This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

L2TP Disconnect after 5-10 minutes

Hello All

My PPTP VPN works fine but after switching to L2TP OVER IPSEC, my connect disconnects after 5-15 minutes.
Here is the log file

Any guesses? What is a bad control packet?

2009:04:20-14:43:02 (none) pluto[19547]: packet from 66.228.74.130:34953: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000006]
2009:04:20-14:43:02 (none) pluto[19547]: packet from 66.228.74.130:34953: received Vendor ID payload [RFC 3947]
2009:04:20-14:43:02 (none) pluto[19547]: packet from 66.228.74.130:34953: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2009:04:20-14:43:02 (none) pluto[19547]: packet from 66.228.74.130:34953: ignoring Vendor ID payload [FRAGMENTATION]
2009:04:20-14:43:02 (none) pluto[19547]: packet from 66.228.74.130:34953: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
2009:04:20-14:43:02 (none) pluto[19547]: packet from 66.228.74.130:34953: ignoring Vendor ID payload [Vid-Initial-Contact]
2009:04:20-14:43:02 (none) pluto[19547]: packet from 66.228.74.130:34953: ignoring Vendor ID payload [IKE CGA version 1]
2009:04:20-14:43:02 (none) pluto[19547]: "D_REF_wOqbFRgivh_1"[17] 66.228.74.130:34953 #19: responding to Main Mode from unknown peer 66.228.74.130:34953
2009:04:20-14:43:02 (none) pluto[19547]: "D_REF_wOqbFRgivh_1"[17] 66.228.74.130:34953 #19: only OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 supported.  Attribute OAKLEY_GROUP_DESCRIPTION
2009:04:20-14:43:02 (none) pluto[19547]: "D_REF_wOqbFRgivh_1"[17] 66.228.74.130:34953 #19: only OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 supported.  Attribute OAKLEY_GROUP_DESCRIPTION
2009:04:20-14:43:02 (none) pluto[19547]: "D_REF_wOqbFRgivh_1"[17] 66.228.74.130:34953 #19: NAT-Traversal: Result using RFC 3947: peer is NATed
2009:04:20-14:43:02 (none) pluto[19547]: "D_REF_wOqbFRgivh_1"[17] 66.228.74.130:34953 #19: Peer ID is ID_IPV4_ADDR: '192.168.254.37'
2009:04:20-14:43:02 (none) pluto[19547]: "D_REF_wOqbFRgivh_1"[18] 66.228.74.130:34953 #19: deleting connection "D_REF_wOqbFRgivh_1" instance with peer 66.228.74.130 {isakmp=#0/ipsec=#0}
2009:04:20-14:43:02 (none) pluto[19547]: | NAT-T: new mapping 66.228.74.130:34953/34954)
2009:04:20-14:43:02 (none) pluto[19547]: "D_REF_wOqbFRgivh_1"[18] 66.228.74.130:34954 #19: sent MR3, ISAKMP SA established
2009:04:20-14:43:02 (none) pluto[19547]: "D_REF_wOqbFRgivh_0"[9] 66.228.74.130:34954 #20: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
2009:04:20-14:43:02 (none) pluto[19547]: "D_REF_wOqbFRgivh_0"[9] 66.228.74.130:34954 #20: responding to Quick Mode
2009:04:20-14:43:02 (none) pluto[19547]: "D_REF_wOqbFRgivh_0"[9] 66.228.74.130:34954 #20: IPsec SA established {ESP=>0xc06223b5  /dev/pts/0
2009:04:20-14:43:09 (none) pppd-l2tp[9287]: Cannot determine ethernet address for proxy ARP
2009:04:20-14:43:09 (none) pppd-l2tp[9287]: local  IP address 10.242.3.1
2009:04:20-14:43:09 (none) pppd-l2tp[9287]: remote IP address 10.242.3.2
2009:04:20-14:43:09 (none) pppd-l2tp[9287]: id="2201" severity="info" sys="SecureNet" sub="vpn" event="Connection started" username="admin" variant="l2tp" srcip="66.228.74.130" virtual_ip="10.242.3.2"
2009:04:20-15:41:47 (none) pluto[19547]: "D_REF_wOqbFRgivh_0"[9] 66.228.74.130:34954 #21: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
2009:04:20-15:41:47 (none) pluto[19547]: "D_REF_wOqbFRgivh_0"[9] 66.228.74.130:34954 #21: responding to Quick Mode
2009:04:20-15:41:47 (none) pluto[19547]: "D_REF_wOqbFRgivh_0"[9] 66.228.74.130:34954 #21: IPsec SA established {ESP=>0x75b97afb

This thread was automatically locked due to age.

Parents

0 BAlfson over 16 years ago

Control packets are used in L2TP. My guess is that this is a client issue - which one are you using? Is it possible that you have it set to timeout after a period of non-use?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 wudukes over 16 years ago in reply to BAlfson

Windows Vista =)

I dont believe there is a timeout...
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 16 years ago in reply to wudukes

Windows firewall?

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 16 years ago in reply to wudukes

Windows firewall?

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 bennybunny over 15 years ago in reply to BAlfson

Hi,

have anyone a solution for this? We have exactly the same problem. After 5-10 min the vpn connection closed. The Logfiles says:

2010:09:20-17:51:48 BORFiwa xl2tpd[23106]: check_control: Received out of order control packet on tunnel 2 (got 4, expected 5)
2010:09:20-17:51:48 BORFiwa xl2tpd[23106]: handle_packet: bad control packet!
2010:09:20-17:51:51 BORFiwa xl2tpd[23106]: Maximum retries exceeded for tunnel 16350. Closing.
2010:09:20-17:51:51 BORFiwa pppd-l2tp[14664]: Terminating on signal 15
2010:09:20-17:51:51 BORFiwa pppd-l2tp[14664]: Modem hangup
2010:09:20-17:51:51 BORFiwa pppd-l2tp[14664]: Connect time 1.4 minutes.
2010:09:20-17:51:51 BORFiwa pppd-l2tp[14664]: Sent 0 bytes, received 3333 bytes.

We are using Vista/Windows 7 as VPN Client. Hope someone could help ;-)
Cancel
Vote Up 0 Vote Down

Cancel