This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

L2TP Disconnect after 5-10 minutes

Hello All

My PPTP VPN works fine but after switching to L2TP OVER IPSEC, my connect disconnects after 5-15 minutes.
Here is the log file

Any guesses? What is a bad control packet?

2009:04:20-14:43:02 (none) pluto[19547]: packet from 66.228.74.130:34953: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000006]
2009:04:20-14:43:02 (none) pluto[19547]: packet from 66.228.74.130:34953: received Vendor ID payload [RFC 3947]
2009:04:20-14:43:02 (none) pluto[19547]: packet from 66.228.74.130:34953: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2009:04:20-14:43:02 (none) pluto[19547]: packet from 66.228.74.130:34953: ignoring Vendor ID payload [FRAGMENTATION]
2009:04:20-14:43:02 (none) pluto[19547]: packet from 66.228.74.130:34953: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
2009:04:20-14:43:02 (none) pluto[19547]: packet from 66.228.74.130:34953: ignoring Vendor ID payload [Vid-Initial-Contact]
2009:04:20-14:43:02 (none) pluto[19547]: packet from 66.228.74.130:34953: ignoring Vendor ID payload [IKE CGA version 1]
2009:04:20-14:43:02 (none) pluto[19547]: "D_REF_wOqbFRgivh_1"[17] 66.228.74.130:34953 #19: responding to Main Mode from unknown peer 66.228.74.130:34953
2009:04:20-14:43:02 (none) pluto[19547]: "D_REF_wOqbFRgivh_1"[17] 66.228.74.130:34953 #19: only OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 supported.  Attribute OAKLEY_GROUP_DESCRIPTION
2009:04:20-14:43:02 (none) pluto[19547]: "D_REF_wOqbFRgivh_1"[17] 66.228.74.130:34953 #19: only OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 supported.  Attribute OAKLEY_GROUP_DESCRIPTION
2009:04:20-14:43:02 (none) pluto[19547]: "D_REF_wOqbFRgivh_1"[17] 66.228.74.130:34953 #19: NAT-Traversal: Result using RFC 3947: peer is NATed
2009:04:20-14:43:02 (none) pluto[19547]: "D_REF_wOqbFRgivh_1"[17] 66.228.74.130:34953 #19: Peer ID is ID_IPV4_ADDR: '192.168.254.37'
2009:04:20-14:43:02 (none) pluto[19547]: "D_REF_wOqbFRgivh_1"[18] 66.228.74.130:34953 #19: deleting connection "D_REF_wOqbFRgivh_1" instance with peer 66.228.74.130 {isakmp=#0/ipsec=#0}
2009:04:20-14:43:02 (none) pluto[19547]: | NAT-T: new mapping 66.228.74.130:34953/34954)
2009:04:20-14:43:02 (none) pluto[19547]: "D_REF_wOqbFRgivh_1"[18] 66.228.74.130:34954 #19: sent MR3, ISAKMP SA established
2009:04:20-14:43:02 (none) pluto[19547]: "D_REF_wOqbFRgivh_0"[9] 66.228.74.130:34954 #20: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
2009:04:20-14:43:02 (none) pluto[19547]: "D_REF_wOqbFRgivh_0"[9] 66.228.74.130:34954 #20: responding to Quick Mode
2009:04:20-14:43:02 (none) pluto[19547]: "D_REF_wOqbFRgivh_0"[9] 66.228.74.130:34954 #20: IPsec SA established {ESP=>0xc06223b5  /dev/pts/0
2009:04:20-14:43:09 (none) pppd-l2tp[9287]: Cannot determine ethernet address for proxy ARP
2009:04:20-14:43:09 (none) pppd-l2tp[9287]: local  IP address 10.242.3.1
2009:04:20-14:43:09 (none) pppd-l2tp[9287]: remote IP address 10.242.3.2
2009:04:20-14:43:09 (none) pppd-l2tp[9287]: id="2201" severity="info" sys="SecureNet" sub="vpn" event="Connection started" username="admin" variant="l2tp" srcip="66.228.74.130" virtual_ip="10.242.3.2"
2009:04:20-15:41:47 (none) pluto[19547]: "D_REF_wOqbFRgivh_0"[9] 66.228.74.130:34954 #21: NAT-Traversal: received 2 NAT-OA. using first, ignoring others
2009:04:20-15:41:47 (none) pluto[19547]: "D_REF_wOqbFRgivh_0"[9] 66.228.74.130:34954 #21: responding to Quick Mode
2009:04:20-15:41:47 (none) pluto[19547]: "D_REF_wOqbFRgivh_0"[9] 66.228.74.130:34954 #21: IPsec SA established {ESP=>0x75b97afb

This thread was automatically locked due to age.

Parents

0 bennybunny over 14 years ago

Hi,

here is the complete log:

2010:09:20-17:15:41 BORFiwa pppd-l2tp[13710]: id="2201" severity="info" sys="SecureNet" sub="vpn" event="Connection started" username="vpnzugang" variant="l2tp" srcip="87.139.127.150" virtual_ip="10.242.3.2"
2010:09:20-17:15:41 BORFiwa pppd-l2tp[13710]: Script /etc/ppp/ip-up finished (pid 13713), status = 0x0
2010:09:20-17:15:43 BORFiwa pluto[23083]: forgetting secrets
2010:09:20-17:15:43 BORFiwa pluto[23083]: loading secrets from "/etc/ipsec.secrets"
2010:09:20-17:15:43 BORFiwa pluto[23083]:   loaded shared key for 0.0.0.0 88.79.126.74
2010:09:20-17:15:43 BORFiwa pluto[23083]:   loaded shared key for 0.0.0.0 88.79.126.74
2010:09:20-17:15:43 BORFiwa pluto[23083]: Changing to directory '/etc/ipsec.d/cacerts'
2010:09:20-17:15:43 BORFiwa pluto[23083]:   loaded CA cert file 'REF_cIJzsvIyWq.pem' (3093 bytes)
2010:09:20-17:15:43 BORFiwa pluto[23083]: Changing to directory '/etc/ipsec.d/aacerts'
2010:09:20-17:15:43 BORFiwa pluto[23083]: Changing to directory '/etc/ipsec.d/ocspcerts'
2010:09:20-17:15:43 BORFiwa pluto[23083]: Changing to directory '/etc/ipsec.d/crls'
2010:09:20-17:16:55 BORFiwa xl2tpd[23106]: check_control: Received out of order control packet on tunnel 1 (got 4, expected 5)
2010:09:20-17:16:55 BORFiwa xl2tpd[23106]: handle_packet: bad control packet!
2010:09:20-17:16:58 BORFiwa xl2tpd[23106]: Maximum retries exceeded for tunnel 44548.  Closing.
2010:09:20-17:16:58 BORFiwa pppd-l2tp[13710]: Terminating on signal 15
2010:09:20-17:16:58 BORFiwa pppd-l2tp[13710]: Modem hangup
2010:09:20-17:16:58 BORFiwa pppd-l2tp[13710]: Connect time 1.3 minutes.
2010:09:20-17:16:58 BORFiwa pppd-l2tp[13710]: Sent 0 bytes, received 3333 bytes.
2010:09:20-17:16:58 BORFiwa pppd-l2tp[13710]: Script /etc/ppp/ip-down started (pid 13807)
2010:09:20-17:16:58 BORFiwa pppd-l2tp[13710]: Connection terminated.
2010:09:20-17:16:58 BORFiwa pppd-l2tp[13710]: Waiting for 1 child processes...
2010:09:20-17:16:58 BORFiwa pppd-l2tp[13710]:   script /etc/ppp/ip-down, pid 13807

Is this the issue?

2010:09:20-15:43:35 BORFiwa pppd-l2tp[11273]: id="2201" severity="info" sys="SecureNet" sub="vpn" event="Connection terminated" username="INTRANET\vpnzugang" variant="l2tp" srcip="87.139.127.150" virtual_ip="10.242.3.2"
2010:09:20-15:43:35 BORFiwa pppd-l2tp[11273]: Script /etc/ppp/ip-down finished (pid 11394), status = 0x0
2010:09:20-15:43:36 BORFiwa pppd-l2tp[11273]: Exit.
2010:09:20-15:43:36 BORFiwa xl2tpd[23106]: control_finish: Connection closed to 87.139.127.150, port 1701 (), Local: 12790, Remote: 1
2010:09:20-15:43:36 BORFiwa pluto[23083]: "S_REF_RknVbffdXX_1"[47] 87.139.127.150:4500 #75: received Delete SA(0x7a48f974) payload: deleting IPSEC State #76
2010:09:20-15:43:37 BORFiwa pluto[23083]: "S_REF_RknVbffdXX_1"[47] 87.139.127.150:4500 #75: deleting connection "S_REF_RknVbffdXX_0" instance with peer 87.139.127.150 {isakmp=#0/ipsec=#0}
2010:09:20-15:43:37 BORFiwa pluto[23083]: "S_REF_RknVbffdXX_1"[47] 87.139.127.150:4500 #75: received Delete SA payload: deleting ISAKMP State #75
2010:09:20-15:43:37 BORFiwa pluto[23083]: "S_REF_RknVbffdXX_1"[47] 87.139.127.150:4500: deleting connection "S_REF_RknVbffdXX_1" instance with peer 87.139.127.150 {isakmp=#0/ipsec=#0}
2010:09:20-15:43:37 BORFiwa pluto[23083]: forgetting secrets
2010:09:20-15:43:37 BORFiwa pluto[23083]: loading secrets from "/etc/ipsec.secrets"
Cancel
Vote Up 0 Vote Down

Cancel
0 d12fk over 14 years ago in reply to bennybunny

This very much looks like an ordered shutdown of the connection, maybe initiated by the client's inactivity counter. Does it also happen if you constantly ping through the tunnel?

Edit: Well, the second log snippet at least. How's the first one related to it?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 d12fk over 14 years ago in reply to bennybunny

This very much looks like an ordered shutdown of the connection, maybe initiated by the client's inactivity counter. Does it also happen if you constantly ping through the tunnel?

Edit: Well, the second log snippet at least. How's the first one related to it?
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data