[Swan] V3.7 MacOS client problem
Sven Schiwek
ml-libreswan at svenux.de
Tue Dec 17 22:42:22 EET 2013
Hi,
I have a problem with the recent version of Mac OS and libreswan 2.7 (Kernel 3.11).
After some time (approx. 2h) the VPN gets lost. Does anyone know what happened here?
Snippet of ipsec config
----8<----
conn XL2TP
leftprotoport=17/1701
rightprotoport=17/%any
right=%any
rightsubnet=vhost:%priv,%no
ike=aes256-md5-modp1536,aes256-md5-modp1024
rekey=no
forceencaps=yes
dpdaction=clear
auto=add
dpddelay=30
dpdtimeout=120
---->8----
Syslog message
----8<----
Dec 17 14:22:56 pm-kvm01 pluto[4133]: "XL2TP"[19] 199.4.21.2 #66: the peer proposed: 50.30.32.51/32:17/1701 -> 10.193.252.69/32:17/57729
Dec 17 14:22:56 pm-kvm01 pluto[4133]: "XL2TP"[19] 199.4.21.2 #66: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Dec 17 14:22:56 pm-kvm01 pluto[4133]: "XL2TP"[19] 199.4.21.2 #68: responding to Quick Mode proposal {msgid:241945ee}
Dec 17 14:22:56 pm-kvm01 pluto[4133]: "XL2TP"[19] 199.4.21.2 #68: us: 50.30.32.51<%eth1>:17/1701
Dec 17 14:22:56 pm-kvm01 pluto[4133]: "XL2TP"[19] 199.4.21.2 #68: them: 199.4.21.2[10.193.252.69]:17/57729===10.193.252.69/32
Dec 17 14:22:56 pm-kvm01 pluto[4133]: "XL2TP"[19] 199.4.21.2 #68: keeping refhim=63 during rekey
Dec 17 14:22:56 pm-kvm01 pluto[4133]: "XL2TP"[19] 199.4.21.2 #68: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Dec 17 14:22:56 pm-kvm01 pluto[4133]: "XL2TP"[19] 199.4.21.2 #68: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Dec 17 14:22:56 pm-kvm01 pluto[4133]: "XL2TP"[19] 199.4.21.2 #66: ISAKMP SA expired (--dontrekey)
Dec 17 14:22:56 pm-kvm01 pluto[4133]: "XL2TP"[19] 199.4.21.2 #68: could not find phase 1 state for DPD
Dec 17 14:22:56 pm-kvm01 pluto[4133]: | 02 04 00 03 0b 00 00 00 e4 00 00 00 25 10 00 00
Dec 17 14:22:56 pm-kvm01 pluto[4133]: | 03 00 01 00 3d 9b 0a ad 00 01 00 00 00 00 00 00
Dec 17 14:22:56 pm-kvm01 pluto[4133]: | 00 00 00 00 00 00 00 00 03 00 05 00 00 00 00 00
Dec 17 14:22:56 pm-kvm01 pluto[4133]: | 02 00 e1 81 c7 04 15 02 00 00 00 00 00 00 00 00
Dec 17 14:22:56 pm-kvm01 pluto[4133]: | 03 00 06 00 00 00 00 00 02 00 06 a5 32 1e 20 33
Dec 17 14:22:56 pm-kvm01 pluto[4133]: | 00 00 00 00 00 00 00 00
Dec 17 14:23:04 pm-kvm01 pluto[4133]: "XL2TP"[19] 199.4.21.2 #67: DPD: could not find newest phase 1 state
---->8----
Thank you in advance
Sven
More information about the Swan
mailing list