[strongSwan] L2TP/IPSec Connect/Disconnect Problems
Milen Pankov
mail at milen.pankov.eu
Sun Oct 12 20:32:51 CEST 2014
Hi Noel,
Sorry about the openswan thing, it is a typo. I am using strongswan.
The problem is it is the same user trying to reconnect, that's why he
uses the same credentials. I suppose his previous connection stays
active on the system.
Milen
On 12.10.2014 21:28, Noel Kuntze wrote:
>
> Hello Milen,
>
> This is the strongswan mailing list, not the openswan one. There is
> no guarantee that you will get help here.
>
> Based on the third message in the log excerpt, I think you need to
> allow identical IDs or give your users different credentials.
>
> Mit freundlichen Grüßen/Regards, Noel Kuntze
>
> GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592
> 3839 298F 63EC 6658
>
> Am 12.10.2014 um 20:14 schrieb Milen Pankov:
>> Hi,
>
>> I have problems using l2tp/ipsec connections with openswan/xl2tp.
>> Users using the connection frequently disconnect and after that
>> cannot connect anymore. Here is a log example from a user that
>> failed to connect after a disconnect:
>
>> 2014-08-09 23:20:30: "l2tp"[2422] public_ip:4500 #2738:
>> NAT-Traversal: received 2 NAT-OA. using first, ignoring others
>> 2014-08-09 23:20:30: "l2tp"[2422] public_ip:4500 #2738:
>> responding to Quick Mode 2014-08-09 23:20:30: "l2tp"[2422]
>> public_ip:4500 #2738: cannot install eroute -- it is in use for
>> "l2tp"[2419] public_ip:4500 #2735 2014-08-09 23:20:30:
>> "l2tp"[2422] public_ip:4500: deleting connection "l2tp" instance
>> with peer public_ip {isakmp=#0/ipsec=#0} 2014-08-09 23:20:32:
>> "l2tp"[2419] public_ip:4500 #2734: Quick Mode I1 message is
>> unacceptable because it uses a previously used Message ID
>> 0x02000000 (perhaps this is a duplicated packet) 2014-08-09
>> 23:20:32: "l2tp"[2419] public_ip:4500 #2734: sending encrypted
>> notification INVALID_MESSAGE_ID to public_ip:4500 2014-08-09
>> 23:20:35: "l2tp"[2419] public_ip:4500 #2734: Quick Mode I1
>> message is unacceptable because it uses a previously used Message
>> ID 0x02000000 (perhaps this is a duplicated packet)
>
>> Can you help me with this?
>
>> Regards, Milen _______________________________________________
>> Users mailing list Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
>
>
> _______________________________________________ Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
--
Милен
More information about the Users
mailing list