l2tp-ipsec-vpn-client icon indicating copy to clipboard operation
l2tp-ipsec-vpn-client copied to clipboard

Published 20 hours ago verified publisher icon ubergarm

Not staying connected for very long

Open dmp1ce opened this issue 6 years ago • 6 comments

After about 15 minutes or so after connecting to a Ubiquity gateway VPN I get the following message in the logs and then disconnected from VPN.

Mar  7 17:26:13: "L2TP-PSK" #1: ISAKMP SA expired (--dontrekey)
Mar  7 17:26:13: "L2TP-PSK" #1: deleting state (STATE_MAIN_I4) and sending notification
Mar  7 17:26:19: "L2TP-PSK" #2: DPD: could not find newest phase 1 state - initiating a new one                                                                                                      
Mar  7 17:26:19: "L2TP-PSK" #2: IKEv1 DPD: action - clearing connection
Mar  7 17:26:19: "L2TP-PSK" #2: %s action clear: Clearing Connection L2TP-PSK[0] CK_PERMANENT                                                                                                        
Mar  7 17:26:19: "L2TP-PSK" #2: deleting state (STATE_QUICK_I2) and sending notification
Mar  7 17:26:19: "L2TP-PSK" #2: ESP traffic information: in=0B out=0B
xl2tpd[1]: Maximum retries exceeded for tunnel 50899.  Closing.
xl2tpd[1]: Terminating pppd: sending TERM signal to pid 39
xl2tpd[1]: Connection 17209 closed to xxx.xxx.xxx.xxx, port 1701 (Timeout)
xl2tpd[1]: Unable to deliver closing message for tunnel 50899. Destroying anyway.

Is there a way for me to keep the connection alive?

dmp1ce avatar Mar 07 '19 20:03 dmp1ce

I see that same issue. Did you find a fix for this?

lilvinz avatar Apr 10 '19 08:04 lilvinz

Sorry, I did not. I just stop the container, remove all volumes and restart.

dmp1ce avatar Apr 10 '19 15:04 dmp1ce

I met the same issue, which timeout during connecting to server port 1701. My L2TP/IPSec VPN runs normaly for Windows and Mac clients, only UDP port 500 and 4500 are exported but without export port 1701. Why this l2tp-ipsec-vpn-client need port 1701? Is port 1701 necessary? Should I export UDP port 1701 on the server or client gateway?

zhangsean avatar Jan 31 '20 15:01 zhangsean

Did anyone resolve this issue? It's currently just disconnecting after about 15 minutes, which is such a shame because other than that this connects seamlessly?

arctic-ice-cool avatar Sep 08 '21 23:09 arctic-ice-cool

So I had to write a bash script to run to monitor the VPN connection presence and restart the container if it fails (just quick and dirty) and this morning I decided to get it to send me an email whenever it discovered it was down and had to kill and relaunch the container, and these are the times it did it:

It's actually doing it on the hour, every hour (the monitor script runs every minute). It's like as soon as the container hits 60 minute runtime, it then disconnects?

Screenshot 2021-09-10 at 16 21 28

arctic-ice-cool avatar Sep 10 '21 15:09 arctic-ice-cool

Mar 7 17:26:13: "L2TP-PSK" #1: ISAKMP SA expired (--dontrekey) says that the ipsec connection is expired

Check the libreswan's doc about ipsec.conf The parameter ikelifetime is set to 1 hour by default, and rekey=no was configured. Therefore, the client will not attempt to perform rekeying, and the IPsec connection will disconnect when the ikelifetime is reached.

Just set rekey to yes

sautvaste avatar Mar 21 '24 15:03 sautvaste