Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Subscribers 29 subscribers
  • Views 6951 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC VPN

F1soft System

Hello All,

VPN get down by itself time to time, XG85 (SFOS 17.0.9 MR-9).. VPN connection between Sophos XG85 and Fortigate 100D ..please suggest me some solution.



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to fbadm

    our IPSec VPN is from sophos (192.168.226.179) to fortigate ( 192.168.226.1) and we have use IPSec IKEv1.

    if you are looking for a log of our vpn during automatic down when we are visible of down at morning are at attachment file

    1. ipsec_DC.log

    2018-10-30 09:36:11 - swanctl --initiate --timeout 15 --child DC-1
    initiate failed: CHILD_SA 'DC-1' not established after 15000ms
    [ENC] generating QUICK_MODE request 2229622054 [ HASH SA No KE ID ID ]
    [NET] sending packet: from 192.168.226.179[500] to 192.168.226.1[500] (396 bytes)
    [IKE] sending retransmit 1 of request message ID 2229622054, seq 4836
    [NET] sending packet: from 192.168.226.179[500] to 192.168.226.1[500] (396 bytes)
    [NET] received packet: from 192.168.226.1[500] to 192.168.226.179[500] (108 bytes)
    [ENC] parsed INFORMATIONAL_V1 request 3618567876 [ HASH N(DPD) ]
    [NET] received packet: from 192.168.226.1[500] to 192.168.226.179[500] (108 bytes)
    [ENC] parsed INFORMATIONAL_V1 request 3240572035 [ HASH N(DPD) ]
    [IKE] sending retransmit 2 of request message ID 2229622054, seq 4836
    [NET] sending packet: from 192.168.226.179[500] to 192.168.226.1[500] (396 bytes)
    [NET] received packet: from 192.168.226.1[500] to 192.168.226.179[500] (108 bytes)
    [ENC] parsed INFORMATIONAL_V1 request 1716790976 [ HASH N(DPD) ]
    kill -9 32371 > /dev/null 2>&1
    2018-10-30 09:36:26 - initiate timeout for DC-1
    2018-10-30 09:36:26 - Operation fails status: 255
    2018-10-30 09:37:43 - swanctl --initiate --timeout 15 --child DC-1
    initiate failed: establishing CHILD_SA 'DC-1' failed
    [NET] received packet: from 192.168.226.1[500] to 192.168.226.179[500] (380 bytes)
    [ENC] invalid HASH_V1 payload length, decryption failed?
    [ENC] could not decrypt payloads
    [IKE] message parsing failed
    [ENC] generating INFORMATIONAL_V1 request 74883465 [ HASH N(PLD_MAL) ]
    [NET] sending packet: from 192.168.226.179[500] to 192.168.226.1[500] (92 bytes)
    [IKE] QUICK_MODE request with message ID 1310762094 processing failed
    [DMN] [GARNER-LOGGING] (child_alert) ALERT: parsing IKE message from 192.168.226.1[500] failed
    [NET] received packet: from 192.168.226.1[500] to 192.168.226.179[500] (108 bytes)
    [ENC] parsed INFORMATIONAL_V1 request 463114116 [ HASH N(DPD) ]
    [NET] received packet: from 192.168.226.1[500] to 192.168.226.179[500] (108 bytes)
    [ENC] parsed INFORMATIONAL_V1 request 1507186884 [ HASH D ]
    [IKE] received DELETE for IKE_SA DC-1[682]
    [IKE] deleting IKE_SA DC-1[682] between 192.168.226.179[192.168.226.179]...192.168.226.1[192.168.226.1]
    kill -9 440 > /dev/null 2>&1
    2018-10-30 09:37:51 - Operation fails status: 1
    2018-10-31 15:43:45 - swanctl --initiate --timeout 15 --child DC-1
    initiate failed: CHILD_SA 'DC-1' not established after 15000ms
    [ENC] generating QUICK_MODE request 2431110743 [ HASH SA No KE ID ID ]
    [NET] sending packet: from 192.168.226.179[500] to 192.168.226.1[500] (396 bytes)
    [NET] received packet: from 192.168.226.1[500] to 192.168.226.179[500] (108 bytes)
    [ENC] parsed INFORMATIONAL_V1 request 897358792 [ HASH N(DPD) ]
    [IKE] sending retransmit 1 of request message ID 2431110743, seq 677
    [NET] sending packet: from 192.168.226.179[500] to 192.168.226.1[500] (396 bytes)
    [NET] received packet: from 192.168.226.1[500] to 192.168.226.179[500] (108 bytes)
    [ENC] parsed INFORMATIONAL_V1 request 76166858 [ HASH N(DPD) ]
    [IKE] sending retransmit 2 of request message ID 2431110743, seq 677
    [NET] sending packet: from 192.168.226.179[500] to 192.168.226.1[500] (396 bytes)
    [NET] received packet: from 192.168.226.1[500] to 192.168.226.179[500] (108 bytes)
    [ENC] parsed INFORMATIONAL_V1 request 213784476 [ HASH N(DPD) ]
    kill -9 26153 > /dev/null 2>&1
    2018-10-31 15:44:01 - initiate timeout for DC-1
    2018-10-31 15:44:01 - Operation fails status: 255

     

    2.strongswan.log

    [ HASH N(DPD_ACK)
     2018-10-31 21:34:59 21[NET] <DC-1|1711> received packet: from 192.168.226.1[500] to 192.168.226.179[500] (108 bytes)
    2018-10-31 21:34:59 21[ENC] <DC-1|1711> parsed INFORMATIONAL_V1 request 2403996211 [ HASH N(DPD) ]
    2018-10-31 21:34:59 21[ENC] <DC-1|1711> generating INFORMATIONAL_V1 request 508698803 [ HASH N(DPD_ACK) ]
    2018-10-31 21:34:59 21[NET] <DC-1|1711> sending packet: from 192.168.226.179[500] to 192.168.226.1[500] (108 bytes)
    2018-10-31 21:35:04 32[NET] <DC-1|1711> received packet: from 192.168.226.1[500] to 192.168.226.179[500] (108 bytes)
    2018-10-31 21:35:04 32[ENC] <DC-1|1711> parsed INFORMATIONAL_V1 request 849834768 [ HASH N(DPD) ]
    2018-10-31 21:35:04 32[ENC] <DC-1|1711> generating INFORMATIONAL_V1 request 271583907 [ HASH N(DPD_ACK) ]
    2018-10-31 21:35:04 32[NET] <DC-1|1711> sending packet: from 192.168.226.179[500] to 192.168.226.1[500] (108 bytes)
    2018-10-31 21:35:09 07[NET] <DC-1|1711> received packet: from 192.168.226.1[500] to 192.168.226.179[500] (108 bytes)
    2018-10-31 21:35:09 07[ENC] <DC-1|1711> parsed INFORMATIONAL_V1 request 2854016584 [ HASH N(DPD) ]
    2018-10-31 21:35:09 07[ENC] <DC-1|1711> generating INFORMATIONAL_V1 request 517107434 [ HASH N(DPD_ACK) ]
    2018-10-31 21:35:09 07[NET] <DC-1|1711> sending packet: from 192.168.226.179[500] to 192.168.226.1[500] (108 bytes)
    2018-10-31 21:35:14 15[NET] <DC-1|1711> received packet: from 192.168.226.1[500] to 192.168.226.179[500] (108 bytes)
    2018-10-31 21:35:14 15[ENC] <DC-1|1711> parsed INFORMATIONAL_V1 request 4088390690 [ HASH N(DPD) ]
    2018-10-31 21:35:14 15[ENC] <DC-1|1711> generating INFORMATIONAL_V1 request 905385072 [ HASH N(DPD_ACK) ]
    2018-10-31 21:35:14 15[NET] <DC-1|1711> sending packet: from 192.168.226.179[500] to 192.168.226.1[500] (108 bytes)
    2018-10-31 21:35:19 30[NET] <DC-1|1711> received packet: from 192.168.226.1[500] to 192.168.226.179[500] (108 bytes)
    2018-10-31 21:35:19 30[ENC] <DC-1|1711> parsed INFORMATIONAL_V1 request 142270608 [ HASH N(DPD) ]
    2018-10-31 21:35:19 30[ENC] <DC-1|1711> generating INFORMATIONAL_V1 request 1195665011 [ HASH N(DPD_ACK) ]
    2018-10-31 21:35:19 30[NET] <DC-1|1711> sending packet: from 192.168.226.179[500] to 192.168.226.1[500] (108 bytes)
    2018-10-31 21:35:24 09[NET] <DC-1|1711> received packet: from 192.168.226.1[500] to 192.168.226.179[500] (108 bytes)
    2018-10-31 21:35:24 09[ENC] <DC-1|1711> parsed INFORMATIONAL_V1 request 2547865032 [ HASH N(DPD) ]
    2018-10-31 21:35:24 09[ENC] <DC-1|1711> generating INFORMATIONAL_V1 request 4134348461 [ HASH N(DPD_ACK) ]
    2018-10-31 21:35:24 09[NET] <DC-1|1711> sending packet: from 192.168.226.179[500] to 192.168.226.1[500] (108 bytes)
    2018-10-31 21:35:29 28[NET] <DC-1|1711> received packet: from 192.168.226.1[500] to 192.168.226.179[500] (108 bytes)
    2018-10-31 21:35:29 28[ENC] <DC-1|1711> parsed INFORMATIONAL_V1 request 3752445444 [ HASH N(DPD) ]
    2018-10-31 21:35:29 28[ENC] <DC-1|1711> generating INFORMATIONAL_V1 request 1877984572 [ HASH N(DPD_ACK) ]
    2018-10-31 21:35:29 28[NET] <DC-1|1711> sending packet: from 192.168.226.179[500] to 192.168.226.1[500] (108 bytes)
    2018-10-31 21:35:34 05[NET] <DC-1|1711> received packet: from 192.168.226.1[500] to 192.168.226.179[500] (108 bytes)
    2018-10-31 21:35:34 05[ENC] <DC-1|1711> parsed INFORMATIONAL_V1 request 322305427 [ HASH N(DPD) ]
    2018-10-31 21:35:34 05[ENC] <DC-1|1711> generating INFORMATIONAL_V1 request 2307441699 [ HASH N(DPD_ACK) ]
    2018-10-31 21:35:34 05[NET] <DC-1|1711> sending packet: from 192.168.226.179[500] to 192.168.226.1[500] (108 bytes)
    2018-10-31 21:35:39 12[NET] <DC-1|1711> received packet: from 192.168.226.1[500] to 192.168.226.179[500] (108 bytes)
    2018-10-31 21:35:39 12[ENC] <DC-1|1711> parsed INFORMATIONAL_V1 request 316949986 [ HASH N(DPD) ]
    2018-10-31 21:35:39 12[ENC] <DC-1|1711> generating INFORMATIONAL_V1 request 454267559 [ HASH N(DPD_ACK) ]
    2018-10-31 21:35:39 12[NET] <DC-1|1711> sending packet: from 192.168.226.179[500] to 192.168.226.1[500] (108 bytes)
    2018-10-31 21:35:44 31[NET] <DC-1|1711> received packet: from 192.168.226.1[500] to 192.168.226.179[500] (108 bytes)
    2018-10-31 21:35:44 31[ENC] <DC-1|1711> parsed INFORMATIONAL_V1 request 1946438803 [ HASH N(DPD) ]
    2018-10-31 21:35:44 31[ENC] <DC-1|1711> generating INFORMATIONAL_V1 request 3633252743 [ HASH N(DPD_ACK) ]
    2018-10-31 21:35:44 31[NET] <DC-1|1711> sending packet: from 192.168.226.179[500] to 192.168.226.1[500] (108 bytes)
    2018-10-31 21:35:49 23[NET] <DC-1|1711> received packet: from 192.168.226.1[500] to 192.168.226.179[500] (108 bytes)
    "strongswan.log" 46400L, 5109327C                                                                                                        1,1           Top
    2018-11-01 08:46:41 05[ENC] <DC-1|1874> parsed INFORMATIONAL_V1 request 2622333087 [ HASH N(DPD) ]
    2018-11-01 08:46:46 21[NET] <DC-1|1874> received packet: from 192.168.226.1[500] to 192.168.226.179[500] (108 bytes)
    2018-11-01 08:46:46 21[ENC] <DC-1|1874> parsed INFORMATIONAL_V1 request 3369364072 [ HASH N(DPD) ]
    2018-11-01 08:46:51 09[NET] <DC-1|1874> received packet: from 192.168.226.1[500] to 192.168.226.179[500] (108 bytes)
    2018-11-01 08:46:51 09[ENC] <DC-1|1874> parsed INFORMATIONAL_V1 request 2725459660 [ HASH N(DPD) ]
    2018-11-01 08:46:56 05[NET] <DC-1|1874> received packet: from 192.168.226.1[500] to 192.168.226.179[500] (92 bytes)
    2018-11-01 08:46:56 05[ENC] <DC-1|1874> parsed INFORMATIONAL_V1 request 325916731 [ HASH D ]
    2018-11-01 08:46:56 05[IKE] <DC-1|1874> received DELETE for ESP CHILD_SA with SPI 9c56e1ef
    2018-11-01 08:46:56 05[IKE] <DC-1|1874> closing CHILD_SA DC-1{2710} with SPIs c7f0ab19_i (0 bytes) 9c56e1ef_o (156 bytes) and TS 10.13.198.0/24 === 10.0.0.0/8
    2018-11-01 08:46:56 05[APP] <DC-1|1874> [SSO] (sso_invoke_once) SSO is disabled.
    2018-11-01 08:46:56 05[APP] <DC-1|1874> [COP-UPDOWN] (ref_counting) ref_count: 1 to 0 -- down -- (10.13.198.0/24#10.0.0.0/8)
    2018-11-01 08:46:56 05[APP] <DC-1|1874> [COP-UPDOWN] (cop_updown_invoke_once) UID: 1874 Net: Local 192.168.226.179 Remote 192.168.226.1 Connection: DC Fullname: DC-1
    2018-11-01 08:46:56 05[APP] <DC-1|1874> [COP-UPDOWN] (cop_updown_invoke_once) Tunnel: User '' Peer-IP '' my-IP '' down-client
    2018-11-01 08:46:56 23[APP] [COP-UPDOWN][DB] (db_conn_info) hostname: 'DC' result --> id: '1', mode: 'ntn', tunnel_type: '0', subnet_family:'0'
    2018-11-01 08:46:56 23[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) ---- exec updown -- down --
    2018-11-01 08:46:56 23[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) [NTN] NTN get actual...
    2018-11-01 08:46:56 14[NET] <1875> received packet: from 192.168.226.1[500] to 192.168.226.179[500] (264 bytes)
    2018-11-01 08:46:56 14[ENC] <1875> parsed ID_PROT request 0 [ SA V V V V V V V V V ]
    2018-11-01 08:46:56 14[IKE] <1875> received NAT-T (RFC 3947) vendor ID
    2018-11-01 08:46:56 14[IKE] <1875> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
    2018-11-01 08:46:56 14[IKE] <1875> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
    2018-11-01 08:46:56 14[IKE] <1875> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    2018-11-01 08:46:56 14[ENC] <1875> received unknown vendor ID: 16:f6:ca:16:e4:a4:06:6d:83:82:1a:0f:0a:ea:a8:62
    2018-11-01 08:46:56 14[IKE] <1875> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
    2018-11-01 08:46:56 14[IKE] <1875> received DPD vendor ID
    2018-11-01 08:46:56 14[IKE] <1875> received FRAGMENTATION vendor ID
    2018-11-01 08:46:56 14[ENC] <1875> received unknown vendor ID: 82:99:03:17:57:a3:60:82:c6:a6:21:de:00:05:01:24
    2018-11-01 08:46:56 14[IKE] <1875> 192.168.226.1 is initiating a Main Mode IKE_SA
    2018-11-01 08:46:56 14[ENC] <1875> generating ID_PROT response 0 [ SA V V V V V ]
    2018-11-01 08:46:56 14[NET] <1875> sending packet: from 192.168.226.179[500] to 192.168.226.1[500] (180 bytes)
    2018-11-01 08:46:56 23[APP] [COP-UPDOWN][DB] (db_query) No data retrieved from query: 'SELECT ( nath.netid               || '/'                  || nath.netmask ) AS natedlan FROM   tblvpnconnhostrel AS rel     JOIN tblhost AS h             ON h.hostid = rel.hostid          JOIN tblhost AS nath                  ON rel .natedhost = nath.hostid WHERE  rel.connectionid = $1      AND rel.hostlocation = 'L'      AND h.netid = $2        AND h.netmask = $3 LIMIT  1;' status: 2 rows: 0
    2018-11-01 08:46:56 23[APP]
    2018-11-01 08:46:56 23[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) [IPSEC0] using ipsec dummy interface 'ipsec0'
    2018-11-01 08:46:56 23[APP] [COP-UPDOWN][NET] (get_src_ip) source address for 10.13.198.0 is IP: 10.13.198.1
    2018-11-01 08:46:56 23[APP]
    2018-11-01 08:46:56 24[NET] <DC-1|1874> received packet: from 192.168.226.1[500] to 192.168.226.179[500] (108 bytes)
                                                                                                                                             4

     

    Thanks and Regards,

    Govinda Chaulagain

    F1soft International

    System and Support Department