This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN Connections "trapped' - don't come up again

Hi!
I am using Astaro Security Linux version 5.2 at two sites. The Astaro gateways are connected to normal DSL routers. In many occasions the tunnel between the two sites is dropped and both sites show “trapped” and you have to manually reset the connections. I am using a connection with X509 certificate in both sites. The policy is AES_PFS with 7800 seconds for IKE SA Lifetime and 900 seconds for IPSec SA Lifetime. Can anybody tell me what causes this?
Thanks for any help.
[:S]font>

This thread was automatically locked due to age.

Parents

0 mieske over 20 years ago

Hi,
we have the same problem of 'trapped" routes between an Astaro v6 and a Novell Security Manager v5.2.  Did you get this solved ?
I found following in ipsec.log :
2005:07:21-13:30:21 (none) pluto[26517]: packet from x.x.x.x:500: ISAKMP version of ISAKMP Message has an unknown value: 0
2005:07:21-13:30:21 (none) pluto[26517]: packet from x.x.x.x:500: sending notification INVALID_MAJOR_VERSION to x.x.x.x:500
2005:07:21-13:30:21 (none) pluto[26517]: | **emit ISAKMP Message:
2005:07:21-13:30:21 (none) pluto[26517]: |    initiator cookie:
2005:07:21-13:30:21 (none) pluto[26517]: |   ba 69 80 6f  ce 79 ec 35
2005:07:21-13:30:21 (none) pluto[26517]: |    responder cookie:
2005:07:21-13:30:21 (none) pluto[26517]: |   00 00 00 00  0b 10 05 00
2005:07:21-13:30:21 (none) pluto[26517]: |    next payload type: ISAKMP_NEXT_N
2005:07:21-13:30:21 (none) pluto[26517]: |    ISAKMP version: ISAKMP Version 1.0
2005:07:21-13:30:21 (none) pluto[26517]: |    exchange type: ISAKMP_XCHG_INFO
2005:07:21-13:30:21 (none) pluto[26517]: |    flags: none
2005:07:21-13:30:21 (none) pluto[26517]: |    message ID:  00 00 00 00
2005:07:21-13:30:21 (none) pluto[26517]: | ***emit ISAKMP Notification Payload:
2005:07:21-13:30:21 (none) pluto[26517]: |    next payload type: ISAKMP_NEXT_NONE
2005:07:21-13:30:21 (none) pluto[26517]: |    DOI: ISAKMP_DOI_IPSEC
2005:07:21-13:30:21 (none) pluto[26517]: |    protocol ID: 1
2005:07:21-13:30:21 (none) pluto[26517]: |    SPI size: 0
2005:07:21-13:30:21 (none) pluto[26517]: |    Notify Message Type: INVALID_MAJOR_VERSION
2005:07:21-13:30:21 (none) pluto[26517]: | emitting 0 raw bytes of spi into ISAKMP Notification Payload
2005:07:21-13:30:21 (none) pluto[26517]: | spi
2005:07:21-13:30:21 (none) pluto[26517]: packet from x.x.x.x:500: failed to build notification for spisize=0

Anyone any idea what this means ?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 mieske over 20 years ago

Hi,
we have the same problem of 'trapped" routes between an Astaro v6 and a Novell Security Manager v5.2.  Did you get this solved ?
I found following in ipsec.log :
2005:07:21-13:30:21 (none) pluto[26517]: packet from x.x.x.x:500: ISAKMP version of ISAKMP Message has an unknown value: 0
2005:07:21-13:30:21 (none) pluto[26517]: packet from x.x.x.x:500: sending notification INVALID_MAJOR_VERSION to x.x.x.x:500
2005:07:21-13:30:21 (none) pluto[26517]: | **emit ISAKMP Message:
2005:07:21-13:30:21 (none) pluto[26517]: |    initiator cookie:
2005:07:21-13:30:21 (none) pluto[26517]: |   ba 69 80 6f  ce 79 ec 35
2005:07:21-13:30:21 (none) pluto[26517]: |    responder cookie:
2005:07:21-13:30:21 (none) pluto[26517]: |   00 00 00 00  0b 10 05 00
2005:07:21-13:30:21 (none) pluto[26517]: |    next payload type: ISAKMP_NEXT_N
2005:07:21-13:30:21 (none) pluto[26517]: |    ISAKMP version: ISAKMP Version 1.0
2005:07:21-13:30:21 (none) pluto[26517]: |    exchange type: ISAKMP_XCHG_INFO
2005:07:21-13:30:21 (none) pluto[26517]: |    flags: none
2005:07:21-13:30:21 (none) pluto[26517]: |    message ID:  00 00 00 00
2005:07:21-13:30:21 (none) pluto[26517]: | ***emit ISAKMP Notification Payload:
2005:07:21-13:30:21 (none) pluto[26517]: |    next payload type: ISAKMP_NEXT_NONE
2005:07:21-13:30:21 (none) pluto[26517]: |    DOI: ISAKMP_DOI_IPSEC
2005:07:21-13:30:21 (none) pluto[26517]: |    protocol ID: 1
2005:07:21-13:30:21 (none) pluto[26517]: |    SPI size: 0
2005:07:21-13:30:21 (none) pluto[26517]: |    Notify Message Type: INVALID_MAJOR_VERSION
2005:07:21-13:30:21 (none) pluto[26517]: | emitting 0 raw bytes of spi into ISAKMP Notification Payload
2005:07:21-13:30:21 (none) pluto[26517]: | spi
2005:07:21-13:30:21 (none) pluto[26517]: packet from x.x.x.x:500: failed to build notification for spisize=0

Anyone any idea what this means ?
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data