[ previous ] [ next ] [ threads ]
 
 From:  Kerem Erciyes <k underscore erciyes at zegnaermenegildo dot it>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re[2]: [m0n0wall] pptp, stability and ipsec problems
 Date:  Sat, 5 Feb 2005 18:10:18 +0200
Two different locations, both m0n0s give the same problem, I guess

Feb 5 17:44:56 last message repeated 3 times
Feb 5 17:44:09 /kernel: vr0: rx packet lost

One has a slightly older Network switch, but other location has a
brand new switch, and no problems with other HW. My guess is that
there is a compatibility problem with the onboard Via Rhine ethernet
and m0n0, or else...?

Other than that I do not understand why racoon fails to
get the SA info. Both have been configured identically,
have different subnets, and both has a pre shared key
associated with the ip address of the other.


Here is the racoon log:

Feb 5 17:39:53 racoon: ERROR: isakmp.c:1073:isakmp_ph2begin_r(): failed to pre-process packet.
Feb 5 17:39:53 racoon: ERROR: isakmp_quick.c:1046:quick_r1recv(): failed to get sainfo. 
Feb 5 17:39:53 racoon: ERROR: isakmp_quick.c:1812:get_sainfo_r(): failed to get sainfo. 
Feb 5 17:39:53 racoon: INFO: isakmp.c:1059:isakmp_ph2begin_r(): respond new phase 2 negotiation:
212.12.135.51[0]<=>212.12.133.230[0] 
Feb 5 17:39:43 racoon: ERROR: isakmp.c:1073:isakmp_ph2begin_r(): failed to pre-process packet. 
Feb 5 17:39:43 racoon: ERROR: isakmp_quick.c:1046:quick_r1recv(): failed to get sainfo. 
Feb 5 17:39:43 racoon: ERROR: isakmp_quick.c:1812:get_sainfo_r(): failed to get sainfo. 
Feb 5 17:39:43 racoon: INFO: isakmp.c:1059:isakmp_ph2begin_r(): respond new phase 2 negotiation:
212.12.135.51[0]<=>212.12.133.230[0] 
Feb 5 17:39:33 racoon: ERROR: isakmp.c:1073:isakmp_ph2begin_r(): failed to pre-process packet. 
Feb 5 17:39:33 racoon: ERROR: isakmp_quick.c:1046:quick_r1recv(): failed to get sainfo. 
Feb 5 17:39:33 racoon: ERROR: isakmp_quick.c:1812:get_sainfo_r(): failed to get sainfo. 
Feb 5 17:39:33 racoon: INFO: isakmp.c:1059:isakmp_ph2begin_r(): respond new phase 2 negotiation:
212.12.135.51[0]<=>212.12.133.230[0] 
Feb 5 17:39:32 racoon: INFO: isakmp.c:2459:log_ph1established(): ISAKMP-SA established
212.12.135.51[500]-212.12.133.230[500] spi:b2596c894f2bd101:f8d6a5e9545263dc 
Feb 5 17:39:32 racoon: NOTIFY: oakley.c:2084:oakley_skeyid(): couldn't find the proper pskey, try to
get one by the peer's address. 
Feb 5 17:39:31 racoon: INFO: isakmp.c:909:isakmp_ph1begin_r(): begin Aggressive mode. 
Feb 5 17:39:31 racoon: INFO: isakmp.c:904:isakmp_ph1begin_r(): respond new phase 1 negotiation:
212.12.135.51[500]<=>212.12.133.230[500] 





KR> Sounds like hardware-layer to me. Either the physical
KR> network, or the on-board ethernet. My first suspect would be the
KR> m0n0 that is reporting the error. Can you put another ethernet
KR> card in that box and use that for LAN?
 
KR> Regards,
 
KR> -Keith

KR> ________________________________

KR> From: Kerem Erciyes [mailto:k underscore erciyes at zegnaermenegildo dot it]
KR> Sent: Fri 2/4/2005 5:27 AM
KR> To: m0n0wall at lists dot m0n0 dot ch
KR> Subject: [m0n0wall] pptp, stability and ipsec problems



KR> Hi Everbody,

KR> I have two m0n0wall servers with identical configuration:

KR> Via EPIA-V 10K 1 GHz Eden Motherboard
KR> 256 Mb SD RAM
KR> 64 MB USB 2.0 Flashdisk
KR> 1 Via Rhine Onboard Ethernet : LAN
KR> 1 Intel PRO100 Ethernet : WAN

KR> I have a few problems:

KR> 1. Sometimes PPTP Clients disconnect abruptly
KR> 2. Cannot setup the IPSec Tunnel although identical configurations
KR> tested and retested 15 times
KR> 3. One m0n0wall continously says vr0: rx packets lost
KR> 4. Have to restart both sometimes 2 times a day sometimes once a week

KR> Any opinions welcome...


KR> Kerem Erciyes (k underscore erciyes at zegnaermenegildo dot it)
KR> IT Sorumlusu
KR> ISMACO Amsterdam BV (+90 216 394 00 00)
KR> Ermenegildo Zegna Butik (+90 212 291 10 24)

KR> ----------------------------------------------
KR> This message is OpenPGP Signed and content and
KR> identity of the sender can be verified with a
KR> pulic PGP key of the sender. Public PGP key
KR> can be obtained upon request.