[ previous ] [ next ] [ threads ]
 From:  gramels <gramels at gmail dot com>
 To:  Monowall Mailing List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  IPSEC tunnel drops after a while
 Date:  Thu, 30 Jun 2005 10:33:05 +0200

I try to solve this now since half a year ant treid all m0n0 versions
in between and slowly get cluelsee.

I have two m0n0s based on WRAPs connected, where one is on a dynamic
IP and one is fixed.

after a while the tunnel drops and the log gets filled with

Jun 30 10:23:17 wall racoon: ERROR:
proposal.c:968:set_proposal_from_policy(): not supported nested SA.
Jun 30 10:23:17 wall racoon: ERROR:
isakmp_quick.c:2072:get_proposal_r(): failed to create saprop.
Jun 30 10:23:17 wall racoon: ERROR:
isakmp_quick.c:1071:quick_r1recv(): failed to get proposal for
Jun 30 10:23:17 wall racoon: ERROR: isakmp.c:1073:isakmp_ph2begin_r():
failed to pre-process packet.
Jun 30 10:23:27 wall racoon: INFO: isakmp.c:1059:isakmp_ph2begin_r():
respond new phase 2 negotiation:[0]<=>[0]

It seemde to be better with the m0n0 versions with bsd 5.3 and getting
worse with the most current ones.

I played around with the lifetime, with the advanced feature "Prefer
old IPsec SAs" but does not seem to help.

To fix it it seems some time to be sufficient to restart ipsec on the
dynamic mono but usually I have to delete all SAP and SPD and the
restart IPSEC on the remote mono.

Any ideas to fix that situation?