[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Ipsec problems

Hi.
I'm having some problems with ipsec.
The connections are running, but when the line goes down the vpn is not coming back again.
If i see the logs, i see these errors:

2010-07-06 13:23:22: ERROR: fatal INVALID-SPI notify messsage, phase1 should be deleted.


If i force a restart of the setkey and racoon services, then the vpns are coming back.
This is the conf:

remote AAA.AAA.AAA.AAA
{
        exchange_mode main;
        verify_cert on;
        my_identifier address;
        lifetime time 96 hour ;
        dpd_delay 0;
        proposal {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group 2;
        }

}

sainfo address 192.168.1.0/24 any address 10.75.0.0/16 any
{
        pfs_group 2;
        lifetime time 8 hour ;
        encryption_algorithm 3des ;
        authentication_algorithm hmac_md5 ;
        compression_algorithm deflate ;
}

sainfo address AAA.AAA.AAA.AAA/32 any address 10.75.0.0/16 any
{
        pfs_group 2;
        lifetime time 8 hour ;
        encryption_algorithm 3des ;
        authentication_algorithm hmac_md5 ;
        compression_algorithm deflate ;
}

sainfo address BBB.BBB.BBB.BBB/32 any address AAA.AAA.AAA.AAA/32 any
{
        pfs_group 2;
        lifetime time 8 hour ;
        encryption_algorithm 3des ;
        authentication_algorithm hmac_md5 ;
        compression_algorithm deflate ;
}

sainfo address 192.168.1.0/24 any address AAA.AAA.AAA.AAA/32 any
{
        pfs_group 2;
        lifetime time 8 hour ;
        encryption_algorithm 3des ;
        authentication_algorithm hmac_md5 ;
        compression_algorithm deflate ;
}


10.75.0.0/16 is the remote network. 
192.168.1.0/24 is our net.
AAA.AAA.AAA.AAA is their remote public IP.
BBB.BBB.BBB.BBB is our public IP

Thanks
Reply to: