SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0004234: IPsec VPNs in Endian 2.5 unstable, stop passing data - MantisBT Endian Bugtracker
Endian Issue Tracker

Please see now our new Bugtracker system: JIRA

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0004234Endian FirewallNetwork related (VPN, uplinks)public2012-01-02 21:592012-02-03 13:51
Assigned Tolorenzo-endian 
PlatformOSOS Version
Product Version2.4.1 
Target VersionFixed in Version 
Summary0004234: IPsec VPNs in Endian 2.5 unstable, stop passing data
DescriptionI have upgraded an existing firewall (clean install & reconfigure) from Endian 2.4.1 to 2.5 and the IPsec VPNs keep stopping after a few minutes. Their status shows green and if I restart them data flow will resume for another while.
TagsNo tags attached.
Attached Filespng file icon ipsec-host-1.png [^] (61,016 bytes) 2012-01-10 09:12

png file icon ipsec-host-2.png [^] (48,729 bytes) 2012-01-10 09:12

png file icon IPSec VPN.PNG [^] (48,294 bytes) 2012-01-23 16:37

- Relationships

-  Notes
lorenzo-endian (manager)
2012-01-10 09:05

Hi Sota,

I tried to reproduce the problem in my virtual environment but I am not able to do it: the connection between my two hosts works without problem even after some hours.

I suspect the problem is related to the packet loss on the network between your hosts, but I need to verify it.

In the meanwhile, I attach the configuration I used on my systems... can you check if you did the same? If something differs, can you report it, please?

Thanks in advance!

christian-endian (administrator)
2012-01-17 09:00

Any news on this?
Sota (reporter)
2012-01-17 16:07

Sorry, I am away from the office until Thursday, I will look at it then. However, it cannot be packet loss on the network as this configuration worked with Endian 2.4.1. I will try to upload my config files later.
christian-endian (administrator)
2012-01-19 14:29

Thank you very much!
Sota (reporter)
2012-01-23 16:41

So I have had another attempt at this. The attached image shows one VPN to a remote Endian 2.4.1 box that says the link is Open but does not pass any traffic. This used to work when my firewall was 2.4.1. I am seeing a lot of errors for this connection:
Jan 23 16:19:57 pluto[21718] packet from initial Main Mode message received on xxx:500 but no connection has been authorized with policy=PSK. Perhaps an openswan <==> strongswan interoperability issue?
Some of the other links do work intermittently.

Others are reporting similar issues: [^]
Sota (reporter)
2012-02-01 14:48

Since I moved to 2.5.1 this problem has not recurred.
Sota (reporter)
2012-02-03 13:51

Still working OK, so consider it fixed.

- Issue History
Date Modified Username Field Change
2012-01-02 21:59 Sota New Issue
2012-01-05 08:46 christian-endian Status new => acknowledged
2012-01-10 09:05 lorenzo-endian Note Added: 0007612
2012-01-10 09:05 lorenzo-endian Assigned To => lorenzo-endian
2012-01-10 09:05 lorenzo-endian Status acknowledged => feedback
2012-01-10 09:12 lorenzo-endian File Added: ipsec-host-1.png
2012-01-10 09:12 lorenzo-endian File Added: ipsec-host-2.png
2012-01-17 09:00 christian-endian Note Added: 0007633
2012-01-17 16:07 Sota Note Added: 0007634
2012-01-19 14:29 christian-endian Note Added: 0007636
2012-01-23 16:37 Sota File Added: IPSec VPN.PNG
2012-01-23 16:41 Sota Note Added: 0007644
2012-02-01 14:48 Sota Note Added: 0007685
2012-02-03 13:51 Sota Note Added: 0007693
2012-02-03 13:51 Sota Status feedback => resolved
2012-02-03 13:51 Sota Resolution open => fixed

Copyright © 2005-2008 Endian, SRL. All rights reserved.

Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker