Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 15 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 2059 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPsec VPN

nayah

Hello members,

I am sharing this post in the community hoping to find help with an IPSEC VPN connection issue that we still cannot determine the cause of.

This is the topology, on our side we have an XG 340 as a firewall and on the client side they have a Fortigate (I don't know which version it is).

We have a 10.2.160.x / 24 subnet configured as a local subnet on the XG, and on the client side they have 5 machines as a subnet remote.

The concern that at some random time one or two of these remote Hosts become unreachable from our local 10.2.160.x / 24 subnet. Below are the related logs when we try to reach him. What is weird for me, when we restart the VPN on our side, they become reachable again.

If anyone could give me any suggestion on this problem I am taking it.

PS: I changed the personal information in the log due to security.

2021-08-09 12:26:14 11[IKE] <VPN_XXX-1|471> generating INFORMATIONAL_V1 request 3206003903 [ HASH N(DPD) ]
2021-08-09 12:26:14 11[NET] <VPN_XXX-1|471> sending packet: OUR_PUBLIC_IP[500] to THEIR_PUBLIC_IP[500] (108 bytes)
2021-08-09 12:26:15 12[NET] <VPN_XXX-1|471> received packet: from THEIR_PUBLIC_IP[500] to OUR_PUBLIC_IP[500] (108 bytes)
2021-08-09 12:26:15 12[ENC] <VPN_XXX-1|471> parsed INFORMATIONAL_V1 request 563907384 [ HASH N(DPD_AC



This thread was automatically locked due to age.
Parents
  • 0 in reply to dirkkotte

    the same line is always displayed when the remote machine is not reachable

    2021-08-10 10:08:50 16[NET] <VPN_DPD-1|521> received packet: from 212.23.168.174[500] to 41.204.124.130[500] (92 bytes)
    2021-08-10 10:08:50 16[ENC] <VPN_DPD-1|521> parsed INFORMATIONAL_V1 request 2378267188 [ HASH N(INVAL_SPI) ]
    2021-08-10 10:08:50 16[IKE] <VPN_DPD-1|521> informational: received INVALID_SPI error notify
    2021-08-10 10:08:55 27[NET] <VPN_DPD-1|521> received packet: from 212.23.168.174[500] to 41.204.124.130[500] (92 bytes)
    2021-08-10 10:08:55 27[ENC] <VPN_DPD-1|521> parsed INFORMATIONAL_V1 request 1564785966 [ HASH N(INVAL_SPI) ]
    2021-08-10 10:08:55 27[IKE] <VPN_DPD-1|521> informational: received INVALID_SPI error notify
    2021-08-10 10:08:57 05[NET] <VPN_DPD-1|521> received packet: from 212.23.168.174[500] to 41.204.124.130[500] (92 bytes)
    2021-08-10 10:08:57 05[ENC] <VPN_DPD-1|521> parsed INFORMATIONAL_V1 request 3865066486 [ HASH N(INVAL_SPI) ]
    2021-08-10 10:08:57 05[IKE] <VPN_DPD-1|521> informational: received INVALID_SPI error notify
    2021-08-10 10:08:59 15[NET] <VPN_DPD-1|521> received packet: from 212.23.168.174[500] to 41.204.124.130[500] (92 bytes)
    2021-08-10 10:08:59 15[ENC] <VPN_DPD-1|521> parsed INFORMATIONAL_V1 request 2090051699 [ HASH N(INVAL_SPI) ]
    2021-08-10 10:08:59 15[IKE] <VPN_DPD-1|521> informational: received INVALID_SPI error notify
    2021-08-10 10:09:01 13[NET] <VPN_DPD-1|521> received packet: from 212.23.168.174[500] to 41.204.124.130[500] (92 bytes)
    2021-08-10 10:09:01 13[ENC] <VPN_DPD-1|521> parsed INFORMATIONAL_V1 request 3925680572 [ HASH N(INVAL_SPI) ]
    2021-08-10 10:09:01 13[IKE] <VPN_DPD-1|521> informational: received INVALID_SPI error notify

  • 0 in reply to nayah

    Are you sure you are not connected at the moment?

    I would think these messages were related to rekeying issues ... while connected. (Possibly the negotiated timers don't match)

    ...and these messages look very different from the ones reported first

  • 0 in reply to dirkkotte

    I have just deactivated the DPD (dead peer detected) option on the sophos which apparently does not exist on portigate.

    After this modification I restarted the VPN, and the remote hosts are currently all reachable.

    Worry what at a truly random moment, one or two of these remote hosts become unreachable. This is what really breaks my head

  • 0 in reply to dirkkotte

    Despite the deactivation of the DPD parameter, the problem still persists.

    I always receive the same log. Can someone explain to me what this log is all about.

    2021-08-11 10:36:25 11[NET] <VPN_DPD-1|580> received packet: from PUBLIC_IP_REMOTE[500] to PUBLIC_IP_LOCAL[500] (108 bytes)
    2021-08-11 10:36:25 11[ENC] <VPN_DPD-1|580> parsed INFORMATIONAL_V1 request 2420933925 [ HASH N(DPD) ]
    2021-08-11 10:36:25 11[ENC] <VPN_DPD-1|580> generating INFORMATIONAL_V1 request 2602844757 [ HASH N(DPD_ACK) ]
    2021-08-11 10:36:25 11[NET] <VPN_DPD-1|580> sending packet: from PUBLIC_IP_LOCAL[500] to PUBLIC_IP_REMOTE[500] (108 bytes)
    2021-08-11 10:36:26 17[NET] <VPN_DPD-1|580> received packet: from PUBLIC_IP_REMOTE[500] to PUBLIC_IP_LOCAL[500] (92 bytes)
    2021-08-11 10:36:26 17[ENC] <VPN_DPD-1|580> parsed INFORMATIONAL_V1 request 3156681778 [ HASH N(INVAL_SPI) ]
    2021-08-11 10:36:26 17[IKE] <VPN_DPD-1|580> informational: received INVALID_SPI error notify

Reply
  • 0 in reply to dirkkotte

    Despite the deactivation of the DPD parameter, the problem still persists.

    I always receive the same log. Can someone explain to me what this log is all about.

    2021-08-11 10:36:25 11[NET] <VPN_DPD-1|580> received packet: from PUBLIC_IP_REMOTE[500] to PUBLIC_IP_LOCAL[500] (108 bytes)
    2021-08-11 10:36:25 11[ENC] <VPN_DPD-1|580> parsed INFORMATIONAL_V1 request 2420933925 [ HASH N(DPD) ]
    2021-08-11 10:36:25 11[ENC] <VPN_DPD-1|580> generating INFORMATIONAL_V1 request 2602844757 [ HASH N(DPD_ACK) ]
    2021-08-11 10:36:25 11[NET] <VPN_DPD-1|580> sending packet: from PUBLIC_IP_LOCAL[500] to PUBLIC_IP_REMOTE[500] (108 bytes)
    2021-08-11 10:36:26 17[NET] <VPN_DPD-1|580> received packet: from PUBLIC_IP_REMOTE[500] to PUBLIC_IP_LOCAL[500] (92 bytes)
    2021-08-11 10:36:26 17[ENC] <VPN_DPD-1|580> parsed INFORMATIONAL_V1 request 3156681778 [ HASH N(INVAL_SPI) ]
    2021-08-11 10:36:26 17[IKE] <VPN_DPD-1|580> informational: received INVALID_SPI error notify

Children