Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not staying connected for very long #8

Open
dmp1ce opened this issue Mar 7, 2019 · 6 comments · May be fixed by #18
Open

Not staying connected for very long #8

dmp1ce opened this issue Mar 7, 2019 · 6 comments · May be fixed by #18

Comments

@dmp1ce
Copy link

dmp1ce commented Mar 7, 2019

After about 15 minutes or so after connecting to a Ubiquity gateway VPN I get the following message in the logs and then disconnected from VPN.

Mar  7 17:26:13: "L2TP-PSK" #1: ISAKMP SA expired (--dontrekey)
Mar  7 17:26:13: "L2TP-PSK" #1: deleting state (STATE_MAIN_I4) and sending notification
Mar  7 17:26:19: "L2TP-PSK" #2: DPD: could not find newest phase 1 state - initiating a new one                                                                                                      
Mar  7 17:26:19: "L2TP-PSK" #2: IKEv1 DPD: action - clearing connection
Mar  7 17:26:19: "L2TP-PSK" #2: %s action clear: Clearing Connection L2TP-PSK[0] CK_PERMANENT                                                                                                        
Mar  7 17:26:19: "L2TP-PSK" #2: deleting state (STATE_QUICK_I2) and sending notification
Mar  7 17:26:19: "L2TP-PSK" #2: ESP traffic information: in=0B out=0B
xl2tpd[1]: Maximum retries exceeded for tunnel 50899.  Closing.
xl2tpd[1]: Terminating pppd: sending TERM signal to pid 39
xl2tpd[1]: Connection 17209 closed to xxx.xxx.xxx.xxx, port 1701 (Timeout)
xl2tpd[1]: Unable to deliver closing message for tunnel 50899. Destroying anyway.

Is there a way for me to keep the connection alive?
@lilvinz
Copy link

lilvinz commented Apr 10, 2019

I see that same issue. Did you find a fix for this?

@dmp1ce
Copy link
Author

dmp1ce commented Apr 10, 2019

Sorry, I did not. I just stop the container, remove all volumes and restart.

@zhangsean
Copy link

I met the same issue, which timeout during connecting to server port 1701.
My L2TP/IPSec VPN runs normaly for Windows and Mac clients, only UDP port 500 and 4500 are exported but without export port 1701.
Why this l2tp-ipsec-vpn-client need port 1701?
Is port 1701 necessary?
Should I export UDP port 1701 on the server or client gateway?

@arctic-ice-cool
Copy link

Did anyone resolve this issue? It's currently just disconnecting after about 15 minutes, which is such a shame because other than that this connects seamlessly?

@arctic-ice-cool
Copy link

So I had to write a bash script to run to monitor the VPN connection presence and restart the container if it fails (just quick and dirty) and this morning I decided to get it to send me an email whenever it discovered it was down and had to kill and relaunch the container, and these are the times it did it:

It's actually doing it on the hour, every hour (the monitor script runs every minute). It's like as soon as the container hits 60 minute runtime, it then disconnects?

Screenshot 2021-09-10 at 16 21 28

@sautvaste
Copy link

sautvaste commented Mar 21, 2024
edited
Loading

Mar 7 17:26:13: "L2TP-PSK" #1: ISAKMP SA expired (--dontrekey) says that the ipsec connection is expired

Check the libreswan's doc about ipsec.conf
The parameter ikelifetime is set to 1 hour by default, and rekey=no was configured. Therefore, the client will not attempt to perform rekeying, and the IPsec connection will disconnect when the ikelifetime is reached.

Just set rekey to yes

@sautvaste sautvaste linked a pull request Mar 27, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
5 participants
@dmp1ce @lilvinz @zhangsean @arctic-ice-cool @sautvaste