[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: VPN dropping connections

To: Generic Player <genericplayer2@home.com>
Subject: Re: VPN dropping connections
From: Hakan Olsson <ho@crt.se>
Date: Mon, 3 Sep 2001 02:46:04 +0200 (MET DST)
Cc: <misc@openbsd.org>

Hi.

You configuration files seem ok, at a glance.

Is there a pattern to when things fail? Do the VPN "stay down", or does it
get renegotiated and activated again after a few minutes?

As you are running the VPN using 'Default' as the phase 1 "peer", isakmpd
itself does not know to which host to initiate a negotiation, it can only
respond to requests. In effect, this means the responsibility of "keeping
the VPN up" lies on the other peer.

You may want to change 'Connections=' to 'Passive-Connections=' in
the [Phase 2] section for this reason. Even though I don't think so, it
may help things.

There are some additional steps that can be useful in tracking down the
problem:

 - by sending a SIGUSR1 signal to the daemon, it will generate a report
   file containing isakmpd current state. It's possibly something may be
   found here.

 - Since 2.9, isakmpd can log IKE packets unencrypted. Use the -L flag
   when starting the daemon to activate this feature. Use a command such
   as 'tcpdump -nvs1400 -r /var/run/isakmpd.pcap' to read the captured
   data.

 - Turning on debugging. (This generates a lot of output.)

/H

On Sun, 2 Sep 2001, Generic Player wrote:

> I seem to be having an issue with my VPN.  I am using 2.9 current as of
> the beginning of august, but I had the same problem with 2.9 release and
> a couple 2.8 snapshots.  Everything will be fine, and then all of a
> sudden I'll just lose connectivity through the VPN for no apparent
> reason, ipsakmpd is still running fine, there's nothing logged anywhere,
> it just stops working, I can't ping anything on the other side.  The
> other side of the VPN is currently freeswan, but used to be openbsd, and
> the other side also had this issue before it got moved to freeswan.  I'm
> not really that knowledgable about IPSec, what all do I need to provide
> for someone to be able to guess at what I am doing wrong?  Here's my
> isakmpd.policy and .conf if there's anything else I need to supply, let
> me know.
>
...

--
Håkan Olsson <ho@crt.se>        (+46) 708 437 337     Carlstedt Research
Unix, Networking, Security      (+46) 31 701 4264        & Technology AB

References:
- VPN dropping connections
  - From: "Generic Player" <genericplayer2@home.com>

Prev by Date: Going from DHCP to hard-coded values
Next by Date: Re: FAQ 12.2 missing
Prev by thread: VPN dropping connections
Next by thread: panic: trap from apm0 in DECpc LPv+ 486DX2
Index(es):
- Date
- Thread