after 3 Months of perfect working (9.212-3) our UTM220 decide to stop working on 2 IPSec Tunnels with dynamic IP aDSL ISP.
A Update to 9.310-11 doesnt fix it.
..
2015:05:12-01:16:11 asg220 pluto[6296]: packet from ***.***.***.***:500: Informational Exchange is for an unknown (expired?) SA
..
2015:05:12-01:24:27 asg220 pluto[6296]: "S_REF_IpsSitFritzBbInter_0"[8] ***.***.***.***: deleting connection "S_REF_IpsSitFritzBbInter_0"[8] instance with peer ***.***.***.*** {isakmp=#0/ipsec=#0}
2015:05:12-01:24:27 asg220 pluto[6296]: "S_REF_IpsSitFritzAbtHomen_0"[5] ***.***.***.*** #49: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x2ae68a64) not found (maybe expired)
2015:05:12-01:24:27 asg220 pluto[6296]: "S_REF_IpsSitFritzBbInter_0"[9] ***.***.***.*** #57: responding to Quick Mode
..
2015:05:12-07:37:24 asg220 pluto[6296]: "S_REF_IpsSitFritzBbInter_0"[327] ***.***.***.*** #472: cannot route -- route already in use for "S_REF_IpsSitFritzBbInter_0"
2015:05:12-07:38:04 asg220 pluto[6296]: "S_REF_IpsSitFritzBbInter_0"[327] ***.***.***.*** #472: max number of retransmissions (2) reached STATE_QUICK_R1
..
@ 1:00am we do the 24h disconnect.
We didnt any changes on UTM and AVM Fritzboxes, looks like the UTM stops flush the VPN Connections and block them for renew.
Only a full restart of UTM fix it up. [:@]
Some Info:
- UTM220, static IP / no disconnect
- 4 Site2Site IPSec (2 of them static IP, work like a charm)
- 2 aDSL dynamic IP Fritzboxes, FQDN over myfritz.net / 24h disconnect
- 1 aDSL static IP Fritzbox / 24h disconnect
- 1 Cable static IP Fritzbox / no disconnect
Maybe someone can do a approach in the right direction.
Greetings, DBP
This thread was automatically locked due to age.
