[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  1.2b1 IPsec SA issues
 Date:  Mon, 27 Sep 2004 02:24:39 -0400
As I posted to the list earlier, I'm having IPsec SA issues with

My post to the list:
> I seem to be having issues with IPsec SA's that cause one of my
> VPN's to go down on 1.2b1.  The remote VPN endpoint is a Cisco PIX firewall.
> I ran into this same problem on 1.0 and 1.1, but only a couple
> times in about 5 months.  It's happened 3 times in the last 9 hours.

The duplicate SA issue is happening to me almost exactly every 2 hours
today (give or take a few minutes).  Always src IP PIX, dst IP
m0n0wall public IP, single SA in the other direction.  Deleting all
the SA's for that connection makes it come back within a couple

It went down at 21:50, was back up at 22:00.  Down again and back up
at 00:02.  Did it again at about 02:06, though I don't have the log
for that period below.  Go by the
syslog server's timestamps, not the ones from m0n0 as its clock is
off.  Log file at http://chrisbuechler.com/m0n0wall/duplicate-sa.txt 
(mailing list wouldn't accept msg with the log, as the message was
more than 30K with it)

12.202.x.x is the m0n0wall box in question, 216.135.x.x is a FreeBSD
w/racoon setup (not m0n0, but similar) and it's rock solid.
64.112.x.x is the PIX firewall that is the other endpoint of the
problematic VPN.

Relevant portion of config.xml:


If I can provide any more info, please let me know.