Hallo zusammen,
ohne an der Konfiguration Änderungen vorzunehmen, habe ich die letzten zwei tage einen Verbindungsabbruch vom site 2 site IPSec Tunnel ohne sich wiederzuherstellen.
In den Logs von gestern und heute sind mit folgende Punkte aufgefallen.
2016:12:21-03:02:24 zmi2 pluto[866]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="REF_IpsSitIpsecdusst2" address="xxx.2" local_net="xxxx.0/24" remote_net="xxxxx.0/24" 2016:12:21-03:02:24 zmi2 pluto[866]: DPD: Restarting connection "S_REF_IpsSitIpsecdusst2_1" 2016:12:21-03:02:24 zmi2 pluto[866]: "S_REF_IpsSitIpsecdusst2_3" #82: initiating Main Mode 2016:12:21-03:15:35 zmi2 pluto[866]: "S_REF_IpsSitIpsecdusst2_3" #82: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message 2016:12:21-03:15:35 zmi2 pluto[866]: "S_REF_IpsSitIpsecdusst2_3" #82: starting keying attempt 2 of an unlimited number 2016:12:21-03:15:35 zmi2 pluto[866]: "S_REF_IpsSitIpsecdusst2_3" #83: initiating Main Mode to replace #82 2016:12:21-03:28:47 zmi2 pluto[866]: "S_REF_IpsSitIpsecdusst2_3" #83: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message 2016:12:21-03:28:47 zmi2 pluto[866]: "S_REF_IpsSitIpsecdusst2_3" #83: starting keying attempt 3 of an unlimited number 2016:12:21-03:28:47 zmi2 pluto[866]: "S_REF_IpsSitIpsecdusst2_3" #84: initiating Main Mode to replace #83 2016:12:21-03:41:58 zmi2 pluto[866]: "S_REF_IpsSitIpsecdusst2_3" #84: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message 2016:12:21-03:41:58 zmi2 pluto[866]: "S_REF_IpsSitIpsecdusst2_3" #84: starting keying attempt 4 of an unlimited number 2016:12:21-03:41:58 zmi2 pluto[866]: "S_REF_IpsSitIpsecdusst2_3" #85: initiating Main Mode to replace #84
2016:12:20-03:02:25 zmi2 pluto[2327]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="REF_IpsSitIpsecdusst2" address="xxxx.2" local_net="xxxx.0/24" remote_net="xxxx.0/24"
2016:12:20-03:02:25 zmi2 pluto[2327]: "S_REF_IpsSitIpsecdusst2_3" #101: deleting state (STATE_MAIN_R3)
2016:12:20-03:02:25 zmi2 pluto[2327]: DPD: Restarting connection "S_REF_IpsSitIpsecdusst2_3"
2016:12:20-03:02:25 zmi2 pluto[2327]: "S_REF_IpsSitIpsecdusst2_0": DPD: Terminating all SAs using this connection
2016:12:20-03:02:25 zmi2 pluto[2327]: "S_REF_IpsSitIpsecdusst2_0" #107: deleting state (STATE_QUICK_I2)
2016:12:20-03:02:25 zmi2 pluto[2327]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="REF_IpsSitIpsecdusst2" address="xxxx.2" local_net="xxx.0/24" remote_net="xxx.0/24"
2016:12:20-03:02:25 zmi2 pluto[2327]: "S_REF_IpsSitIpsecdusst2_0" #98: deleting state (STATE_MAIN_I4)
2016:12:20-03:02:25 zmi2 pluto[2327]: DPD: Restarting connection "S_REF_IpsSitIpsecdusst2_0"
2016:12:20-03:02:25 zmi2 pluto[2327]: "S_REF_IpsSitIpsecdusst2_2": DPD: Terminating all SAs using this connection
2016:12:20-03:02:25 zmi2 pluto[2327]: "S_REF_IpsSitIpsecdusst2_2" #108: deleting state (STATE_QUICK_I2)
2016:12:20-03:02:25 zmi2 pluto[2327]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="REF_IpsSitIpsecdusst2" address="xxxx.2" local_net="xxx0/24" remote_net="xxx.0/24"
2016:12:20-03:02:25 zmi2 pluto[2327]: "S_REF_IpsSitIpsecdusst2_2" #104: deleting state (STATE_QUICK_I2)
2016:12:20-03:02:25 zmi2 pluto[2327]: DPD: Restarting connection "S_REF_IpsSitIpsecdusst2_2"
2016:12:20-03:02:25 zmi2 pluto[2327]: "S_REF_IpsSitIpsecdusst2_1": DPD: Terminating all SAs using this connection
2016:12:20-03:02:25 zmi2 pluto[2327]: "S_REF_IpsSitIpsecdusst2_1" #109: deleting state (STATE_QUICK_I2)
2016:12:20-03:02:25 zmi2 pluto[2327]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="REF_IpsSitIpsecdusst2" address="xxxx.2" local_net="xxx0/24" remote_net="xxx.0/24"
2016:12:20-03:02:25 zmi2 pluto[2327]: "S_REF_IpsSitIpsecdusst2_1" #105: deleting state (STATE_QUICK_I2)
2016:12:20-03:02:25 zmi2 pluto[2327]: DPD: Restarting connection "S_REF_IpsSitIpsecdusst2_1"
2016:12:20-03:02:25 zmi2 pluto[2327]: "S_REF_IpsSitIpsecdusst2_3" #110: initiating Main Mode
2016:12:20-03:15:35 zmi2 pluto[2327]: "S_REF_IpsSitIpsecdusst2_3" #110: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
2016:12:20-03:15:35 zmi2 pluto[2327]: "S_REF_IpsSitIpsecdusst2_3" #110: starting keying attempt 2 of an unlimited number
2016:12:20-03:15:35 zmi2 pluto[2327]: "S_REF_IpsSitIpsecdusst2_3" #111: initiating Main Mode to replace #110
2016:12:20-03:28:46 zmi2 pluto[2327]: "S_REF_IpsSitIpsecdusst2_3" #111: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
2016:12:20-03:28:46 zmi2 pluto[2327]: "S_REF_IpsSitIpsecdusst2_3" #111: starting keying attempt 3 of an unlimited number
2016:12:20-03:28:46 zmi2 pluto[2327]: "S_REF_IpsSitIpsecdusst2_3" #112: initiating Main Mode to replace #111
2016:12:20-03:41:56 zmi2 pluto[2327]: "S_REF_IpsSitIpsecdusst2_3" #112: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
Fast exakt zur selben Zeit fangen die Probleme an. Danach wird im Abstand von 13 Minuten versucht den Tunnel vergebens aufzubauen.
Ich hoffe einer von euch kann mit den Logs mehr anfangen.
Indem ich den Tunnel über die Webadmin Oberfläche deaktiviere und aktiviere (und das mehrmals) wird der irgendwann Tunnel wieder aufgebaut.
Ein langfristige Lösung sieht anders aus, jemand eine Idee?
This thread was automatically locked due to age.
