Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 3578 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Weird Ipsec site-to-site issue

raiden1985
Hi,

I created a site-to-site tunnel for a customer. The tunnel comes up, stays up for about 24 hours and then goes down with the following logging:

2014:11:10-14:03:19 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #561: responding to Main Mode
2014:11:10-14:03:19 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #561: Peer ID is ID_IPV4_ADDR: '***.***.***.***'
2014:11:10-14:03:19 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #561: sent MR3, ISAKMP SA established
2014:11:10-14:03:19 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #561: cannot respond to IPsec SA request because no connection is known for 0.0.0.0/0===***.***.***.***[***.***.***.***]...***.***.***.***[***.***.***.***]===***.***.***.***/32
2014:11:10-14:03:19 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #561: sending encrypted notification INVALID_ID_INFORMATION to ***.***.***.***:500
2014:11:10-14:03:20 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #478: IPsec SA expired (LATEST!)
2014:11:10-14:03:20 vpn pluto[24901]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="REF_IpsSitTunnelbla" address="***.***.***.***" local_net="172.30.15.3/32" remote_net="***.***.***.***/32"
2014:11:10-14:03:32 vpn pluto[24901]: packet from ***.***.***.***:500: received Vendor ID payload [Dead Peer Detection]
2014:11:10-14:03:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [draft-stenberg-ipsec-nat-traversal-01]
2014:11:10-14:03:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [draft-stenberg-ipsec-nat-traversal-02]
2014:11:10-14:03:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
2014:11:10-14:03:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2014:11:10-14:03:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2014:11:10-14:03:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2014:11:10-14:03:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [RFC 3947]
2014:11:10-14:03:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [699369228741c6d4ca094c93e242c9de19e7b7c60000000500000500]
2014:11:10-14:03:32 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #562: responding to Main Mode
2014:11:10-14:03:32 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #562: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2014:11:10-14:03:32 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #562: Peer ID is ID_IPV4_ADDR: '***.***.***.***'
2014:11:10-14:03:32 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #562: sent MR3, ISAKMP SA established
2014:11:10-14:03:33 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #562: cannot respond to IPsec SA request because no connection is known for 0.0.0.0/0===***.***.***.***[***.***.***.***]...***.***.***.***[***.***.***.***]===***.***.***.***/32
2014:11:10-14:03:33 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #562: sending encrypted notification INVALID_ID_INFORMATION to ***.***.***.***:500
2014:11:10-14:04:11 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #559: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
2014:11:10-14:04:11 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #559: starting keying attempt 10 of an unlimited number
2014:11:10-14:04:11 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #563: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #559 {using isakmp#562}
2014:11:10-14:04:32 vpn pluto[24901]: packet from ***.***.***.***:500: received Vendor ID payload [Dead Peer Detection]
2014:11:10-14:04:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [draft-stenberg-ipsec-nat-traversal-01]
2014:11:10-14:04:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [draft-stenberg-ipsec-nat-traversal-02]
2014:11:10-14:04:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
2014:11:10-14:04:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2014:11:10-14:04:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2014:11:10-14:04:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2014:11:10-14:04:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [RFC 3947]
2014:11:10-14:04:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [699369228741c6d4ca094c93e242c9de19e7b7c60000000500000500]
2014:11:10-14:04:32 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #564: responding to Main Mode
2014:11:10-14:04:32 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #564: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2014:11:10-14:04:32 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #564: Peer ID is ID_IPV4_ADDR: '***.***.***.***'
2014:11:10-14:04:32 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #564: sent MR3, ISAKMP SA established
2014:11:10-14:04:33 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #564: cannot respond to IPsec SA request because no connection is known for 0.0.0.0/0===***.***.***.***[***.***.***.***]...***.***.***.***[***.***.***.***]===***.***.***.***/32
2014:11:10-14:04:33 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #564: sending encrypted notification INVALID_ID_INFORMATION to ***.***.***.***:500
2014:11:10-14:04:38 vpn pluto[24901]: listening for IKE messages
2014:11:10-14:04:38 vpn pluto[24901]: forgetting secrets
2014:11:10-14:04:38 vpn pluto[24901]: loading secrets from "/etc/ipsec.secrets"
2014:11:10-14:04:38 vpn pluto[24901]:   loaded PSK secret for ***.***.***.*** %any 
2014:11:10-14:04:38 vpn pluto[24901]: forgetting secrets
2014:11:10-14:04:38 vpn pluto[24901]: loading secrets from "/etc/ipsec.secrets"
2014:11:10-14:04:38 vpn pluto[24901]:   loaded PSK secret for ***.***.***.*** %any 
2014:11:10-14:04:38 vpn pluto[24901]: loading ca certificates from '/etc/ipsec.d/cacerts'
2014:11:10-14:04:38 vpn pluto[24901]:   loaded ca certificate from '/etc/ipsec.d/cacerts/REF_CaSigVpnSigniCa.pem'
2014:11:10-14:04:38 vpn pluto[24901]: loading aa certificates from '/etc/ipsec.d/aacerts'
2014:11:10-14:04:38 vpn pluto[24901]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
2014:11:10-14:04:38 vpn pluto[24901]: loading attribute certificates from '/etc/ipsec.d/acerts'
2014:11:10-14:04:38 vpn pluto[24901]: Changing to directory '/etc/ipsec.d/crls'
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0": deleting connection
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #563: deleting state (STATE_QUICK_I1)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #544: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #490: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #493: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #560: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #542: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #499: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #527: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #519: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #538: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #518: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #496: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #528: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #525: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #498: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #522: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #508: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #507: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #505: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #562: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #534: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #504: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #551: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #540: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #516: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #502: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #557: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #547: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #546: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #545: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #535: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #543: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #532: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #495: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #556: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #548: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #530: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #497: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #517: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #501: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #558: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #524: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #537: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #492: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #488: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #561: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #553: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #514: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #511: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #549: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #509: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #483: deleting state (STATE_MAIN_I4)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #500: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #554: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #552: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #539: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #506: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #487: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #536: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #523: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #513: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #520: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #486: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #491: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #515: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #564: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #555: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #489: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #533: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #529: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #510: deleting state (STATE_MAIN_R3)

The last part is quite strange. And the fact it is generating errors regarding INVALID_ID_INFORMATION. Can someone point me in the right direction? Is this an error at the customers firewall(not astaro).

Thanks,

With kind regards,

Jeffrey Schilperoord


This thread was automatically locked due to age.
Parents
  • 0
    Hi,

    I saw this was happening. But the tunnel is up for a few hours without any issue (or 0.0.0.0/0 remote network).

    And after some time has passed the tunnel goes down with the errors I mentioned.

    Thanks,

    Jeffrey
Reply
  • 0
    Hi,

    I saw this was happening. But the tunnel is up for a few hours without any issue (or 0.0.0.0/0 remote network).

    And after some time has passed the tunnel goes down with the errors I mentioned.

    Thanks,

    Jeffrey
Children
No Data
Unfiltered HTML