[Swan] V3.7 MacOS client problem

Sven Schiwek ml-libreswan at svenux.de
Tue Dec 17 22:42:22 EET 2013


Hi,

I have a problem with the recent version of Mac OS and libreswan 2.7 (Kernel 3.11).
After some time (approx. 2h) the VPN gets lost. Does anyone know what happened here?

Snippet  of ipsec config
----8<----
conn XL2TP
      leftprotoport=17/1701
      rightprotoport=17/%any
      right=%any
      rightsubnet=vhost:%priv,%no
      ike=aes256-md5-modp1536,aes256-md5-modp1024
      rekey=no
      forceencaps=yes
      dpdaction=clear
      auto=add
      dpddelay=30
      dpdtimeout=120
---->8----

Syslog message
----8<----
Dec 17 14:22:56 pm-kvm01 pluto[4133]: "XL2TP"[19] 199.4.21.2 #66: the peer proposed: 50.30.32.51/32:17/1701 -> 10.193.252.69/32:17/57729
Dec 17 14:22:56 pm-kvm01 pluto[4133]: "XL2TP"[19] 199.4.21.2 #66: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
Dec 17 14:22:56 pm-kvm01 pluto[4133]: "XL2TP"[19] 199.4.21.2 #68: responding to Quick Mode proposal {msgid:241945ee}
Dec 17 14:22:56 pm-kvm01 pluto[4133]: "XL2TP"[19] 199.4.21.2 #68:     us: 50.30.32.51<%eth1>:17/1701
Dec 17 14:22:56 pm-kvm01 pluto[4133]: "XL2TP"[19] 199.4.21.2 #68:   them: 199.4.21.2[10.193.252.69]:17/57729===10.193.252.69/32
Dec 17 14:22:56 pm-kvm01 pluto[4133]: "XL2TP"[19] 199.4.21.2 #68: keeping refhim=63 during rekey
Dec 17 14:22:56 pm-kvm01 pluto[4133]: "XL2TP"[19] 199.4.21.2 #68: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Dec 17 14:22:56 pm-kvm01 pluto[4133]: "XL2TP"[19] 199.4.21.2 #68: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Dec 17 14:22:56 pm-kvm01 pluto[4133]: "XL2TP"[19] 199.4.21.2 #66: ISAKMP SA expired (--dontrekey)
Dec 17 14:22:56 pm-kvm01 pluto[4133]: "XL2TP"[19] 199.4.21.2 #68: could not find phase 1 state for DPD
Dec 17 14:22:56 pm-kvm01 pluto[4133]: |   02 04 00 03  0b 00 00 00  e4 00 00 00  25 10 00 00
Dec 17 14:22:56 pm-kvm01 pluto[4133]: |   03 00 01 00  3d 9b 0a ad  00 01 00 00  00 00 00 00
Dec 17 14:22:56 pm-kvm01 pluto[4133]: |   00 00 00 00  00 00 00 00  03 00 05 00  00 00 00 00
Dec 17 14:22:56 pm-kvm01 pluto[4133]: |   02 00 e1 81  c7 04 15 02  00 00 00 00  00 00 00 00
Dec 17 14:22:56 pm-kvm01 pluto[4133]: |   03 00 06 00  00 00 00 00  02 00 06 a5  32 1e 20 33
Dec 17 14:22:56 pm-kvm01 pluto[4133]: |   00 00 00 00  00 00 00 00
Dec 17 14:23:04 pm-kvm01 pluto[4133]: "XL2TP"[19] 199.4.21.2 #67: DPD: could not find newest phase 1 state
---->8----

Thank you in advance
Sven


More information about the Swan mailing list