[ previous ] [ next ] [ threads ]
 
 From:  "Kyle Anderson" <kyle at tcspdx dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  vpn problems
 Date:  Mon, 11 Apr 2005 19:08:06 -0700
I have set up the mobile vpn part of the Monowall and I have
intermittent connectivity problems (multiple times per day).  When I
reset the Monowall the connection is able to initialize just fine.  Here
is what I see in my System Log:

racoon: INFO: pfkey.c:1466:pk_recvexpire(): IPsec-SA expired: ESP/Tunnel

Here are the parameters of my vpn connection:
Phase 1
3DES-MD5
Lifefime=blank

Phase2
ESP
3DES-MD5
PFS=off
Lifetime=blank

Under Diagnostics-IPSEC-SAD I see four identical tunnels from Same IP
address and different SPI numbers

When I am connected I see intermittent packet loss 

When I am in this state of disconnect and I try to ping the "other" side
of the tunnel I get the following as a response (on the Monowall):
Outside Lan IP address (192.168.60.1) from my Monowall (Lan IP is
10.120.254.1) I get the following output:

36 bytes from m0n0wall.whco.local (10.120.254.1): Redirect Host(New
addr: 10.120.254.1)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 fa31   0 0000  02  01 b954 10.120.254.1  192.168.60.1
36 bytes from m0n0wall.whco.local (10.120.254.1): Time to live exceeded
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 5400 fa31   0 0000  01  01 ba54 10.120.254.1  192.168.60.1

As a side note I replace a Sonicwall SOHO2 with this Soekris/Monowall
setup because I was experiencing this problem on the Sonicwall,
obviously it did not solve the problem.  Thanks for the suggestions in
advance.

Kyle Anderson