Ipsec not comming up
-
Hello,
Since this morning 4 of the 60 ipsec tunnels are down spontaniously at 6am. There is nothing configured to run at 6am.
In the log file i can see that me and the remote site are negotiating, but then some errors occur, while the configs are already running for some time.
Have you ever seen this and how can i solve it?Dec 4 12:27:17 charon: 02[CFG] <102524> selected proposal: IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
Dec 4 12:27:17 charon: 02[CFG] <102524> configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP, IKE:AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_16
Dec 4 12:27:17 charon: 02[CFG] <102524> received proposals: IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Dec 4 12:27:17 charon: 02[CFG] <102524> proposal matches
Dec 4 12:27:17 charon: 02[CFG] <102524> selecting proposal:
Dec 4 12:27:17 charon: 02[CFG] <102524> no acceptable ENCRYPTION_ALGORITHM found
Dec 4 12:27:17 charon: 02[CFG] <102524> selecting proposal:
Dec 4 12:27:17 charon: 02[CFG] <102524> no acceptable ENCRYPTION_ALGORITHM found
Dec 4 12:27:17 charon: 02[CFG] <102524> selecting proposal:
Dec 4 12:27:17 charon: 02[CFG] <102524> no acceptable ENCRYPTION_ALGORITHM found
Dec 4 12:27:17 charon: 02[CFG] <102524> selecting proposal:
Dec 4 12:27:17 charon: 02[CFG] <102524> no acceptable ENCRYPTION_ALGORITHM found
Dec 4 12:27:17 charon: 02[CFG] <102524> selecting proposal:
Dec 4 12:27:17 charon: 02[CFG] <102524> no acceptable ENCRYPTION_ALGORITHM found
Dec 4 12:27:17 charon: 02[CFG] <102524> selecting proposal:
Dec 4 12:27:17 charon: 02[CFG] <102524> no acceptable ENCRYPTION_ALGORITHM found
Dec 4 12:27:17 charon: 02[CFG] <102524> selecting proposal:
Dec 4 12:27:17 charon: 02[CFG] <102524> no acceptable DIFFIE_HELLMAN_GROUP found
Dec 4 12:27:17 charon: 02[CFG] <102524> selecting proposal:
Dec 4 12:27:17 charon: 02[CFG] <102524> no acceptable PSEUDO_RANDOM_FUNCTION found
Dec 4 12:27:17 charon: 02[CFG] <102524> selecting proposal:
Dec 4 12:27:17 charon: 02[IKE] <102524> IKE_SA (unnamed)[102524] state change: CREATED => CONNECTING
Dec 4 12:27:17 charon: 02[IKE] <102524> 213.126.83.234 is initiating a Aggressive Mode IKE_SA
Dec 4 12:27:17 charon: 02[IKE] <102524> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Dec 4 12:27:17 charon: 02[IKE] <102524> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Dec 4 12:27:17 charon: 02[IKE] <102524> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Dec 4 12:27:17 charon: 02[IKE] <102524> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Dec 4 12:27:17 charon: 02[IKE] <102524> received NAT-T (RFC 3947) vendor ID
Dec 4 12:27:17 charon: 02[IKE] <102524> received DPD vendor ID
Dec 4 12:27:17 charon: 02[CFG] <102524> found matching ike config: %any…%any with prio 24
Dec 4 12:27:17 charon: 02[CFG] <102524> candidate: %any…%any, prio 24
Dec 4 12:27:17 charon: 02[CFG] <102524> looking for an ike config for 89.30.146.169…213.126.83.234
Dec 4 12:27:17 charon: 02[ENC] <102524> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V ]
Dec 4 12:27:17 charon: 02[NET] <102524> received packet: from 213.126.83.234[500] to 89.30.146.169[500] (496 bytes)