IPSEC tunnel drops down 2.2-RC (i386) built on Mon Jan 05 16:32:22 CST 2015
-
After upgrade from 2.1.5 to 2.2-RC (i386) built on Mon Jan 05 16:32:22 CST 2015
The ipsec VPN does not stay up.On 2.1.5 ipsec just worked, but now it drops down all the time. It may stay up a full hour, but usually it drops dead before that and does not reconnect. Logs does not give me a good hint or I have missed that log entry when connection fails/drops. I'll try to catch that moment from logs.
I have regenerated and saved all the Phase 1 and Phase 2 settings for the connection (both ends: site A and B)
Just can't fin anything wrong - is there biger problems in ipsec in RC version still?
Below my site-to-site VPN tunnel configuration:
–--------------------- SITE A PHASE 1 –-------------------------
General informationKey Exchange version V1
Internet Protocol IPv4
Interface WAN
Remote gateway 222.222.222.222
Description SITE BPhase 1 proposal (Authentication)
Authentication method Mutual PSKNegotiation mode Main
My identifier My IP Address
Peer identifier Peer IP Address
Pre-Shared Key **********************Phase 1 proposal (Algorithms)
Encryption algorithm AES 256bit
Hash algorithm SHA1DH key group 2(1024bit)
Lifetime 28800 seconds
Advanced Options
NAT Traversal Auto
Dead Peer Detection Enabled DPD
seconds 10
Delay between requesting peer acknowledgement.retries 10
Number of consecutive failures allowed before disconnect.–--------------- SITE A PHASE 2 –-------------------------
Phase2 entryMode Tunnel IPv4
Local Network Lan SubnetRemote Network
Type: Network
Address: 192.168.1.0/24
Description Site BPhase 2 proposal (SA/Key Exchange)
Protocol ESPEncryption algorithms
AES 256bitHash algorithms
SHA1PFS key group 2 (1025bit)
Lifetime 3600 secondsAdvanced Options
Automatically ping host 192.168.1.1 IP address
–------------------------------------------------------------------------------- SITE B PHASE 1 –-------------------------
General informationKey Exchange version V1
Internet Protocol IPv4
Interface WAN
Remote gateway 111.111.111.111
Description SITE APhase 1 proposal (Authentication)
Authentication method Mutual PSKNegotiation mode Main
My identifier My IP Address
Peer identifier Peer IP Address
Pre-Shared Key **********************Phase 1 proposal (Algorithms)
Encryption algorithm AES 256bit
Hash algorithm SHA1DH key group 2(1024bit)
Lifetime 28800 secondsAdvanced Options
NAT Traversal Auto
Dead Peer Detection Enabled DPD
seconds 10
Delay between requesting peer acknowledgement.retries 10
Number of consecutive failures allowed before disconnect.–--------------- SITE B PHASE 2 –-------------------------
Phase2 entryMode Tunnel IPv4
Local Network Lan SubnetRemote Network
Type: Network
Address: 192.168.0.0/24
Description Site APhase 2 proposal (SA/Key Exchange)
Protocol ESPEncryption algorithms
AES 256bitHash algorithms
SHA1
PFS key group 2 (1025bit)
Lifetime 3600 secondsAdvanced Options
Automatically ping host 192.168.0.1 IP address
–--------------------------------------------------------
-
Can you please upgrade to the latest snapshot of today and see if it is fixed?
-
Did not help - but I changed IKEv1 to IKEv2 and now it has been stable and up for whole day.
-
I just noticed that you have i386 snapshot.
It is just building that with the new version of strongswan.so if you have the possibility of trying that with a new snapshot that will come out and IKEv1 it would be good to know.
-
I will do that test for you!
-
Testing:
2.2-RC (i386)
built on Wed Jan 07 18:25:08 CST 2015IKEv1: tunnel drops still down and there is no Active tunnels shown in widged. Even it shows that no active tunnels - the tunnel works. Gateway widged shows huge latency for the other end of the tunnel and the value does not change at all.
Moving back to IKEv2
-
Yeah the important is that the tunnels works.
Yesterday there were some fixes done for functionality.Hopefully today everything related to dashboard etc will be fixed aswell.