IPSEC dropping every 124 seconds
-
Guys, I have a client that uses IPSEC to connect your network to his client
and this VPN goes down every 124 seconds
I looked in the logs and found nothing abnormal
any tips on how to check if the problem is here or on the dlee client?when it falls, this log appears:
eb 10 16:04:36 charon 10[CFG] vici client 487 registered for: list-sa
Feb 10 16:04:36 charon 10[CFG] vici client 487 requests: list-sas
Feb 10 16:04:36 charon 10[CFG] vici client 487 disconnected
Feb 10 16:04:40 charon 10[IKE] <con4000|30> sending DPD request
Feb 10 16:04:40 charon 10[IKE] <con4000|30> queueing ISAKMP_DPD task
Feb 10 16:04:40 charon 10[IKE] <con4000|30> activating new tasks
Feb 10 16:04:40 charon 10[IKE] <con4000|30> activating ISAKMP_DPD task
Feb 10 16:04:40 charon 10[ENC] <con4000|30> generating INFORMATIONAL_V1 request 140947474 [ HASH N(DPD) ]
Feb 10 16:04:40 charon 10[NET] <con4000|30> sending packet: from 177.0.0.X[500] to 177.0.0.X[500] (92 bytes)
Feb 10 16:04:40 charon 10[IKE] <con4000|30> activating new tasks
Feb 10 16:04:40 charon 10[IKE] <con4000|30> nothing to initiate
Feb 10 16:04:41 charon 14[CFG] vici client 488 connected
Feb 10 16:04:41 charon 11[CFG] vici client 488 registered for: list-sa
Feb 10 16:04:41 charon 10[CFG] vici client 488 requests: list-sas
Feb 10 16:04:41 charon 10[CFG] vici client 488 disconnected
Feb 10 16:04:45 charon 11[IKE] <con4000|30> sending DPD request
Feb 10 16:04:45 charon 11[IKE] <con4000|30> queueing ISAKMP_DPD task
Feb 10 16:04:45 charon 11[IKE] <con4000|30> activating new tasks
Feb 10 16:04:45 charon 11[IKE] <con4000|30> activating ISAKMP_DPD task
Feb 10 16:04:45 charon 11[ENC] <con4000|30> generating INFORMATIONAL_V1 request 50296017 [ HASH N(DPD) ]
Feb 10 16:04:45 charon 11[NET] <con4000|30> sending packet: from 1177.0.0.X[500] to 177.0.0.X[500] (92 bytes)
Feb 10 16:04:45 charon 11[IKE] <con4000|30> activating new tasks
Feb 10 16:04:45 charon 11[IKE] <con4000|30> nothing to initiate
Feb 10 16:04:46 charon 13[CFG] vici client 489 connected
Feb 10 16:04:46 charon 11[CFG] vici client 489 registered for: list-sa
Feb 10 16:04:46 charon 11[CFG] vici client 489 requests: list-sas
Feb 10 16:04:46 charon 08[CFG] vici client 489 disconnected
Feb 10 16:04:50 charon 08[IKE] <con4000|30> sending DPD request
Feb 10 16:04:50 charon 08[IKE] <con4000|30> queueing ISAKMP_DPD task
Feb 10 16:04:50 charon 08[IKE] <con4000|30> activating new tasks
Feb 10 16:04:50 charon 08[IKE] <con4000|30> activating ISAKMP_DPD task
Feb 10 16:04:50 charon 08[ENC] <con4000|30> generating INFORMATIONAL_V1 request 4259876321 [ HASH N(DPD) ]
Feb 10 16:04:50 charon 08[NET] <con4000|30> sending packet: from 177.0.0.X[500] to 177.0.0.X[500] (92 bytes)
Feb 10 16:04:50 charon 08[IKE] <con4000|30> activating new tasks
Feb 10 16:04:50 charon 08[IKE] <con4000|30> nothing to initiate
Feb 10 16:04:51 charon 13[CFG] vici client 490 connected
Feb 10 16:04:51 charon 08[CFG] vici client 490 registered for: list-sa
Feb 10 16:04:51 charon 06[CFG] vici client 490 requests: list-sas
Feb 10 16:04:51 charon 08[CFG] vici client 490 disconnectedeb 10 16:05:06 charon 15[CFG] <con4000|31> 192.168.4.0/24|/0
Feb 10 16:05:06 charon 15[ENC] <con4000|31> generating QUICK_MODE request 674283457 [ HASH SA No KE ID ID ]
Feb 10 16:05:06 charon 15[NET] <con4000|31> sending packet: from 177.0.0.X[500] to 177.0.0.X[500] (492 bytes)
Feb 10 16:05:06 charon 15[NET] <con4000|31> received packet: from 177.0.0.X[500] to 177.0.0.X[500] (444 bytes)
Feb 10 16:05:06 charon 15[ENC] <con4000|31> parsed QUICK_MODE response 674283457 [ HASH SA No KE ID ID ]
Feb 10 16:05:06 charon 15[CFG] <con4000|31> selecting proposal:
Feb 10 16:05:06 charon 15[CFG] <con4000|31> no acceptable ENCRYPTION_ALGORITHM found
Feb 10 16:05:06 charon 15[CFG] <con4000|31> selecting proposal:
Feb 10 16:05:06 charon 15[CFG] <con4000|31> no acceptable ENCRYPTION_ALGORITHM found
Feb 10 16:05:06 charon 15[CFG] <con4000|31> selecting proposal:
Feb 10 16:05:06 charon 15[CFG] <con4000|31> proposal matches
Feb 10 16:05:06 charon 15[CFG] <con4000|31> received proposals: ESP:AES_CBC_128/HMAC_SHA1_96/MODP_2048/NO_EXT_SEQ
Feb 10 16:05:06 charon 15[CFG] <con4000|31> configured proposals: ESP:AES_CBC_256/HMAC_SHA1_96/MODP_2048/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_SHA1_96/MODP_2048/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA1_96/MODP_2048/NO_EXT_SEQ
Feb 10 16:05:06 charon 15[CFG] <con4000|31> selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/MODP_2048/NO_EXT_SEQ
Feb 10 16:05:06 charon 15[IKE] <con4000|31> received 28800s lifetime, configured 0s
Feb 10 16:05:06 charon 15[CHD] <con4000|31> CHILD_SA con4000{70} state change: CREATED => INSTALLING
Feb 10 16:05:06 charon 15[CHD] <con4000|31> using AES_CBC for encryption
Feb 10 16:05:06 charon 15[CHD] <con4000|31> using HMAC_SHA1_96 for integrity
Feb 10 16:05:06 charon 15[CHD] <con4000|31> adding inbound ESP SA
Feb 10 16:05:06 charon 15[CHD] <con4000|31> SPI 0xc660eb20, src 1177.0.0.X dst 177.0.0.X
Feb 10 16:05:06 charon 15[CHD] <con4000|31> adding outbound ESP SA
Feb 10 16:05:06 charon 15[CHD] <con4000|31> SPI 0xc5847ece, src 177.0.0.X dst 177.0.0.X
Feb 10 16:05:06 charon 15[IKE] <con4000|31> CHILD_SA con4000{70} established with SPIs c660eb20_i c5847ece_o and TS 192.168.175.0/24|/0 === 192.168.4.0/24|/0
Feb 10 16:05:06 charon 15[CHD] <con4000|31> CHILD_SA con4000{70} state change: INSTALLING => INSTALLED
Feb 10 16:05:06 charon 15[IKE] <con4000|31> reinitiating already active tasks
Feb 10 16:05:06 charon 15[IKE] <con4000|31> QUICK_MODE task
Feb 10 16:05:06 charon 15[ENC] <con4000|31> generating QUICK_MODE request 674283457 [ HASH ]
Feb 10 16:05:06 charon 15[NET] <con4000|31> sending packet: from 177.101.216.30[500] to 177.0.0.X[500] (60 bytes)
Feb 10 16:05:06 charon 15[IKE] <con4000|31> activating new tasks
Feb 10 16:05:06 charon 15[IKE] <con4000|31> nothing to initiate
Feb 10 16:05:06 charon 16[CFG] vici client 493 connected
Feb 10 16:05:06 charon 15[CFG] vici client 493 registered for: list-sa
Feb 10 16:05:06 charon 12[CFG] vici client 493 requests: list-sas