mr-vpnc at webdeck
Dec 18, 2008, 7:27 PM
Post #2 of 6
(1396 views)
Permalink
|
|
Re: Regular phase2_fatal error every 57minutes and 40 seconds
[In reply to]
|
|
I'm seeing that same error message, but at random times during my
connection, not consistently like you are seeing it, sometimes it
happens hours after I started vpnc - I haven't been able to run more
than about 8 hours consistently without it erroring out. In contrast,
the Cisco VPN client has been able to run for months without
interruption. I'm running 0.5.3 on Mac OS X 10.5.5, connecting to a
Cisco device (I don't know the specifics...) Here is what I see -
this time it happened right around rekeying, it looks like:
lifetime status: 27350 of 28800 seconds used, 9994|1403 of 0 kbytes
used
lifetime status: 27359 of 28800 seconds used, 9994|1403 of 0 kbytes
used
lifetime status: 27359 of 28800 seconds used, 9994|1403 of 0 kbytes
used
got late ike paket: 348 bytes
got paket with wrong cookies
lifetime status: 27359 of 28800 seconds used, 9994|1403 of 0 kbytes
used
got late ike paket: 148 bytes
got ipsec lifetime attributes: 28800 seconds
lifetime status: 4 of 28800 seconds used, 0|0 of 0 kbytes used
lifetime status: 4 of 28800 seconds used, 0|0 of 0 kbytes used
lifetime status: 4 of 28800 seconds used, 0|0 of 0 kbytes used
lifetime status: 4 of 28800 seconds used, 0|0 of 0 kbytes used
lifetime status: 4 of 28800 seconds used, 0|0 of 0 kbytes used
lifetime status: 4 of 28800 seconds used, 0|0 of 0 kbytes used
lifetime status: 4 of 28800 seconds used, 1|0 of 0 kbytes used
lifetime status: 4 of 28800 seconds used, 2|0 of 0 kbytes used
lifetime status: 4 of 28800 seconds used, 2|0 of 0 kbytes used
lifetime status: 4 of 28800 seconds used, 2|0 of 0 kbytes used
lifetime status: 4 of 28800 seconds used, 4|0 of 0 kbytes used
lifetime status: 4 of 28800 seconds used, 4|0 of 0 kbytes used
lifetime status: 4 of 28800 seconds used, 5|0 of 0 kbytes used
lifetime status: 4 of 28800 seconds used, 5|0 of 0 kbytes used
lifetime status: 4 of 28800 seconds used, 7|0 of 0 kbytes used
lifetime status: 4 of 28800 seconds used, 7|0 of 0 kbytes used
lifetime status: 4 of 28800 seconds used, 8|0 of 0 kbytes used
lifetime status: 4 of 28800 seconds used, 8|0 of 0 kbytes used
lifetime status: 4 of 28800 seconds used, 9|0 of 0 kbytes used
lifetime status: 4 of 28800 seconds used, 11|0 of 0 kbytes used
lifetime status: 4 of 28800 seconds used, 11|0 of 0 kbytes used
lifetime status: 4 of 28800 seconds used, 11|0 of 0 kbytes used
lifetime status: 4 of 28800 seconds used, 12|0 of 0 kbytes used
lifetime status: 4 of 28800 seconds used, 12|0 of 0 kbytes used
lifetime status: 4 of 28800 seconds used, 13|0 of 0 kbytes used
lifetime status: 4 of 28800 seconds used, 13|0 of 0 kbytes used
lifetime status: 4 of 28800 seconds used, 15|0 of 0 kbytes used
lifetime status: 4 of 28800 seconds used, 15|0 of 0 kbytes used
lifetime status: 4 of 28800 seconds used, 15|0 of 0 kbytes used
lifetime status: 4 of 28800 seconds used, 15|0 of 0 kbytes used
lifetime status: 4 of 28800 seconds used, 15|0 of 0 kbytes used
lifetime status: 8 of 28800 seconds used, 15|0 of 0 kbytes used
got late ike paket: 348 bytes
got paket with wrong cookies
lifetime status: 9 of 28800 seconds used, 15|0 of 0 kbytes used
lifetime status: 16 of 28800 seconds used, 15|0 of 0 kbytes used
got late ike paket: 348 bytes
got paket with wrong cookies
lifetime status: 18 of 28800 seconds used, 15|0 of 0 kbytes used
lifetime status: 24 of 28800 seconds used, 15|0 of 0 kbytes used
got late ike paket: 348 bytes
got paket with wrong cookies
lifetime status: 27 of 28800 seconds used, 15|0 of 0 kbytes used
lifetime status: 37 of 28800 seconds used, 15|0 of 0 kbytes used
lifetime status: 37 of 28800 seconds used, 15|0 of 0 kbytes used
got late ike paket: 68 bytes
S7.1 QM_packet1
[2008-12-18 12:26:58]
S7.2 QM_packet2 send_receive
[2008-12-18 12:26:58]
S7.3 QM_packet2 validate type
[2008-12-18 12:26:58]
S7.4 process and skip lifetime notice
[2008-12-18 12:26:58]
S7.5 QM_packet2 check reject offer
[2008-12-18 12:26:58]
---!!!!!!!!! entering phase2_fatal !!!!!!!!!---
quick mode response rejected: (ISAKMP_N_INVALID_PAYLOAD_TYPE)(1)
this means the concentrator did not like what we had to offer.
Possible reasons are:
* concentrator configured to require a firewall
this locks out even Cisco clients on any platform expect windows
which is an obvious security improvment. There is no workaround
(yet).
* concentrator configured to require IP compression
this is not yet supported by vpnc.
Note: the Cisco Concentrator Documentation recommends against using
compression, expect on low-bandwith (read: ISDN) links, because it
uses much CPU-resources on the concentrator
On Dec 18, 2008, at 9:04 AM, Michael Thomson wrote:
> Hi,
>
> I have been using VPNC on vista 64 bit for a while now and I am
> getting
> a new issue, which I was wondering if anyone has already experienced.
>
> Basically I would get the occasional dropout every now and then and
> didn't think much of it assuming it was just my fragile cable provider
> having a hiccup.
>
> But recently I have been doing some larger downloads and started to
> notice that the timing seemed very "regular".
>
> I am now running vpnc in "time" and I see that it fails very
> regularly.
>
> I decided I should move to the latest release to see if the problem
> had
> already been fixed so moved to 0.5.3
>
> I still get the failure every 57m 40secs but now I get nice message as
> follows:
>
> ---!!!!!!!!! entering phase2_fatal !!!!!!!!!---
>
>
> quick mode response rejected: (ISAKMP_N_INVALID_PAYLOAD_TYPE)(1)
> this means the concentrator did not like what we had to offer.
> Possible reasons are:
> * concentrator configured to require a firewall
> this locks out even Cisco clients on any platform expect windows
> which is an obvious security improvment. There is no workaround
> (yet).
> * concentrator configured to require IP compression
> this is not yet supported by vpnc.
> Note: the Cisco Concentrator Documentation recommends against
> using
> compression, expect on low-bandwith (read: ISDN) links, because it
> uses much CPU-resources on the concentrator
>
>
> I had a look around on mailing list and could not really see anything
> pertaining to my 57 minute event. I noticed others got this issue
> when
> they initially tried to connect.
>
> I did read about a maximum 8 hr connection, I an wondering if perhaps
> the admins have set up a 1hr max connection? Our IT people are not
> very
> forthcoming with info, as I believe they contract out the config etc.
>
> Hoping someone can recommend something I can try to solve this issue?
>
> P.S. Tried connecting from an XP machine using the CISCO client and
> had
> no issues at 57 minutes from within same network.
>
> Thanks in advance
> Michael.
> _______________________________________________
> vpnc-devel mailing list
> vpnc-devel [at] unix-ag
> https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
> http://www.unix-ag.uni-kl.de/~massar/vpnc/
_______________________________________________
vpnc-devel mailing list
vpnc-devel [at] unix-ag
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/
|
