Mobile - problems when renegotiating with Mac OS X



  • Hello there,

    I've got some problems with renegotiation after 2880 seconds tunnel uptime.

    My Mac always asks for an xauth authentification although the credentials are saved, this happens every 2880 seconds.
    Lifetimes are 7200 for Phase 1 and 3600 for Phase 2.

    I tried many different settings, lifetimes, …

    Following the output when renegotiating with OS X:

    
    Jul 5 21:58:27	racoon: [Self]: INFO: IPsec-SA established: ESP 212.0.0.215[500]->193.0.0.238[500] spi=104117483(0x634b4eb)
    Jul 5 21:58:27	racoon: [Self]: INFO: IPsec-SA established: ESP 212.0.0.215[500]->193.0.0.238[500] spi=125463337(0x77a6b29)
    Jul 5 21:58:27	racoon: INFO: Adjusting peer's encmode UDP-Tunnel(3)->Tunnel(1)
    Jul 5 21:58:27	racoon: INFO: Adjusting my encmode UDP-Tunnel->Tunnel
    Jul 5 21:58:27	racoon: INFO: Update the generated policy : 10.12.99.1/32[0] 10.12.0.0/23[0] proto=any dir=in
    Jul 5 21:58:27	racoon: [Self]: INFO: respond new phase 2 negotiation: 212.0.0.215[4500]<=>193.0.0.238[16071]
    Jul 5 21:58:14	racoon: INFO: login succeeded for user "christoph"
    Jul 5 21:58:14	racoon: user 'christoph' authenticated
    Jul 5 21:58:14	racoon: INFO: Using port 0
    Jul 5 21:58:12	racoon: INFO: Released port 0
    Jul 5 21:58:12	racoon: [Self]: INFO: ISAKMP-SA deleted 212.0.0.215[4500]-193.0.0.238[16071] spi:fb7ff395484dd830:72d17a184e79f316
    Jul 5 21:58:12	racoon: INFO: purged ISAKMP-SA spi=fb7ff395484dd830:72d17a184e79f316:0000c3db.
    Jul 5 21:58:12	racoon: INFO: purging ISAKMP-SA spi=fb7ff395484dd830:72d17a184e79f316:0000c3db.
    Jul 5 21:58:07	racoon: [Self]: INFO: ISAKMP-SA established 212.0.0.215[4500]-193.0.0.238[16071] spi:b567033074ea7d5c:c30a90afb45228b4
    Jul 5 21:58:07	racoon: INFO: Sending Xauth request
    Jul 5 21:58:07	racoon: INFO: NAT detected: PEER
    Jul 5 21:58:07	racoon: INFO: NAT-D payload #1 doesn't match
    Jul 5 21:58:07	racoon: [193.0.0.238] INFO: Hashing 193.0.0.238[16071] with algo #2
    Jul 5 21:58:07	racoon: INFO: NAT-D payload #0 verified
    Jul 5 21:58:07	racoon: [Self]: [212.0.0.215] INFO: Hashing 212.0.0.215[4500] with algo #2
    Jul 5 21:58:07	racoon: INFO: Adding xauth VID payload.
    Jul 5 21:58:07	racoon: [Self]: [212.0.0.215] INFO: Hashing 212.0.0.215[4500] with algo #2
    Jul 5 21:58:07	racoon: [193.0.0.238] INFO: Hashing 193.0.0.238[16071] with algo #2
    Jul 5 21:58:07	racoon: INFO: Adding remote and local NAT-D payloads.
    Jul 5 21:58:07	racoon: [193.0.0.238] INFO: Selected NAT-T version: RFC 3947
    Jul 5 21:58:07	racoon: INFO: received Vendor ID: DPD
    Jul 5 21:58:07	racoon: INFO: received Vendor ID: CISCO-UNITY
    Jul 5 21:58:07	racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
    Jul 5 21:58:07	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    [03-07]
    Jul 5 21:58:07	racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-08
    Jul 5 21:58:07	racoon: INFO: received Vendor ID: RFC 3947
    Jul 5 21:58:07	racoon: INFO: received broken Microsoft ID: FRAGMENTATION
    Jul 5 21:58:07	racoon: INFO: begin Aggressive mode.
    Jul 5 21:58:07	racoon: [Self]: INFO: respond new phase 1 negotiation: 212.0.0.215[4500]<=>193.0.0.238[16071]
    Jul 5 21:52:05	racoon: INFO: renegotiating phase1 to 193.0.0.238 due to active phase2
    
    

    The tunnel works flawlessly over days when connecting with Windows 8.1 + Shrew:

    
    Jul 5 19:53:30	racoon: [Self]: INFO: IPsec-SA established: ESP 212.0.0.215[500]->62.0.0.106[500] spi=2966502201(0xb0d13b39)
    Jul 5 19:53:30	racoon: [Self]: INFO: IPsec-SA established: ESP 212.0.0.215[500]->62.0.0.106[500] spi=42409046(0x2871c56)
    Jul 5 19:53:30	racoon: WARNING: authtype mismatched: my:hmac-sha384 peer:hmac-sha512
    Jul 5 19:53:30	racoon: WARNING: authtype mismatched: my:hmac-sha256 peer:hmac-sha512
    Jul 5 19:53:30	racoon: WARNING: authtype mismatched: my:hmac-sha peer:hmac-sha512
    Jul 5 19:53:30	racoon: INFO: Adjusting peer's encmode UDP-Tunnel(3)->Tunnel(1)
    Jul 5 19:53:30	racoon: INFO: Adjusting my encmode UDP-Tunnel->Tunnel
    Jul 5 19:53:30	racoon: INFO: Update the generated policy : 10.12.99.1/32[0] 10.12.0.0/23[0] proto=any dir=in
    Jul 5 19:53:30	racoon: [Self]: INFO: respond new phase 2 negotiation: 212.0.0.215[4500]<=>62.0.0.106[10252]
    
    

    Can you help me there?


Log in to reply