Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: vpnc: devel

vpnc drops connection after 10 seconds

  

 
vpnc devel RSS feed   Index | Next | Previous | View Threaded


farjumper at mail

Apr 11, 2008, 10:50 PM

Post #1 of 7 (470 views)
Permalink
vpnc drops connection after 10 seconds
Hi, all

I have problem with latest vpnc version. Version 0.5.1 everytime drops connection after ~10 seconds of succesfull work. 0.3.2 version works stable.
Option '--dpd-idle 0' doesn't solve the problem for me.

In syslog:

vpnc[1234]: connection terminated by peer

In --debug 3 logs are found that:

"got isakmp-delete, terminating..."

(see also: https://bugs.launchpad.net/ubuntu/+source/vpnc/+bug/96427)
_______________________________________________
vpnc-devel mailing list
vpnc-devel[at]unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/


jmvpnc at loplof

Jun 10, 2008, 6:28 PM

Post #2 of 7 (263 views)
Permalink
Re: vpnc drops connection after 10 seconds [In reply to]
On Sat, Apr 12, 2008 at 09:50:51AM +0400, Vladimir Buell wrote:
> I have problem with latest vpnc version. Version 0.5.1 everytime drops connection after ~10 seconds of succesfull work. 0.3.2 version works stable.
> Option '--dpd-idle 0' doesn't solve the problem for me.
>
> In syslog:
>
> vpnc[1234]: connection terminated by peer
>
> In --debug 3 logs are found that:
>
> "got isakmp-delete, terminating..."
>
> (see also: https://bugs.launchpad.net/ubuntu/+source/vpnc/+bug/96427)

I just committed a patch by Johann Fischer that might fix the problem.
Can you please test svn head (at least rev 289).

Thanks!
Joerg
--
Joerg Mayer <jmayer[at]loplof.de>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
_______________________________________________
vpnc-devel mailing list
vpnc-devel[at]unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/


vbuell at gmail

Jun 23, 2008, 9:37 PM

Post #3 of 7 (220 views)
Permalink
Re: vpnc drops connection after 10 seconds [In reply to]
Hi Joerg

Unfortunately it still doesn't work :(

PS: The problem occurs not only for me: several eployees in the
company have the same issues... So I can send you even 3 different
logs.

On Wed, Jun 11, 2008 at 4:28 AM, Joerg Mayer <jmvpnc[at]loplof.de> wrote:
> On Sat, Apr 12, 2008 at 09:50:51AM +0400, Vladimir Buell wrote:
>> I have problem with latest vpnc version. Version 0.5.1 everytime drops connection after ~10 seconds of succesfull work. 0.3.2 version works stable.
>> Option '--dpd-idle 0' doesn't solve the problem for me.
>>
>> In syslog:
>>
>> vpnc[1234]: connection terminated by peer
>>
>> In --debug 3 logs are found that:
>>
>> "got isakmp-delete, terminating..."
>>
>> (see also: https://bugs.launchpad.net/ubuntu/+source/vpnc/+bug/96427)
>
> I just committed a patch by Johann Fischer that might fix the problem.
> Can you please test svn head (at least rev 289).
>
> Thanks!
> Joerg
> --
> Joerg Mayer <jmayer[at]loplof.de>
> We are stuck with technology when what we really want is just stuff that
> works. Some say that should read Microsoft instead of technology.
>
>



--
Thanks,
Volodymyr
_______________________________________________
vpnc-devel mailing list
vpnc-devel[at]unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/


farjumper at mail

Jun 23, 2008, 9:44 PM

Post #4 of 7 (224 views)
Permalink
Re: vpnc drops connection after 10 seconds [In reply to]
> On Sat, Apr 12, 2008 at 09:50:51AM +0400, Vladimir Buell wrote:
> > I have problem with latest vpnc version. Version 0.5.1 everytime drops connection after ~10 seconds of succesfull work. 0.3.2 version works stable.
> > Option '--dpd-idle 0' doesn't solve the problem for me.
> >
> > In syslog:
> >
> > vpnc[1234]: connection terminated by peer
> >
> > In --debug 3 logs are found that:
> >
> > "got isakmp-delete, terminating..."
> >
> > (see also: https://bugs.launchpad.net/ubuntu/+source/vpnc/+bug/96427)
>
> I just committed a patch by Johann Fischer that might fix the problem.
> Can you please test svn head (at least rev 289).

Unfortunately it still doesn't work :(

PS: The problem occurs not only for me: several eployees in the
company have the same issues... So I can send you even 3 different
logs.


--
Thanks,
Volodymyr

_______________________________________________
vpnc-devel mailing list
vpnc-devel[at]unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/


jmvpnc at loplof

Jun 23, 2008, 10:26 PM

Post #5 of 7 (224 views)
Permalink
Re: vpnc drops connection after 10 seconds [In reply to]
Hello Volodymyr,

On Tue, Jun 24, 2008 at 07:37:52AM +0300, Volodymyr Buell wrote:
> Unfortunately it still doesn't work :(
>
> PS: The problem occurs not only for me: several eployees in the
> company have the same issues... So I can send you even 3 different
> logs.

> > On Sat, Apr 12, 2008 at 09:50:51AM +0400, Vladimir Buell wrote:
> >> I have problem with latest vpnc version. Version 0.5.1 everytime drops connection after ~10 seconds of succesfull work. 0.3.2 version works stable.
> >> Option '--dpd-idle 0' doesn't solve the problem for me.
> >>
> >> In syslog:
> >>
> >> vpnc[1234]: connection terminated by peer
> >>
> >> In --debug 3 logs are found that:
> >>
> >> "got isakmp-delete, terminating..."
> >>
> >> (see also: https://bugs.launchpad.net/ubuntu/+source/vpnc/+bug/96427)

OK, so just to summarize:
- you still have the problem with newest sources
- and with --dpd-idle 0
- after about 10 seconds (really seconds and not minutes?)

If so, please send me a log with "--debug 3 --no-detach" via personal mail.

Thanks
Joerg
--
Joerg Mayer <jmayer[at]loplof.de>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
_______________________________________________
vpnc-devel mailing list
vpnc-devel[at]unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/


jmvpnc at loplof

Jun 24, 2008, 10:13 AM

Post #6 of 7 (220 views)
Permalink
Re: vpnc drops connection after 10 seconds [In reply to]
On Tue, Jun 24, 2008 at 03:03:00PM +0300, Volodymyr Buell wrote:
> lifetime status: 1214307143 of 28800 seconds used, 1|1 of 0 kbytes used
> received something on ike fd..
> got late ike paket: 68 bytes
> BEGIN_PARSE
[...]
> PARSING PAYLOAD type: 0c (ISAKMP_PAYLOAD_D)
> next_type: 00 (ISAKMP_PAYLOAD_NONE)
> length: 0010
> d.doi: 00000001 (ISAKMP_DOI_IPSEC)
> d.protocol: 03 (ISAKMP_IPSEC_PROTO_IPSEC_ESP)
> d.spi_length: 04
> d.num_spi: 0001
> d.spi: 6b2c8bb5
> DONE PARSING PAYLOAD type: 0c (ISAKMP_PAYLOAD_D)

OK, looks like the same problem that was reported before and where I sent a
patch for testing but haven't received an answer yet.
The problem seems to be that the other side expects us to do active rekeying
(i.e. they send a delete payload for the ipsec spi and expect *our* side to
initiate the rekeying). So far we only support passive rekeying (we wait for
the other side to initiate ipsec rekeying).

Please update the sources to current svn head, apply the attached patch on
top of that, compile, test and report back :-)

Thanks!
Joerg
--
Joerg Mayer <jmayer[at]loplof.de>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
_______________________________________________
vpnc-devel mailing list
vpnc-devel[at]unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/


jmvpnc at loplof

Jun 24, 2008, 10:39 AM

Post #7 of 7 (222 views)
Permalink
Re: vpnc drops connection after 10 seconds [In reply to]
Forgot the attachment...
:
On Tue, Jun 24, 2008 at 07:13:04PM +0200, Joerg Mayer wrote:
> On Tue, Jun 24, 2008 at 03:03:00PM +0300, Volodymyr Buell wrote:
> > lifetime status: 1214307143 of 28800 seconds used, 1|1 of 0 kbytes used
> > received something on ike fd..
> > got late ike paket: 68 bytes
> > BEGIN_PARSE
> [...]
> > PARSING PAYLOAD type: 0c (ISAKMP_PAYLOAD_D)
> > next_type: 00 (ISAKMP_PAYLOAD_NONE)
> > length: 0010
> > d.doi: 00000001 (ISAKMP_DOI_IPSEC)
> > d.protocol: 03 (ISAKMP_IPSEC_PROTO_IPSEC_ESP)
> > d.spi_length: 04
> > d.num_spi: 0001
> > d.spi: 6b2c8bb5
> > DONE PARSING PAYLOAD type: 0c (ISAKMP_PAYLOAD_D)
>
> OK, looks like the same problem that was reported before and where I sent a
> patch for testing but haven't received an answer yet.
> The problem seems to be that the other side expects us to do active rekeying
> (i.e. they send a delete payload for the ipsec spi and expect *our* side to
> initiate the rekeying). So far we only support passive rekeying (we wait for
> the other side to initiate ipsec rekeying).
>
> Please update the sources to current svn head, apply the attached patch on
> top of that, compile, test and report back :-)


--
Joerg Mayer <jmayer[at]loplof.de>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
Attachments: vpnc-active-rekey.diff (0.78 KB)

vpnc devel RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.