Hi,
I´ve installed a SG-135 Active-Passive Cluster, connected to the internet with pppoe ADSL. After the daily reconnect at arround 4.00am the VPNs won´t come up. For me it seems, that the ipsec process doesn´t handle the unvalid SAs not in the right way?!
I´ve attached the ipsec.log, perhaps somebody gets an idea of the problem.... For the moment, I can surround this problem, by disabling all connections for a short time and then re-enable it. This brings all the tunnels up again. Regarding to the attached Log, Node-1 is master.
I think this messages are interesting (after DSL Reconnect):
2015:04:23-04:11:05 secure-1 pluto[13815]: packet from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA
2015:04:23-04:14:16 secure-1 pluto[13815]: "S_REF_IpsSitVPN3_0" #3: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
2015:04:23-04:14:16 secure-1 pluto[13815]: "S_REF_IpsSitVPN3_0" #3: starting keying attempt 2 of an unlimited number
2015:04:23-04:14:16 secure-1 pluto[13815]: "S_REF_IpsSitVPN3_0" #4: initiating Main Mode to replace #3
Bye
Sebastian
This thread was automatically locked due to age.
