Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 39 replies
  • Subscribers 8 subscribers
  • Views 64463 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec VPN keeps down after DSL lines reconnects...

zaphod

i run several ipsec tunnel for years without any problems... all runs fine with 9.355-1


since the update to 9.402-7 all ipsec tunnels are down every morning.


i checked the ipsec-logs and found out that after my dsl-lines reconnect the tunnels will not come up again.

i have to turn them off and on and then all works....


anyone can help?



This thread was automatically locked due to age.
Parents
  • 0

    Same Problem here with two UTMs and two VDSL lines, one might be an ADSL.

    Are you guys using a Zyxel router as your VDSL Modem? A customer mentioned an forum post were this was an issue with the modem firmware and the new utm update. I couldnt update the Zyxel Modem yet to test.

    I changed the s2s tunnel from PSK to Cert, that didn't help either, the customer said the only way to bring the tunnel up is to reboot the UTM in HQ were the VDSL line is.

    Both sides are working through an dyndns account and do not have static IPs as far as I know

    The logs are kinda quiet, not a lot going on in my opinion?!

    HQ:

    2016:05:26-22:11:16 vpn pluto[6362]: forgetting secrets
    2016:05:26-22:11:16 vpn pluto[6362]: loading secrets from "/etc/ipsec.secrets"
    2016:05:26-22:11:16 vpn pluto[6362]: loaded private key from 'Local X509 Cert.pem'
    2016:05:26-22:11:16 vpn pluto[6362]: listening for IKE messages
    2016:05:26-22:11:16 vpn pluto[6362]: forgetting secrets
    2016:05:26-22:11:16 vpn pluto[6362]: loading secrets from "/etc/ipsec.secrets"
    2016:05:26-22:11:16 vpn pluto[6362]: loaded private key from 'Local X509 Cert.pem'
    2016:05:26-22:11:16 vpn pluto[6362]: loading ca certificates from '/etc/ipsec.d/cacerts'
    2016:05:26-22:11:16 vpn pluto[6362]: loaded ca certificate from '/etc/ipsec.d/cacerts/vpn-badsaulgau-ebersbach Verification CA 1.pem'
    2016:05:26-22:11:16 vpn pluto[6362]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
    2016:05:26-22:11:16 vpn pluto[6362]: loaded ca certificate from '/etc/ipsec.d/cacerts/owa.alu-line-de Verification CA 1.pem'
    2016:05:26-22:11:16 vpn pluto[6362]: loaded ca certificate from '/etc/ipsec.d/cacerts/owa.alu-line-de Verification CA 2.pem'
    2016:05:26-22:11:16 vpn pluto[6362]: loading aa certificates from '/etc/ipsec.d/aacerts'
    2016:05:26-22:11:16 vpn pluto[6362]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
    2016:05:26-22:11:16 vpn pluto[6362]: loading attribute certificates from '/etc/ipsec.d/acerts'
    2016:05:26-22:11:16 vpn pluto[6362]: Changing to directory '/etc/ipsec.d/crls'
    2016:05:26-22:11:16 vpn ipsec_starter[6343]: no default route - cannot cope with %defaultroute!!!
    2016:05:26-22:11:16 vpn pluto[6362]: "S_VPN_Ebersbach-VDSL": deleting connection
    2016:05:26-22:11:16 vpn pluto[6362]: "S_VPN_Ebersbach-VDSL" #233: deleting state (STATE_MAIN_I1)
    2016:05:26-22:11:16 vpn pluto[6362]: "S_VPN_Ebersbach-VDSL": deleting connection
    2016:05:26-22:11:16 vpn pluto[6362]: "S_VPN_Ebersbach-VDSL": deleting connection
    2016:05:26-22:12:48 vpn pluto[6362]: forgetting secrets
    2016:05:26-22:12:48 vpn pluto[6362]: loading secrets from "/etc/ipsec.secrets"
    2016:05:26-22:12:48 vpn pluto[6362]: loaded private key from 'Local X509 Cert.pem'
    2016:05:26-22:12:48 vpn pluto[6362]: listening for IKE messages
    2016:05:26-22:12:48 vpn pluto[6362]: forgetting secrets
    2016:05:26-22:12:48 vpn pluto[6362]: loading secrets from "/etc/ipsec.secrets"
    2016:05:26-22:12:48 vpn pluto[6362]: loaded private key from 'Local X509 Cert.pem'
    2016:05:26-22:12:48 vpn pluto[6362]: loading ca certificates from '/etc/ipsec.d/cacerts'
    2016:05:26-22:12:48 vpn pluto[6362]: loaded ca certificate from '/etc/ipsec.d/cacerts/vpn-badsaulgau-ebersbach Verification CA 1.pem'
    2016:05:26-22:12:48 vpn pluto[6362]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
    2016:05:26-22:12:48 vpn pluto[6362]: loaded ca certificate from '/etc/ipsec.d/cacerts/owa.alu-line-de Verification CA 1.pem'
    2016:05:26-22:12:48 vpn pluto[6362]: loaded ca certificate from '/etc/ipsec.d/cacerts/owa.alu-line-de Verification CA 2.pem'
    2016:05:26-22:12:48 vpn pluto[6362]: loading aa certificates from '/etc/ipsec.d/aacerts'
    2016:05:26-22:12:48 vpn pluto[6362]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
    2016:05:26-22:12:48 vpn pluto[6362]: loading attribute certificates from '/etc/ipsec.d/acerts'
    2016:05:26-22:12:48 vpn pluto[6362]: Changing to directory '/etc/ipsec.d/crls'
    2016:05:26-22:12:48 vpn ipsec_starter[6343]: no default route - cannot cope with %defaultroute!!!
    2016:05:26-22:12:48 vpn pluto[6362]: loaded host certificate from '/etc/ipsec.d/certs/Local X509 Cert.pem'
    2016:05:26-22:12:48 vpn pluto[6362]: loaded host certificate from '/etc/ipsec.d/certs/REF_IpsX509.pem'
    2016:05:26-22:12:48 vpn pluto[6362]: added connection description "S_VPN_Ebersbach-VDSL"
    2016:05:26-22:12:48 vpn pluto[6362]: "S_VPN_Ebersbach-VDSL" #234: initiating Main Mode
    2016:05:26-22:12:48 vpn pluto[6362]: loaded host certificate from '/etc/ipsec.d/certs/Local X509 Cert.pem'
    2016:05:26-22:12:48 vpn pluto[6362]: loaded host certificate from '/etc/ipsec.d/certs/REF_IpsX509.pem'
    2016:05:26-22:12:48 vpn pluto[6362]: added connection description "S_VPN_Ebersbach-VDSL"
    2016:05:26-22:12:48 vpn pluto[6362]: loaded host certificate from '/etc/ipsec.d/certs/Local X509 Cert.pem'
    2016:05:26-22:12:48 vpn pluto[6362]: loaded host certificate from '/etc/ipsec.d/certs/REF_IpsX509.pem'
    2016:05:26-22:12:48 vpn pluto[6362]: added connection description "S_VPN_Ebersbach-VDSL"
    2016:05:26-22:25:58 vpn pluto[6362]: "S_VPN_Ebersbach-VDSL" #234: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
    2016:05:26-22:25:58 vpn pluto[6362]: "S_VPN_Ebersbach-VDSL" #234: starting keying attempt 2 of an unlimited number
    2016:05:26-22:25:58 vpn pluto[6362]: "S_VPN_Ebersbach-VDSL" #235: initiating Main Mode to replace #234

    ------------------------------------------------------------------------------------

    Remote site:

    2016:05:26-22:28:28 gw2 pluto[1723]: packet from 93.222.132.44:500: received Vendor ID payload [strongSwan]
    2016:05:26-22:28:28 gw2 pluto[1723]: packet from 93.222.132.44:500: ignoring Vendor ID payload [Cisco-Unity]
    2016:05:26-22:28:28 gw2 pluto[1723]: packet from 93.222.132.44:500: received Vendor ID payload [XAUTH]
    2016:05:26-22:28:28 gw2 pluto[1723]: packet from 93.222.132.44:500: received Vendor ID payload [Dead Peer Detection]
    2016:05:26-22:28:28 gw2 pluto[1723]: packet from 93.222.132.44:500: received Vendor ID payload [RFC 3947]
    2016:05:26-22:28:28 gw2 pluto[1723]: packet from 93.222.132.44:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
    2016:05:26-22:28:28 gw2 pluto[1723]: packet from 93.222.132.44:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
    2016:05:26-22:28:28 gw2 pluto[1723]: packet from 93.222.132.44:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
    2016:05:26-22:28:28 gw2 pluto[1723]: packet from 93.222.132.44:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
    2016:05:26-22:28:28 gw2 pluto[1723]: "S_VPN_BadSaulgau" #29: responding to Main Mode
  • 0 in reply to all4it

    Are you guys use multipathing? I can only bring the tunnel back up when I reboot the UTM in HQ, that UTM has two Uplinks, one ADSL and one VDSL, the VDSL is used for the ipsec and has an dynamic IP (Telekom DSL)

    psec_starter[13631]: no default route - cannot cope with %defaultroute!!!

    https://community.sophos.com/products/unified-threat-management/f/58/p/77077/297383#297383

Reply Children
No Data
Unfiltered HTML