<div dir="ltr"><div><div><div>Hi <br><br></div>I am attaching server [AWS] side logs [messages] . <br></div>Server is 10 hours behind from modem. <br></div>And, server is connected to many modems, this particular modem is 619703 [10.4.39.36]. <br><br><div><div><br></div></div><div class="gmail_extra"><br clear="all"><div><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><b style="color:rgb(136,136,136);font-family:"trebuchet ms",sans-serif;font-size:13px">Best Regards</b><br></div><div><b style="color:rgb(136,136,136);font-family:'trebuchet ms',sans-serif;font-size:13px">Nitin Agarwal</b><br></div><div><span style="font-family:'trebuchet ms',sans-serif;font-size:13px;color:rgb(102,102,102)"><u><a href="mailto:nitin.agarwal@symstream.com" target="_blank">nitin.agarwal@symstream.com</a></u> | Skype: nitin_symstream</span><br><br><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> </blockquote><div><br></div><br><br></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Tue, Jul 28, 2015 at 8:42 PM, Andreas Steffen <span dir="ltr"><<a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">So can you show me the corresponding strongSwan server log?<br>
<br>
Andreas<br>
<span><br>
On 07/28/2015 02:33 PM, Nitin Agarwal wrote:<br>
> Hi Andreas<br>
><br>
> On server side, I am using :-<br>
> Linux strongSwan U4.6.2/<br>
><br>
> And, on modem side :-<br>
> Linux[Debian, Voyage] strongSwan U4.4.1<br>
><br>
><br>
</span>> *Best Regards*<br>
> *Nitin Agarwal*<br>
> *Team Leader R&D*<br>
> *Symstream Technology Group*<br>
> M +91 9818893018<br>
> _<a href="mailto:nitin.agarwal@symstream.com" target="_blank">nitin.agarwal@symstream.com</a> <mailto:<a href="mailto:nitin.agarwal@symstream.com" target="_blank">nitin.agarwal@symstream.com</a>>_ |<br>
<span>> Skype: nitin_symstream<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> On Tue, Jul 28, 2015 at 3:22 PM, Andreas Steffen<br>
</span>> <<a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a> <mailto:<a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a>>><br>
<div><div>> wrote:<br>
><br>
> Hi Nitin,<br>
><br>
> what VPN product is running on the server, since 1) it produces<br>
> notifications in an invalid format and 2) it probably speaks<br>
> IKEv1 only, because it replies with INVALID_MAJOR_VERSION to<br>
> an IKEv2 request?<br>
><br>
> Best regards<br>
><br>
> Andreas<br>
><br>
> On 28.07.2015 10:40, Nitin Agarwal wrote:<br>
><br>
> Hi Noel<br>
><br>
> I have done the changes, But still the tunnels are down for upto 10<br>
> minutes, sometime.<br>
> This is what I got from Syslog, and these errors are different at<br>
> different times :-<br>
><br>
> 1)<br>
> Jul 28 09:28:36 alix6f2-619703 charon: 12[IKE] initiating IKE_SA<br>
> 52.64.105.113_cnc[2] to 52.74.240.246<br>
> Jul 28 09:28:36 alix6f2-619703 charon: 12[ENC] generating<br>
> IKE_SA_INIT<br>
> request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]<br>
> Jul 28 09:28:36 alix6f2-619703 charon: 12[NET] sending packet: from<br>
> 100.116.187.100[500] to 52.74.240.246[500]<br>
> Jul 28 09:28:37 alix6f2-619703 charon: 16[NET] received packet: from<br>
> 52.74.240.246[500] to 100.116.187.100[500]<br>
> Jul 28 09:28:37 alix6f2-619703 charon: 16[ENC] invalid notify data<br>
> length for INVALID_MAJOR_VERSION (20)<br>
> Jul 28 09:28:37 alix6f2-619703 charon: 16[ENC] *NOTIFY payload<br>
> verification failed *<br>
> Jul 28 09:28:37 alix6f2-619703 charon: 16[IKE] IKE_SA_INIT<br>
> response with<br>
> message ID 0 processing failed<br>
> Jul 28 09:28:40 alix6f2-619703 charon: 13[IKE] retransmit 1 of<br>
> request<br>
> with message ID 0<br>
><br>
><br>
> 2) Jul 28 09:29:40 alix6f2-619703 charon: 13[ENC] generating<br>
> IKE_SA_INIT<br>
> request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]<br>
> Jul 28 09:29:40 alix6f2-619703 charon: 13[NET] sending packet: from<br>
> 100.116.187.100[500] to 52.74.240.246[500]<br>
> Jul 28 09:29:41 alix6f2-619703 charon: 16[NET] received packet: from<br>
> 52.74.240.246[500] to 100.116.187.100[500]<br>
> Jul 28 09:29:41 alix6f2-619703 charon: 16[ENC] parsed IKE_SA_INIT<br>
> response 0 [ N(INVAL_SYN) ]<br>
> Jul 28 09:29:41 alix6f2-619703 charon: 16[IKE]*received<br>
> INVALID_SYNTAX<br>
> notify error *<br>
><br>
><br>
> can anybody please suggest why this is happening ?<br>
><br>
><br>
><br>
><br>
> *Best Regards*<br>
> *Nitin Agarwal*<br>
><br>
><br>
><br>
><br>
><br>
><br>
> On Wed, Jul 22, 2015 at 3:59 PM, Noel Kuntze<br>
</div></div>> <<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a> <mailto:<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a>><br>
> <mailto:<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a> <mailto:<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a>>>><br>
<div><div>> wrote:<br>
><br>
><br>
> Hello Nitin,<br>
><br>
> You're using IKEv2, which uses a global timeout setting in<br>
> strongswan.conf,<br>
> not dpdtimeout.<br>
> - From the man page for ipsec.conf:<br>
> dpdtimeout = 150s | <time><br>
> defines the timeout interval, after which all<br>
> connections to a peer are deleted in case of inactivity.<br>
>> This only<br>
> applies to IKEv1, in IKEv2 the default retransmission<br>
> timeout applies, as every exchange is used to<br>
>> detect<br>
> dead peers.<br>
><br>
> Look at the "IKEv2 RETRANSMISSION" section of the man page for<br>
> strongswan.conf.<br>
><br>
> Alternatively, use IKEv1.<br>
><br>
> Mit freundlichen Grüßen/Kind Regards,<br>
> Noel Kuntze<br>
><br>
> GPG Key ID: 0x63EC6658<br>
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658<br>
><br>
> Am 22.07.2015 um 07:26 schrieb Nitin Agarwal:<br>
>> Hello Guys<br>
><br>
>> I am trying to achieve stable tunnel connectivity between<br>
>> two systems.<br>
>> My System 1 is a modem having ppp connection.And, System 2<br>
>> is a server.<br>
><br>
>> On System 1, IP use to change and whenever IP changes,<br>
>> sometime system takes upto 20 minutes to form stable tunnel.<br>
>> Sometime is just 50 seconds also. PPP connection takes around 25<br>
>> seconds to release old IP and acquire new one.<br>
><br>
>> I am attaching the existing configuration.<br>
>> Please suggest, if I need to modify the configurations or<br>
>> I am missing something.<br>
><br>
><br>
><br>
><br>
> > *Best Regards*<br>
> > *Nitin Agarwal*<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > This message (and any associated files) is intended only<br>
>> for the<br>
> use of the individual or entity to which it is addressed and may<br>
> contain information that is confidential, subject to<br>
>> copyright or<br>
> constitutes a trade secret. If you are not the intended<br>
>> recipient<br>
> you are hereby notified that any dissemination, copying or<br>
> distribution of this message, or files associated with this<br>
>> message,<br>
> is strictly prohibited. If you have received this message in<br>
>> error,<br>
> please notify Symstream Technology Group immediately by<br>
>> replying to<br>
> the message and deleting it from your computer. Messages<br>
>> sent to and<br>
> from us may be monitored. Internet communications cannot be<br>
> guaranteed to be secure or error-free as information could be<br>
> intercepted, corrupted, lost, destroyed, arrive late or<br>
>> incomplete,<br>
> or contain viruses. Therefore, we do not accept<br>
>> responsibility for<br>
> any errors or omissions that are present in this message, or any<br>
> attachment, that have arisen as a result of e-mail<br>
>> transmission. If<br>
> verification is required, please request a hard-copy<br>
>> version. Any<br>
> views or opinions presented are solely those of the author<br>
>> and do<br>
> not necessarily represent those of the company.<br>
> > -------------------------<br>
><br>
><br>
> > _______________________________________________<br>
> > Users mailing list<br>
</div></div>> > <a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a><br>
>> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a>><br>
>> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a><br>
>> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a>>><br>
> > <a href="https://lists.strongswan.org/mailman/listinfo/users" rel="noreferrer" target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a><br>
<div><div>><br>
><br>
><br>
><br>
><br>
> This message (and any associated files) is intended only for the<br>
> use of<br>
> the individual or entity to which it is addressed and may contain<br>
> information that is confidential, subject to copyright or<br>
> constitutes a<br>
> trade secret. If you are not the intended recipient you are hereby<br>
> notified that any dissemination, copying or distribution of this<br>
> message, or files associated with this message, is strictly<br>
> prohibited.<br>
> If you have received this message in error, please notify Symstream<br>
> Technology Group immediately by replying to the message and<br>
> deleting it<br>
> from your computer. Messages sent to and from us may be monitored.<br>
> Internet communications cannot be guaranteed to be secure or<br>
> error-free<br>
> as information could be intercepted, corrupted, lost, destroyed,<br>
> arrive<br>
> late or incomplete, or contain viruses. Therefore, we do not accept<br>
> responsibility for any errors or omissions that are present in this<br>
> message, or any attachment, that have arisen as a result of e-mail<br>
> transmission. If verification is required, please request a<br>
> hard-copy<br>
> version. Any views or opinions presented are solely those of the<br>
> author<br>
> and do not necessarily represent those of the company.<br>
> ------------------------------------------------------------------------<br>
><br>
><br>
> _______________________________________________<br>
> Users mailing list<br>
</div></div>> <a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a>><br>
<span>> <a href="https://lists.strongswan.org/mailman/listinfo/users" rel="noreferrer" target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a><br>
><br>
><br>
> --<br>
> ======================================================================<br>
> Andreas Steffen<br>
</span>> <a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a> <mailto:<a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a>><br>
<span>> strongSwan - the Open Source VPN Solution!<br>
</span>> <a href="http://www.strongswan.org" rel="noreferrer" target="_blank">www.strongswan.org</a> <<a href="http://www.strongswan.org" rel="noreferrer" target="_blank">http://www.strongswan.org</a>><br>
<span>> Institute for Internet Technologies and Applications<br>
> University of Applied Sciences Rapperswil<br>
> CH-8640 Rapperswil (Switzerland)<br>
> ===========================================================[ITA-HSR]==<br>
><br>
><br>
><br>
</span><span>> This message (and any associated files) is intended only for the use of<br>
> the individual or entity to which it is addressed and may contain<br>
> information that is confidential, subject to copyright or constitutes a<br>
> trade secret. If you are not the intended recipient you are hereby<br>
> notified that any dissemination, copying or distribution of this<br>
> message, or files associated with this message, is strictly prohibited.<br>
> If you have received this message in error, please notify Symstream<br>
> Technology Group immediately by replying to the message and deleting it<br>
> from your computer. Messages sent to and from us may be monitored.<br>
> Internet communications cannot be guaranteed to be secure or error-free<br>
> as information could be intercepted, corrupted, lost, destroyed, arrive<br>
> late or incomplete, or contain viruses. Therefore, we do not accept<br>
> responsibility for any errors or omissions that are present in this<br>
> message, or any attachment, that have arisen as a result of e-mail<br>
> transmission. If verification is required, please request a hard-copy<br>
> version. Any views or opinions presented are solely those of the author<br>
> and do not necessarily represent those of the company.<br>
> ------------------------------------------------------------------------<br>
<br>
</span><span><font color="#888888">--<br>
======================================================================<br>
Andreas Steffen <a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a><br>
strongSwan - the Open Source VPN Solution! <a href="http://www.strongswan.org" rel="noreferrer" target="_blank">www.strongswan.org</a><br>
</font></span><div><div>Institute for Internet Technologies and Applications<br>
University of Applied Sciences Rapperswil<br>
CH-8640 Rapperswil (Switzerland)<br>
===========================================================[ITA-HSR]==<br>
<br>
</div></div></blockquote></div><br></div></div>
<br>
<span style="color:rgb(34,34,34);font-family:arial,sans-serif;background-color:rgb(255,255,255)">This message (and any associated files) is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify Symstream Technology Group immediately by replying to the message and deleting it from your computer. Messages sent to and from us may be monitored. Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, we do not accept responsibility for any errors or omissions that are present in this message, or any attachment, that have arisen as a result of e-mail transmission. If verification is required, please request a hard-copy version. Any views or opinions presented are solely those of the author and do not necessarily represent those of the company.</span><hr>