[ previous ] [ next ] [ threads ]
 
 From:  "Holger Bauer" <Holger dot Bauer at citec dash ag dot de>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  =?iso-8859-1?Q?IPSEC_Tunnel_between_static_an_dynamic_IP_expires_and_does?==?iso-8859-1?Q?n=B4t_come_up_again?=
 Date:  Mon, 27 Dec 2004 17:29:38 +0100 
The static IP m0n0 awaits "mobile clients" and uses it´s static IP as it´s identifier. For the
dynamic m0n0 I added an Identifier with preshared Key and Secret.
The dynamic m0n0 has a tunnel defined to the static m0n0. Parameters and identifiers are exactly the
same on both sides. Lifetime of the keys is identical and the m0n0s are in timesync (nearly) using
the same timeserver. 
The tunnel comes up after saving the ipsecsettings. After reboot the tunnel comes up also. After a
while the tunnel goes down, even if I have placed the hook in autoestablish and are pinging from a
client behind the dynamic m0n0 to a server behind the static m0n0. The last messeges in the log are
the following:

Dec 27 17:02:03	 racoon: INFO: pfkey.c:1466:pk_recvexpire(): IPsec-SA expired: ESP/Tunnel
XXX.XXX.XXX.STATIC->XXX.XXX.XXX.DYNAMIC spi=18385805(0x1188b8d)	 
Dec 27 17:02:04	 racoon: INFO: pfkey.c:1197:pk_recvupdate(): IPsec-SA established: ESP/Tunnel
XXX.XXX.XXX.STATIC->XXX.XXX.XXX.DYNAMIC spi=190768296(0xb5ee4a8)	 
Dec 27 17:02:04	 racoon: INFO: pfkey.c:1420:pk_recvadd(): IPsec-SA established: ESP/Tunnel
XXX.XXX.XXX.DYNAMIC ->XXX.XXX.XXX.STATIC spi=164063250(0x9c76812)	 
Dec 27 17:04:01	 racoon: INFO: isakmp.c:1526:isakmp_ph1expire(): ISAKMP-SA expired
XXX.XXX.XXX.DYNAMIC [500]-XXX.XXX.XXX.STATIC[500] spi:eb882035d39f06b0:c13f6f7948a2230e 
Dec 27 17:04:02	 racoon: INFO: isakmp.c:1574:isakmp_ph1delete(): ISAKMP-SA deleted
XXX.XXX.XXX.DYNAMIC [500]-XXX.XXX.XXX.STATIC[500] spi:eb882035d39f06b0:c13f6f7948a2230e	

After that the tunnel can only be reestablished by saving and applying the ipsecsettings on the
dynamic m0n0, but the tunnel is kept alive for some minutes and breaks down again. It seems, that
the dynamic m0n0 doesn´t try to reestablish the link as there is no activity anymore in the logfiles
after going down.

I use wraps on both sides with m0n0 1.2b3 images. Anyone had these problems before or can give me a
hint?

Thanks for everything in advance,
Holger Bauer


____________
Virus checked by G DATA AntiVirusKit
Version: AVK 15.0.1774 from 27.12.2004
Virus news: www.antiviruslab.com

____________
Virus checked by G DATA AntiVirusKit