|
||||||||
Two different locations, both m0n0s give the same problem, I guess Feb 5 17:44:56 last message repeated 3 times Feb 5 17:44:09 /kernel: vr0: rx packet lost One has a slightly older Network switch, but other location has a brand new switch, and no problems with other HW. My guess is that there is a compatibility problem with the onboard Via Rhine ethernet and m0n0, or else...? Other than that I do not understand why racoon fails to get the SA info. Both have been configured identically, have different subnets, and both has a pre shared key associated with the ip address of the other. Here is the racoon log: Feb 5 17:39:53 racoon: ERROR: isakmp.c:1073:isakmp_ph2begin_r(): failed to pre-process packet. Feb 5 17:39:53 racoon: ERROR: isakmp_quick.c:1046:quick_r1recv(): failed to get sainfo. Feb 5 17:39:53 racoon: ERROR: isakmp_quick.c:1812:get_sainfo_r(): failed to get sainfo. Feb 5 17:39:53 racoon: INFO: isakmp.c:1059:isakmp_ph2begin_r(): respond new phase 2 negotiation: 212.12.135.51[0]<=>212.12.133.230[0] Feb 5 17:39:43 racoon: ERROR: isakmp.c:1073:isakmp_ph2begin_r(): failed to pre-process packet. Feb 5 17:39:43 racoon: ERROR: isakmp_quick.c:1046:quick_r1recv(): failed to get sainfo. Feb 5 17:39:43 racoon: ERROR: isakmp_quick.c:1812:get_sainfo_r(): failed to get sainfo. Feb 5 17:39:43 racoon: INFO: isakmp.c:1059:isakmp_ph2begin_r(): respond new phase 2 negotiation: 212.12.135.51[0]<=>212.12.133.230[0] Feb 5 17:39:33 racoon: ERROR: isakmp.c:1073:isakmp_ph2begin_r(): failed to pre-process packet. Feb 5 17:39:33 racoon: ERROR: isakmp_quick.c:1046:quick_r1recv(): failed to get sainfo. Feb 5 17:39:33 racoon: ERROR: isakmp_quick.c:1812:get_sainfo_r(): failed to get sainfo. Feb 5 17:39:33 racoon: INFO: isakmp.c:1059:isakmp_ph2begin_r(): respond new phase 2 negotiation: 212.12.135.51[0]<=>212.12.133.230[0] Feb 5 17:39:32 racoon: INFO: isakmp.c:2459:log_ph1established(): ISAKMP-SA established 212.12.135.51[500]-212.12.133.230[500] spi:b2596c894f2bd101:f8d6a5e9545263dc Feb 5 17:39:32 racoon: NOTIFY: oakley.c:2084:oakley_skeyid(): couldn't find the proper pskey, try to get one by the peer's address. Feb 5 17:39:31 racoon: INFO: isakmp.c:909:isakmp_ph1begin_r(): begin Aggressive mode. Feb 5 17:39:31 racoon: INFO: isakmp.c:904:isakmp_ph1begin_r(): respond new phase 1 negotiation: 212.12.135.51[500]<=>212.12.133.230[500] KR> Sounds like hardware-layer to me. Either the physical KR> network, or the on-board ethernet. My first suspect would be the KR> m0n0 that is reporting the error. Can you put another ethernet KR> card in that box and use that for LAN? KR> Regards, KR> -Keith KR> ________________________________ KR> From: Kerem Erciyes [mailto:k underscore erciyes at zegnaermenegildo dot it] KR> Sent: Fri 2/4/2005 5:27 AM KR> To: m0n0wall at lists dot m0n0 dot ch KR> Subject: [m0n0wall] pptp, stability and ipsec problems KR> Hi Everbody, KR> I have two m0n0wall servers with identical configuration: KR> Via EPIA-V 10K 1 GHz Eden Motherboard KR> 256 Mb SD RAM KR> 64 MB USB 2.0 Flashdisk KR> 1 Via Rhine Onboard Ethernet : LAN KR> 1 Intel PRO100 Ethernet : WAN KR> I have a few problems: KR> 1. Sometimes PPTP Clients disconnect abruptly KR> 2. Cannot setup the IPSec Tunnel although identical configurations KR> tested and retested 15 times KR> 3. One m0n0wall continously says vr0: rx packets lost KR> 4. Have to restart both sometimes 2 times a day sometimes once a week KR> Any opinions welcome... KR> Kerem Erciyes (k underscore erciyes at zegnaermenegildo dot it) KR> IT Sorumlusu KR> ISMACO Amsterdam BV (+90 216 394 00 00) KR> Ermenegildo Zegna Butik (+90 212 291 10 24) KR> ---------------------------------------------- KR> This message is OpenPGP Signed and content and KR> identity of the sender can be verified with a KR> pulic PGP key of the sender. Public PGP key KR> can be obtained upon request. |