Ipsec not comming up



  • Hello,
    Since this morning 4 of the 60 ipsec tunnels are down spontaniously at 6am. There is nothing configured to run at 6am.
    In the log file i can see that me and the remote site are negotiating, but then some errors occur, while the configs are already running for some time.
    Have you ever seen this and how can i solve it?

    Dec 4 12:27:17 charon: 02[CFG] <102524> selected proposal: IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
    Dec 4 12:27:17 charon: 02[CFG] <102524> configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP, IKE:AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_16
    Dec 4 12:27:17 charon: 02[CFG] <102524> received proposals: IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
    Dec 4 12:27:17 charon: 02[CFG] <102524> proposal matches
    Dec 4 12:27:17 charon: 02[CFG] <102524> selecting proposal:
    Dec 4 12:27:17 charon: 02[CFG] <102524> no acceptable ENCRYPTION_ALGORITHM found
    Dec 4 12:27:17 charon: 02[CFG] <102524> selecting proposal:
    Dec 4 12:27:17 charon: 02[CFG] <102524> no acceptable ENCRYPTION_ALGORITHM found
    Dec 4 12:27:17 charon: 02[CFG] <102524> selecting proposal:
    Dec 4 12:27:17 charon: 02[CFG] <102524> no acceptable ENCRYPTION_ALGORITHM found
    Dec 4 12:27:17 charon: 02[CFG] <102524> selecting proposal:
    Dec 4 12:27:17 charon: 02[CFG] <102524> no acceptable ENCRYPTION_ALGORITHM found
    Dec 4 12:27:17 charon: 02[CFG] <102524> selecting proposal:
    Dec 4 12:27:17 charon: 02[CFG] <102524> no acceptable ENCRYPTION_ALGORITHM found
    Dec 4 12:27:17 charon: 02[CFG] <102524> selecting proposal:
    Dec 4 12:27:17 charon: 02[CFG] <102524> no acceptable ENCRYPTION_ALGORITHM found
    Dec 4 12:27:17 charon: 02[CFG] <102524> selecting proposal:
    Dec 4 12:27:17 charon: 02[CFG] <102524> no acceptable DIFFIE_HELLMAN_GROUP found
    Dec 4 12:27:17 charon: 02[CFG] <102524> selecting proposal:
    Dec 4 12:27:17 charon: 02[CFG] <102524> no acceptable PSEUDO_RANDOM_FUNCTION found
    Dec 4 12:27:17 charon: 02[CFG] <102524> selecting proposal:
    Dec 4 12:27:17 charon: 02[IKE] <102524> IKE_SA (unnamed)[102524] state change: CREATED => CONNECTING
    Dec 4 12:27:17 charon: 02[IKE] <102524> 213.126.83.234 is initiating a Aggressive Mode IKE_SA
    Dec 4 12:27:17 charon: 02[IKE] <102524> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
    Dec 4 12:27:17 charon: 02[IKE] <102524> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
    Dec 4 12:27:17 charon: 02[IKE] <102524> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    Dec 4 12:27:17 charon: 02[IKE] <102524> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
    Dec 4 12:27:17 charon: 02[IKE] <102524> received NAT-T (RFC 3947) vendor ID
    Dec 4 12:27:17 charon: 02[IKE] <102524> received DPD vendor ID
    Dec 4 12:27:17 charon: 02[CFG] <102524> found matching ike config: %any…%any with prio 24
    Dec 4 12:27:17 charon: 02[CFG] <102524> candidate: %any…%any, prio 24
    Dec 4 12:27:17 charon: 02[CFG] <102524> looking for an ike config for 89.30.146.169…213.126.83.234
    Dec 4 12:27:17 charon: 02[ENC] <102524> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V ]
    Dec 4 12:27:17 charon: 02[NET] <102524> received packet: from 213.126.83.234[500] to 89.30.146.169[500] (496 bytes)


Log in to reply