[vpn-help] Random disconnects

Zweerde, Marcel van de mvandezweerde at Alescon.nl
Thu Mar 28 17:06:28 CDT 2013 

Hello,

After changing to client version 2.2.0 rc1(Netgear router support and
without the new algo's) and lowering the clients phase 1&2 lifetimes so
that the client renews before the Netscreen does the connection is
pretty stable but there are still some disconnects:

If anyone has an idea....thanks for your time!

The latest logged disconnect:

Remote client ip	: 192.168.2.106 (virtualXP on win7)
Netscreen		: 1.2.3.4 (well, something like that.)
Ip pool			: 192.168.253

-snip-
13/03/28 20:11:32 -> : send NAT-T:IKE packet 192.168.2.106:4500 ->
1.2.3.4:4500 ( 124 bytes )
13/03/28 20:11:32 ii : DPD ARE-YOU-THERE sequence 332b8556 requested
13/03/28 20:11:32 <- : recv NAT-T:IKE packet 1.2.3.4:4500 ->
192.168.2.106:4500 ( 92 bytes )
13/03/28 20:11:32 DB : phase1 found
13/03/28 20:11:32 ii : processing informational packet ( 92 bytes )
13/03/28 20:11:32 == : new informational iv ( 16 bytes )
13/03/28 20:11:32 =< : cookies 1e8058afeadeebec:ca7cd6a5585003b7
13/03/28 20:11:32 =< : message 0e8fb8d3
13/03/28 20:11:32 =< : decrypt iv ( 16 bytes )
13/03/28 20:11:32 == : decrypt packet ( 92 bytes )
13/03/28 20:11:32 <= : trimmed packet padding ( 12 bytes )
13/03/28 20:11:32 <= : stored iv ( 16 bytes )
13/03/28 20:11:32 << : hash payload
13/03/28 20:11:32 << : notification payload
13/03/28 20:11:32 == : informational hash_i ( computed ) ( 16 bytes )
13/03/28 20:11:32 == : informational hash_c ( received ) ( 16 bytes )
13/03/28 20:11:32 ii : informational hash verified
13/03/28 20:11:32 ii : received peer DPDV1-R-U-THERE-ACK notification
13/03/28 20:11:32 ii : - 1.2.3.4:4500 -> 192.168.2.106:4500
13/03/28 20:11:32 ii : - isakmp spi = 1e8058afeadeebec:ca7cd6a5585003b7
13/03/28 20:11:32 ii : - data size 4
13/03/28 20:11:32 ii : DPD ARE-YOU-THERE-ACK sequence 332b8556 accepted
13/03/28 20:11:32 ii : next tunnel DPD request in 15 secs for peer
1.2.3.4:4500
13/03/28 20:11:46 DB : phase1 found
13/03/28 20:11:46 -> : send NAT-T:KEEP-ALIVE packet 192.168.2.106:4500
-> 1.2.3.4:4500
13/03/28 20:11:46 !! : get_vfwd - failed to obtain valid route ( dest
1.2.3.4 )
13/03/28 20:11:46 !! : no arp entry for dst : 1.2.3.4
13/03/28 20:11:47 DB : phase1 found
13/03/28 20:11:47 ii : sending peer DPDV1-R-U-THERE notification
13/03/28 20:11:47 ii : - 192.168.2.106:4500 -> 1.2.3.4:4500
13/03/28 20:11:47 ii : - isakmp spi = 1e8058afeadeebec:ca7cd6a5585003b7
13/03/28 20:11:47 ii : - data size 4
13/03/28 20:11:47 >> : hash payload
13/03/28 20:11:47 >> : notification payload
13/03/28 20:11:47 == : new informational hash ( 16 bytes )
13/03/28 20:11:47 == : new informational iv ( 16 bytes )
13/03/28 20:11:47 >= : cookies 1e8058afeadeebec:ca7cd6a5585003b7
13/03/28 20:11:47 >= : message 116ccc5a
13/03/28 20:11:47 >= : encrypt iv ( 16 bytes )
13/03/28 20:11:47 == : encrypt packet ( 80 bytes )
13/03/28 20:11:47 == : stored iv ( 16 bytes )
13/03/28 20:11:47 -> : send NAT-T:IKE packet 192.168.2.106:4500 ->
1.2.3.4:4500 ( 124 bytes )
13/03/28 20:11:47 !! : get_vfwd - failed to obtain valid route ( dest
1.2.3.4 )
13/03/28 20:11:47 !! : no arp entry for dst : 1.2.3.4
13/03/28 20:11:47 ii : DPD ARE-YOU-THERE sequence 332b8557 requested
13/03/28 20:11:47 DB : phase1 soft event canceled ( ref count = 3 )
13/03/28 20:11:47 DB : phase1 hard event canceled ( ref count = 2 )
13/03/28 20:11:47 DB : phase1 dead event canceled ( ref count = 1 )
13/03/28 20:11:47 ii : sending peer DELETE message
13/03/28 20:11:47 ii : - 192.168.2.106:4500 -> 1.2.3.4:4500
13/03/28 20:11:47 ii : - isakmp spi = 1e8058afeadeebec:ca7cd6a5585003b7
13/03/28 20:11:47 ii : - data size 0
13/03/28 20:11:47 >> : hash payload
13/03/28 20:11:47 >> : delete payload
13/03/28 20:11:47 == : new informational hash ( 16 bytes )
13/03/28 20:11:47 == : new informational iv ( 16 bytes )
13/03/28 20:11:47 >= : cookies 1e8058afeadeebec:ca7cd6a5585003b7
13/03/28 20:11:47 >= : message 7254ea5c
13/03/28 20:11:47 >= : encrypt iv ( 16 bytes )
13/03/28 20:11:47 == : encrypt packet ( 76 bytes )
13/03/28 20:11:47 == : stored iv ( 16 bytes )
13/03/28 20:11:47 -> : send NAT-T:IKE packet 192.168.2.106:4500 ->
1.2.3.4:4500 ( 108 bytes )
13/03/28 20:11:47 !! : get_vfwd - failed to obtain valid route ( dest
1.2.3.4 )
13/03/28 20:11:47 !! : no arp entry for dst : 1.2.3.4
13/03/28 20:11:47 DB : config deleted ( obj count = 0 )
13/03/28 20:11:47 ii : phase1 removal before expire time
13/03/28 20:11:47 DB : phase1 deleted ( obj count = 0 )
13/03/28 20:11:47 DB : policy found
13/03/28 20:11:47 ii : removing IPSEC INBOUND policy ANY:172.16.1.0/24:*
-> ANY:192.168.253.122:*
13/03/28 20:11:47 K> : send pfkey X_SPDDELETE2 UNSPEC message
13/03/28 20:11:47 K< : recv pfkey X_SPDDELETE2 UNSPEC message
13/03/28 20:11:47 DB : policy found
13/03/28 20:11:47 ii : removing IPSEC OUTBOUND policy
ANY:192.168.253.122:* -> ANY:172.16.1.0/24:*
13/03/28 20:11:47 K> : send pfkey X_SPDDELETE2 UNSPEC message
13/03/28 20:11:47 ii : removed IPSEC policy route for
ANY:172.16.1.0/24:*
13/03/28 20:11:47 DB : policy found
13/03/28 20:11:47 ii : removing NONE INBOUND policy ANY:1.2.3.4:* ->
ANY:192.168.2.106:*
13/03/28 20:11:47 K> : send pfkey X_SPDDELETE2 UNSPEC message
13/03/28 20:11:47 DB : policy found
13/03/28 20:11:47 ii : removing NONE OUTBOUND policy ANY:192.168.2.106:*
-> ANY:1.2.3.4:*
13/03/28 20:11:47 K> : send pfkey X_SPDDELETE2 UNSPEC message
13/03/28 20:11:47 !! : failed to remove NONE policy route for
ANY:1.2.3.4:*
13/03/28 20:11:47 DB : policy found
13/03/28 20:11:47 DB : policy deleted ( obj count = 9 )
13/03/28 20:11:47 K< : recv pfkey X_SPDDELETE2 UNSPEC message
13/03/28 20:11:47 DB : policy found
13/03/28 20:11:47 DB : policy deleted ( obj count = 8 )
13/03/28 20:11:47 K< : recv pfkey X_SPDDELETE2 UNSPEC message
13/03/28 20:11:47 DB : policy found
13/03/28 20:11:47 DB : policy deleted ( obj count = 7 )
13/03/28 20:11:47 K< : recv pfkey X_SPDDELETE2 UNSPEC message
13/03/28 20:11:47 DB : policy found
13/03/28 20:11:47 DB : policy deleted ( obj count = 6 )
13/03/28 20:11:47 ii : disable adapter ROOT\VNET\0000
13/03/28 20:11:47 DB : tunnel dpd event canceled ( ref count = 4 )
13/03/28 20:11:47 DB : tunnel natt event canceled ( ref count = 3 )
13/03/28 20:11:47 DB : tunnel stats event canceled ( ref count = 2 )
13/03/28 20:11:47 DB : removing tunnel config references
13/03/28 20:11:47 DB : removing tunnel phase2 references
13/03/28 20:11:47 DB : phase2 soft event canceled ( ref count = 2 )
13/03/28 20:11:47 DB : phase2 hard event canceled ( ref count = 1 )
13/03/28 20:11:47 DB : phase1 not found
13/03/28 20:11:47 K> : send pfkey DELETE ESP message
13/03/28 20:11:47 K> : send pfkey DELETE ESP message
13/03/28 20:11:47 ii : phase2 removal before expire time
13/03/28 20:11:47 DB : phase2 deleted ( obj count = 0 )
13/03/28 20:11:47 DB : removing tunnel phase1 references
13/03/28 20:11:47 DB : tunnel deleted ( obj count = 0 )
13/03/28 20:11:47 DB : removing all peer tunnel references
13/03/28 20:11:47 DB : peer deleted ( obj count = 0 )
13/03/28 20:11:47 ii : ipc client process thread exit ...
13/03/28 20:11:47 K< : recv pfkey DELETE ESP message
13/03/28 20:11:47 K< : recv pfkey DELETE ESP message
-snip-

More information about the vpn-help mailing list