[ previous ] [ next ] [ threads ]
 
 From:  Andreas Ferrari <aferrari at stasoft dot ch>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  IPSEC SA problems after upgrade to 1.23
 Date:  Thu, 15 Mar 2007 09:23:33 +0100 
Hi

After upgrading to 1.23 we have some strange problems.
When I have a tunnel to a site and reconecting after some minutes by
example 30 or 20 it takes some time before the connection is established.
Even if there is a tunnel and SA's on both side... I don't want to wait
nearly a minute before I get loged in:-(
Sometimes i have to try it some times again before it works

Mar 14 15:39:10 gwx01 racoon: INFO: respond new phase 2 negotiation:
x.x.x.x[0]<=>x.x.x.x[0]
Mar 14 15:39:10 gwx01 racoon: INFO: IPsec-SA expired: ESP/Tunnel
x.x.x.x[0]<=>x.x.x.x[0] spi=60069051(0x39494bb)
Mar 14 15:39:10 gwx01 racoon: INFO: IPsec-SA expired: ESP/Tunnel
x.x.x.x[0]<=>x.x.x.x[0] spi=200337140(0xbf0e6f4)
Mar 14 15:39:11 gwx01 racoon: INFO: IPsec-SA established: ESP/Tunnel
x.x.x.x[0]<=>x.x.x.x[0] spi=50737685(0x3063215)
Mar 14 15:39:11 gwx01 racoon: INFO: IPsec-SA established: ESP/Tunnel
x.x.x.x[0]<=>x.x.x.x[0] spi=46775185(0x2c9bb91)

And after some time

Mar 14 15:40:34 gwx01 racoon: ERROR: couldn't find configuration.

after some more time: INFO: respond new phase 2 negotiation

and again racoon: ERROR: couldn't find configuration


And this morning try to establish a connection and then I get this from 
the log:

Mar 15 08:46:42 gwx01 racoon: ERROR: couldn't find configuration.
Mar 15 08:47:16 gwx01 last message repeated 2 times
Mar 15 08:48:02 gwx01 racoon: INFO: IPsec-SA request for x.x.x.x queued
due to no phase1 found.
Mar 15 08:48:02 gwx01 racoon: INFO: initiate new phase 1 negotiation: 
x.x.x.x[500]<=>x.x.x.x[500]
Mar 15 08:48:02 gwx01 racoon: INFO: begin Identity Protection mode.
Mar 15 08:48:02 gwx01 racoon: INFO: received Vendor ID: DPD
Mar 15 08:48:04 gwx01 racoon: INFO: ISAKMP-SA established x.x.x.x[500]-2
12.55.208.50[500] spi:b14a43cbdc2dde46:df0c1d60e9ce8aa9
Mar 15 08:48:04 gwx01 racoon: INFO: initiate new phase 2 negotiation: 
x.x.x.x[0]<=>x.x.x.x[0]
Mar 15 08:48:05 gwx01 racoon: INFO: IPsec-SA established: ESP/Tunnel 
x.x.x.x[0]->x.x.x.x[0] spi=120929531(0x7353cfb)
Mar 15 08:48:05 gwx01 racoon: INFO: IPsec-SA established: ESP/Tunnel 
x.x.x.x[0]->x.x.x.x[0] spi=242851949(0xe79a06d)

this looks god but the following not

Mar 15 08:49:43 gwx01 racoon: ERROR: couldn't find configuration.
Mar 15 08:50:16 gwx01 last message repeated 2 times

nearly a minute later i get loged in....

We didnt had such problems with earlier releases, don't know where to 
start searching for a solution

regards

Andreas