mes vpn tombent parfois

Forum traitant de la distribution sécurisée montante nommée IP cop et basée sur la distribution Smoothwall. C'est à l'heure actuelle le forum le plus actif du site.

Modérateur: modos Ixus

mes vpn tombent parfois

Messagepar whitewater » 16 Mai 2008 17:11

Bonjour à tous,

j'ai plusieurs sites reliés entre eux par vpn sur ipcop. il arrive quelques fois qu'un lien tombe.

pour le redémarrer, je clique sur la flèche redémarrer dans le menu VPN d'ipcop d'un coté, ou de l'autre du tunnel. et çà repart... pire que mars.

je me demande quand même pourquoi çà tombe car si çà arrive quand je suis en vacances... pas cool. même mars il ne le fait pas repartir.

dans ma config IPCop RPVs, j'ai mis le le nom d'hote et non son ip public (il existe) pour le site 1. pour le site 2, il y a l'adresse IP.

pour la config des VPN, dans "Serveur/IP distant: " j'ai également le nom d'hôte.

peut être que çà tomberait pas si je mettais l'adresse IP partout ?

voici les logs IPSec sur les 2 sites.

site 1 :
22:57:48 pluto[28969] "site2" #95: received and ignored informational message
22:57:48 pluto[28969] "site2" #95: ignoring Delete SA payload: IPSEC SA not found (maybe expired)
22:57:37 vpn-watch 'site2': terminated after 1 restarts.
22:57:37 vpn-watch 'site2': Remote IP has changed from <IP site 2> to stop. Connection restarted (#1 times).
22:57:37 pluto[28969] "site2" #97: sent QI2, IPsec SA established
22:57:37 pluto[28969] "site2" #97: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
22:57:37 pluto[28969] "site2" #97: Dead Peer Detection (RFC3706) enabled
22:57:37 pluto[28969] "site2" #97: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS
22:57:37 pluto[28969] loaded private key file '/var/ipcop/certs/hostkey.pem' (891 bytes)
22:57:37 pluto[28969] loading secrets from "/etc/ipsec.secrets"
22:57:37 pluto[28969] forgetting secrets
22:57:28 pluto[28969] "site2" #96: sent QI2, IPsec SA established
22:57:28 pluto[28969] "site2" #96: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
22:57:28 pluto[28969] "site2" #96: Dead Peer Detection (RFC3706) enabled
22:57:28 pluto[28969] "site2" #96: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS
22:57:28 pluto[28969] "site2" #95: ISAKMP SA established
22:57:28 pluto[28969] "site2" #95: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
22:57:28 pluto[28969] "site2" #95: X.509 certificate rejected
22:57:28 pluto[28969] "site2" #95: Issuer CA certificate not found
22:57:28 pluto[28969] "site2" #95: Main mode peer ID is ID_DER_ASN1_DN: 'C=FR, O=Temperia Toulouse, OU=I nformatique, CN=site2.temperia.com'
22:57:27 pluto[28969] "site2" #95: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
22:57:27 pluto[28969] "site2" #95: NAT-Traversal: Result using RFC 3947: no NAT detected
22:57:27 pluto[28969] "site2" #95: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
22:57:27 pluto[28969] "site2" #95: received Vendor ID payload [Dead Peer Detection]
22:57:27 pluto[28969] "site2" #95: received Vendor ID payload [RFC 3947]
22:57:27 pluto[28969] packet from <IP site 2>:500: Informational Exchange is for an unknown (expir ed?) SA
22:57:27 pluto[28969] packet from <IP site 2>:500: Informational Exchange is for an unknown (expir ed?) SA
22:57:27 pluto[28969] "site2" #95: initiating Main Mode
22:57:27 pluto[28969] "site2" #86: deleting state (STATE_MAIN_R3)
22:57:27 pluto[28969] "site2" #87: deleting state (STATE_QUICK_R2)
22:57:27 pluto[28969] "site2" #88: deleting state (STATE_QUICK_R2)
22:57:27 pluto[28969] "site2": terminating SAs using this connection
22:57:18 pluto[28969] loaded private key file '/var/ipcop/certs/hostkey.pem' (891 bytes)
22:57:18 pluto[28969] loading secrets from "/etc/ipsec.secrets"
22:57:18 pluto[28969] forgetting secrets

(.. données..)

22:25:35 pluto[28969] "site2" #88: IPsec SA established
22:25:35 pluto[28969] "site2" #88: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
22:25:35 pluto[28969] "site2" #88: Dead Peer Detection (RFC3706) enabled
22:25:35 pluto[28969] "site2" #88: transition from state (null) to state STATE_QUICK_R1
22:25:35 pluto[28969] "site2" #88: responding to Quick Mode
22:25:23 pluto[28969] "site2" #87: IPsec SA established
22:25:23 pluto[28969] "site2" #87: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
22:25:23 pluto[28969] "site2" #87: Dead Peer Detection (RFC3706) enabled
22:25:23 pluto[28969] "site2" #87: transition from state (null) to state STATE_QUICK_R1
22:25:23 pluto[28969] "site2" #87: responding to Quick Mode
22:25:23 pluto[28969] "site2" #86: sent MR3, ISAKMP SA established
22:25:23 pluto[28969] "site2" #86: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
22:25:23 pluto[28969] "site2" #86: X.509 certificate rejected
22:25:23 pluto[28969] "site2" #86: Issuer CA certificate not found
22:25:23 pluto[28969] "site2" #86: Main mode peer ID is ID_DER_ASN1_DN: 'C=FR, O=Temperia Toulouse, OU=I nformatique, CN=site2.temperia.com'
22:25:23 pluto[28969] "site2" #86: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
22:25:23 pluto[28969] "site2" #86: NAT-Traversal: Result using RFC 3947: no NAT detected
22:25:22 pluto[28969] "site2" #86: transition from state (null) to state STATE_MAIN_R1
22:25:22 pluto[28969] "site2" #86: responding to Main Mode
22:25:22 pluto[28969] packet from <IP site 2>:500: received Vendor ID payload [Dead Peer Detection ]
22:25:22 pluto[28969] packet from <IP site 2>:500: ignoring Vendor ID payload [draft-ietf-ipsec-na t-t-ike-00]
22:25:22 pluto[28969] packet from <IP site 2>:500: ignoring Vendor ID payload [draft-ietf-ipsec-na t-t-ike-02]
22:25:22 pluto[28969] packet from <IP site 2>:500: ignoring Vendor ID payload [draft-ietf-ipsec-na t-t-ike-03]
22:25:22 pluto[28969] packet from <IP site 2>:500: received Vendor ID payload [RFC 3947]
22:25:22 pluto[28969] packet from <IP site 2>:500: received and ignored informational message
22:25:22 pluto[28969] "site2" #84: received Delete SA payload: deleting ISAKMP State #84
22:25:22 pluto[28969] "site2" #84: received and ignored informational message
22:25:22 pluto[28969] "site2" #84: received Delete SA payload: replace IPSEC State #76 in 10 seconds


site 2 :
23:15:26 pluto[14590] packet from <IP site 1>:500: received Vendor ID payload [Dead Peer Detection]
23:15:26 pluto[14590] packet from <IP site 1>:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat -t-ike-00]
23:15:26 pluto[14590] packet from <IP site 1>:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat -t-ike-02]
23:15:26 pluto[14590] packet from <IP site 1>:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat -t-ike-03]
23:15:26 pluto[14590] packet from <IP site 1>:500: received Vendor ID payload [RFC 3947]

(... données...)

23:57:32 pluto[14590] packet from 193.251.20.202:500: Informational Exchange is for an unknown (expire d?) SA
23:49:35 pluto[14590] packet from 193.252.36.16:500: received and ignored informational message
23:47:56 pluto[14590] "site1" #45: sent MR3, ISAKMP SA established
23:47:56 pluto[14590] "site1" #45: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
23:47:56 pluto[14590] "site1" #45: X.509 certificate rejected
23:47:56 pluto[14590] "site1" #45: Issuer CA certificate not found
23:47:56 pluto[14590] "site1" #45: Main mode peer ID is ID_DER_ASN1_DN: 'C=FR, O=Temperia Cote Azur, OU= Informatique, CN=site1.temperia.com'
23:47:56 pluto[14590] "site1" #45: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
23:47:56 pluto[14590] "site1" #45: NAT-Traversal: Result using RFC 3947: no NAT detected
23:47:56 pluto[14590] "site1" #45: transition from state (null) to state STATE_MAIN_R1
23:47:56 pluto[14590] "site1" #45: responding to Main Mode
23:47:56 pluto[14590] packet from 193.251.20.202:500: received Vendor ID payload [Dead Peer Detection]
23:47:56 pluto[14590] packet from 193.251.20.202:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat -t-ike-00]
23:47:56 pluto[14590] packet from 193.251.20.202:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat -t-ike-02]
23:47:56 pluto[14590] packet from 193.251.20.202:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat -t-ike-03]
23:47:56 pluto[14590] packet from 193.251.20.202:500: received Vendor ID payload [RFC 3947]
23:38:20 pluto[14590] packet from 193.252.36.16:500: received Vendor ID payload [Dead Peer Detection]
23:38:20 pluto[14590] packet from 193.252.36.16:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat- t-ike-00]
23:38:20 pluto[14590] packet from 193.252.36.16:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat- t-ike-02]
23:38:20 pluto[14590] packet from 193.252.36.16:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat- t-ike-03]
23:38:20 pluto[14590] packet from 193.252.36.16:500: received Vendor ID payload [RFC 3947]
23:27:07 pluto[14590] packet from <IP site 1>:500: received Vendor ID payload [Dead Peer Detection]
23:27:07 pluto[14590] packet from <IP site 1>:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat -t-ike-00]
23:27:07 pluto[14590] packet from <IP site 1>:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat -t-ike-02]
23:27:07 pluto[14590] packet from <IP site 1>:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat -t-ike-03]
23:27:07 pluto[14590] packet from <IP site 1>:500: received Vendor ID payload [RFC 3947]
23:26:56 pluto[14590] packet from <IP site 1>:500: received and ignored informational message
23:25:36 pluto[14590] packet from 217.128.244.28:500: Informational Exchange is for an unknown (expire d?) SA
23:25:36 pluto[14590] packet from <IP site 1>:500: Informational Exchange is for an unknown (expire d?) SA
23:15:26 pluto[14590] packet from <IP site 1>:500: received Vendor ID payload [Dead Peer Detection]
23:15:26 pluto[14590] packet from <IP site 1>:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat -t-ike-00]
23:15:26 pluto[14590] packet from <IP site 1>:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat -t-ike-02]
23:15:26 pluto[14590] packet from <IP site 1>:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat -t-ike-03]
23:15:26 pluto[14590] packet from <IP site 1>:500: received Vendor ID payload [RFC 3947]
23:11:55 pluto[14590] packet from 217.128.244.28:500: received Vendor ID payload [Dead Peer Detection]
23:11:55 pluto[14590] packet from 217.128.244.28:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat -t-ike-00]
23:11:55 pluto[14590] packet from 217.128.244.28:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat -t-ike-02]
23:11:55 pluto[14590] packet from 217.128.244.28:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat -t-ike-03]
23:11:55 pluto[14590] packet from 217.128.244.28:500: received Vendor ID payload [RFC 3947]
22:58:39 pluto[14590] packet from 193.252.36.16:500: Informational Exchange is for an unknown (expired ?) SA
22:57:41 pluto[14590] "site1" #37: IPsec SA established
22:57:41 pluto[14590] "site1" #37: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
22:57:41 pluto[14590] "site1" #37: Dead Peer Detection (RFC3706) enabled
22:57:41 pluto[14590] "site1" #37: transition from state (null) to state STATE_QUICK_R1
22:57:41 pluto[14590] "site1" #37: responding to Quick Mode
22:57:32 pluto[14590] "site1" #36: IPsec SA established
22:57:32 pluto[14590] "site1" #36: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
22:57:32 pluto[14590] "site1" #36: Dead Peer Detection (RFC3706) enabled
22:57:32 pluto[14590] "site1" #36: transition from state (null) to state STATE_QUICK_R1
22:57:32 pluto[14590] "site1" #36: responding to Quick Mode
22:57:31 pluto[14590] "site1" #35: sent MR3, ISAKMP SA established
22:57:31 pluto[14590] "site1" #35: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
22:57:31 pluto[14590] "site1" #35: X.509 certificate rejected
22:57:31 pluto[14590] "site1" #35: Issuer CA certificate not found
22:57:31 pluto[14590] "site1" #35: Main mode peer ID is ID_DER_ASN1_DN: 'C=FR, O=Temperia Cote Azur, OU= Informatique, CN=site1.temperia.com'
22:57:31 pluto[14590] "site1" #35: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
22:57:31 pluto[14590] "site1" #35: NAT-Traversal: Result using RFC 3947: no NAT detected
22:57:31 pluto[14590] "site1" #35: transition from state (null) to state STATE_MAIN_R1
22:57:31 pluto[14590] "site1" #35: responding to Main Mode
22:57:31 pluto[14590] packet from 193.251.20.202:500: received Vendor ID payload [Dead Peer Detection]
22:57:31 pluto[14590] packet from 193.251.20.202:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat -t-ike-00]
22:57:31 pluto[14590] packet from 193.251.20.202:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat -t-ike-02]
22:57:31 pluto[14590] packet from 193.251.20.202:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat -t-ike-03]
22:57:31 pluto[14590] packet from 193.251.20.202:500: received Vendor ID payload [RFC 3947]
22:57:31 pluto[14590] packet from 193.251.20.202:500: received and ignored informational message
22:57:31 pluto[14590] "site1" #25: received Delete SA payload: deleting ISAKMP State #25
22:57:31 pluto[14590] "site1" #25: received and ignored informational message
22:57:31 pluto[14590] "site1" #25: received Delete SA payload: deleting IPSEC State #26
22:57:31 pluto[14590] "site1" #25: received and ignored informational message
22:57:31 pluto[14590] "site1" #25: received Delete SA payload: replace IPSEC State #32 in 10 seconds
22:49:34 pluto[14590] packet from 193.252.36.16:500: received Vendor ID payload [Dead Peer Detection]
22:49:34 pluto[14590] packet from 193.252.36.16:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat- t-ike-00]
22:49:34 pluto[14590] packet from 193.252.36.16:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat- t-ike-02]
22:49:34 pluto[14590] packet from 193.252.36.16:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat- t-ike-03]
22:49:34 pluto[14590] packet from 193.252.36.16:500: received Vendor ID payload [RFC 3947]
22:25:46 pluto[14590] "site1" #25: received and ignored informational message
22:25:46 pluto[14590] "site1" #25: ignoring Delete SA payload: IPSEC SA not found (maybe expired)
22:25:39 vpn-watch 'site1': terminated after 1 restarts.
22:25:39 vpn-watch 'site1': Remote IP has changed from 193.251.20.202 to stop. Connection restarted ( #1 times).
22:25:39 pluto[14590] "site1" #32: sent QI2, IPsec SA established
22:25:39 pluto[14590] "site1" #32: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
22:25:39 pluto[14590] "site1" #32: Dead Peer Detection (RFC3706) enabled
22:25:38 pluto[14590] "site1" #32: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS
22:25:38 pluto[14590] loaded private key file '/var/ipcop/certs/hostkey.pem' (891 bytes)
22:25:38 pluto[14590] loading secrets from "/etc/ipsec.secrets"
22:25:38 pluto[14590] forgetting secrets
22:25:38 pluto[14590] loaded private key file '/var/ipcop/certs/hostkey.pem' (891 bytes)
22:25:38 pluto[14590] loading secrets from "/etc/ipsec.secrets"
22:25:38 pluto[14590] forgetting secrets
22:25:38 pluto[14590] loaded private key file '/var/ipcop/certs/hostkey.pem' (891 bytes)
22:25:38 pluto[14590] loading secrets from "/etc/ipsec.secrets"
22:25:38 pluto[14590] forgetting secrets


merci
Avatar de l’utilisateur
whitewater
Major
Major
 
Messages: 78
Inscrit le: 09 Oct 2003 00:00

Retour vers IPCop

Qui est en ligne ?

Utilisateur(s) parcourant actuellement ce forum : Aucun utilisateur inscrit et 1 invité