759]: "S_VPN_2_EC": deleting connection
    2016:05:23-15:03:10 vpn-2 pluto[32759]: "S_VPN_2_EC": deleting connection
    2016:05:23-15:03:10 vpn-2 pluto[32759]: "S_VPN_2_EC": deleting connection
    2016:05:23-15:03:10 vpn-2 pluto[32759]: "S_VPN_2_EC": deleting connection
    2016:05:23-15:03:10 vpn-2 pluto[32759]: "S_VPN_2_UHAB": deleting connection
    2016:05:23-15:04:12 vpn-1 pluto[5152]: adding interface ppp0/ppp0 80.153.47.40:500
    2016:05:23-15:04:12 vpn-1 pluto[5152]: adding interface ppp0/ppp0 80.153.47.40:4500
    2016:05:23-15:04:12 vpn-1 pluto[5152]: forgetting secrets
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loading secrets from "/etc/ipsec.secrets"
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loaded PSK secret for 80.147.189.220 213.33.54.4
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loaded PSK secret for 80.153.47.40 193.159.189.99
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loaded PSK secret for 80.147.189.220 82.194.122.60
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loaded PSK secret for 80.147.189.220 91.67.35.176
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loaded PSK secret for 80.153.47.40 rtrec01.wiesbaden.c-ernst.de
    2016:05:23-15:04:12 vpn-1 pluto[5152]: listening for IKE messages
    2016:05:23-15:04:12 vpn-1 pluto[5152]: forgetting secrets
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loading secrets from "/etc/ipsec.secrets"
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loaded PSK secret for 80.147.189.220 213.33.54.4
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loaded PSK secret for 80.153.47.40 193.159.189.99
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loaded PSK secret for 80.147.189.220 82.194.122.60
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loaded PSK secret for 80.147.189.220 91.67.35.176
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loaded PSK secret for 80.153.47.40 rtrec01.wiesbaden.c-ernst.de
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loading ca certificates from '/etc/ipsec.d/cacerts'
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loading aa certificates from '/etc/ipsec.d/aacerts'
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
    2016:05:23-15:04:12 vpn-1 pluto[5152]: loading attribute certificates from '/etc/ipsec.d/acerts'
    2016:05:23-15:04:12 vpn-1 pluto[5152]: Changing to directory '/etc/ipsec.d/crls'
    2016:05:23-15:04:12 vpn-1 ipsec_starter[13631]: no default route - cannot cope with %defaultroute!!!
    2016:05:23-15:04:12 vpn-1 pluto[5152]: added connection description "S_VPN_2_EC"
    2016:05:23-15:04:12 vpn-1 pluto[5152]: "S_VPN_2_EC" #36: initiating Main Mode
    2016:05:23-15:04:12 vpn-1 pluto[5152]: ERROR: "S_VPN_2_EC" #36: sendto on ppp0 to 91.6.233.166:500 failed in main_outI1. Errno 1: Operation not permitted
    2016:05:23-15:04:12 vpn-1 pluto[5152]: added connection description "S_VPN_2_EC"
    2016:05:23-15:04:12 vpn-1 pluto[5152]: added connection description "S_VPN_2_EC"
    2016:05:23-15:04:12 vpn-1 pluto[5152]: added connection description "S_VPN_2_EC"
    2016:05:23-15:04:12 vpn-1 pluto[5152]: added connection description "S_VPN_2_UHAB"
    2016:05:23-15:04:12 vpn-1 pluto[5152]: "S_VPN_2_UHAB" #37: initiating Main Mode
    2016:05:23-15:04:12 vpn-2 pluto[32759]: adding interface ppp0/ppp0 80.153.47.40:500
    2016:05:23-15:04:12 vpn-2 pluto[32759]: adding interface ppp0/ppp0 80.153.47.40:4500
    2016:05:23-15:04:12 vpn-2 pluto[32759]: forgetting secrets
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loading secrets from "/etc/ipsec.secrets"
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loaded PSK secret for 80.147.189.220 213.33.54.4
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loaded PSK secret for 80.153.47.40 193.159.189.99
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loaded PSK secret for 80.147.189.220 82.194.122.60
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loaded PSK secret for 80.147.189.220 91.67.35.176
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loaded PSK secret for 80.153.47.40 rtrec01.wiesbaden.c-ernst.de
    2016:05:23-15:04:12 vpn-2 pluto[32759]: HA System: not master, won't listen for IKE messages
    2016:05:23-15:04:12 vpn-2 pluto[32759]: forgetting secrets
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loading secrets from "/etc/ipsec.secrets"
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loaded PSK secret for 80.147.189.220 213.33.54.4
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loaded PSK secret for 80.153.47.40 193.159.189.99
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loaded PSK secret for 80.147.189.220 82.194.122.60
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loaded PSK secret for 80.147.189.220 91.67.35.176
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loaded PSK secret for 80.153.47.40 rtrec01.wiesbaden.c-ernst.de
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loading ca certificates from '/etc/ipsec.d/cacerts'
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loading aa certificates from '/etc/ipsec.d/aacerts'
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
    2016:05:23-15:04:12 vpn-2 pluto[32759]: loading attribute certificates from '/etc/ipsec.d/acerts'
    2016:05:23-15:04:12 vpn-2 pluto[32759]: Changing to directory '/etc/ipsec.d/crls'
    2016:05:23-15:04:12 vpn-2 ipsec_starter[28193]: no default route - cannot cope with %defaultroute!!!
    2016:05:23-15:04:12 vpn-2 pluto[32759]: added connection description "S_VPN_2_EC"
    2016:05:23-15:04:12 vpn-2 pluto[32759]: added connection description "S_VPN_2_EC"
    2016:05:23-15:04:12 vpn-2 pluto[32759]: added connection description "S_VPN_2_EC"
    2016:05:23-15:04:12 vpn-2 pluto[32759]: added connection description "S_VPN_2_EC"
    2016:05:23-15:04:12 vpn-2 pluto[32759]: added connection description "S_VPN_2_UHAB"

    only way to get them up again:

    shut down ALL IPSEC-Tunnels and get them on again (also the ones not on the reconnecting interface) or to turn some debug on and off (which results in an ipsec restart i think...

    hope that helps you to find the error...

    greets

    zaphod
    ___________________________________________

    Home: Zotac CI321 (8GB RAM / 120GB SSD)  with latest Sophos UTM
    Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...

Children
No Data