[strongSwan] L2TP/IPSec Connect/Disconnect Problems

Milen Pankov mail at milen.pankov.eu
Sun Oct 12 20:32:51 CEST 2014 

Hi Noel,

Sorry about the openswan thing, it is a typo. I am using strongswan.
The problem is it is the same user trying to reconnect, that's why he
uses the same credentials. I suppose his previous connection stays
active on the system.

Milen


On 12.10.2014 21:28, Noel Kuntze wrote:
> 
> Hello Milen,
> 
> This is the strongswan mailing list, not the openswan one. There is
> no guarantee that you will get help here.
> 
> Based on the third message in the log excerpt, I think you need to
> allow identical IDs or give your users different credentials.
> 
> Mit freundlichen Grüßen/Regards, Noel Kuntze
> 
> GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592
> 3839 298F 63EC 6658
> 
> Am 12.10.2014 um 20:14 schrieb Milen Pankov:
>> Hi,
> 
>> I have problems using l2tp/ipsec connections with openswan/xl2tp.
>> Users using the connection frequently disconnect and after that
>> cannot connect anymore. Here is a log example from a user that
>> failed to connect after a disconnect:
> 
>> 2014-08-09 23:20:30: "l2tp"[2422] public_ip:4500 #2738:
>> NAT-Traversal: received 2 NAT-OA. using first, ignoring others 
>> 2014-08-09 23:20:30: "l2tp"[2422] public_ip:4500 #2738:
>> responding to Quick Mode 2014-08-09 23:20:30: "l2tp"[2422]
>> public_ip:4500 #2738: cannot install eroute -- it is in use for
>> "l2tp"[2419] public_ip:4500 #2735 2014-08-09 23:20:30:
>> "l2tp"[2422] public_ip:4500: deleting connection "l2tp" instance
>> with peer public_ip {isakmp=#0/ipsec=#0} 2014-08-09 23:20:32:
>> "l2tp"[2419] public_ip:4500 #2734: Quick Mode I1 message is
>> unacceptable because it uses a previously used Message ID 
>> 0x02000000 (perhaps this is a duplicated packet) 2014-08-09
>> 23:20:32: "l2tp"[2419] public_ip:4500 #2734: sending encrypted
>> notification INVALID_MESSAGE_ID to public_ip:4500 2014-08-09
>> 23:20:35: "l2tp"[2419] public_ip:4500 #2734: Quick Mode I1 
>> message is unacceptable because it uses a previously used Message
>> ID 0x02000000 (perhaps this is a duplicated packet)
> 
>> Can you help me with this?
> 
>> Regards, Milen _______________________________________________ 
>> Users mailing list Users at lists.strongswan.org 
>> https://lists.strongswan.org/mailman/listinfo/users
> 
> 
> _______________________________________________ Users mailing list 
> Users at lists.strongswan.org 
> https://lists.strongswan.org/mailman/listinfo/users
> 

-- 

Милен

More information about the Users mailing list