SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264
|Anonymous | Login||2020-10-25 13:23 UTC|
|Main | My View | View Issues | Change Log | Roadmap|
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0004234||Endian Firewall||Network related (VPN, uplinks)||public||2012-01-02 21:59||2012-02-03 13:51|
|Target Version||Fixed in Version|
|Summary||0004234: IPsec VPNs in Endian 2.5 unstable, stop passing data|
|Description||I have upgraded an existing firewall (clean install & reconfigure) from Endian 2.4.1 to 2.5 and the IPsec VPNs keep stopping after a few minutes. Their status shows green and if I restart them data flow will resume for another while.|
|Tags||No tags attached.|
|Attached Files|| ipsec-host-1.png [^] (61,016 bytes) 2012-01-10 09:12
ipsec-host-2.png [^] (48,729 bytes) 2012-01-10 09:12
IPSec VPN.PNG [^] (48,294 bytes) 2012-01-23 16:37
I tried to reproduce the problem in my virtual environment but I am not able to do it: the connection between my two hosts works without problem even after some hours.
I suspect the problem is related to the packet loss on the network between your hosts, but I need to verify it.
In the meanwhile, I attach the configuration I used on my systems... can you check if you did the same? If something differs, can you report it, please?
Thanks in advance!
|Any news on this?|
|Sorry, I am away from the office until Thursday, I will look at it then. However, it cannot be packet loss on the network as this configuration worked with Endian 2.4.1. I will try to upload my config files later.|
|Thank you very much!|
So I have had another attempt at this. The attached image shows one VPN to a remote Endian 2.4.1 box that says the link is Open but does not pass any traffic. This used to work when my firewall was 2.4.1. I am seeing a lot of errors for this connection:
Jan 23 16:19:57 pluto packet from 137.191.xxx.xxx:500: initial Main Mode message received on 89.101.xxx xxx:500 but no connection has been authorized with policy=PSK. Perhaps an openswan <==> strongswan interoperability issue?
Some of the other links do work intermittently.
Others are reporting similar issues:
|Since I moved to 2.5.1 this problem has not recurred.|
|Still working OK, so consider it fixed.|
|2012-01-02 21:59||Sota||New Issue|
|2012-01-05 08:46||christian-endian||Status||new => acknowledged|
|2012-01-10 09:05||lorenzo-endian||Note Added: 0007612|
|2012-01-10 09:05||lorenzo-endian||Assigned To||=> lorenzo-endian|
|2012-01-10 09:05||lorenzo-endian||Status||acknowledged => feedback|
|2012-01-10 09:12||lorenzo-endian||File Added: ipsec-host-1.png|
|2012-01-10 09:12||lorenzo-endian||File Added: ipsec-host-2.png|
|2012-01-17 09:00||christian-endian||Note Added: 0007633|
|2012-01-17 16:07||Sota||Note Added: 0007634|
|2012-01-19 14:29||christian-endian||Note Added: 0007636|
|2012-01-23 16:37||Sota||File Added: IPSec VPN.PNG|
|2012-01-23 16:41||Sota||Note Added: 0007644|
|2012-02-01 14:48||Sota||Note Added: 0007685|
|2012-02-03 13:51||Sota||Note Added: 0007693|
|2012-02-03 13:51||Sota||Status||feedback => resolved|
|2012-02-03 13:51||Sota||Resolution||open => fixed|
|Copyright © 2000 - 2012 MantisBT Group|