Hi everyone,
last weekend we successfully created a HA Cluster from an old 320 rev3 with a new 320 rev5 and updated from 8.301 to 8.303. Everything went seamless and fine beside one thing - L2TP over IPSec remote access doesn't work anymore. That is not a big issue for us because our roadwarriors use SSL VPN, but I want to get it working again.
We have some IPSec Site2Site VPN's that run normal - there was one that had to be disabled/enabled after some failover tests, but since then it's running normal.
Here is the part of the ipsec logfile:
I disabled and enabled the L2TP but no luck.
I also tried to set up a PPTP remote access for testing purposes, but that one also returns an error. Maybe these two problems have the same source.
Here's the pptd log:
Has anyone experienced this error and/or has a good idea to solve it.
Regards
Manfred
last weekend we successfully created a HA Cluster from an old 320 rev3 with a new 320 rev5 and updated from 8.301 to 8.303. Everything went seamless and fine beside one thing - L2TP over IPSec remote access doesn't work anymore. That is not a big issue for us because our roadwarriors use SSL VPN, but I want to get it working again.
We have some IPSec Site2Site VPN's that run normal - there was one that had to be disabled/enabled after some failover tests, but since then it's running normal.
Here is the part of the ipsec logfile:
Code:
2012:05:16-08:13:26 verw-asg320-01-2 pluto[9017]: packet from 87.78.***.***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2012:05:16-08:13:26 verw-asg320-01-2 pluto[9017]: packet from 87.78.***.***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2012:05:16-08:13:26 verw-asg320-01-2 pluto[9017]: packet from 87.78.***.***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
2012:05:16-08:13:26 verw-asg320-01-2 pluto[9017]: packet from 87.78.***.***:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2012:05:16-08:13:26 verw-asg320-01-2 pluto[9017]: "S_REF_lCdKJjLhOS_1"[3] 87.78.***.*** #133: responding to Main Mode from unknown peer 87.78.***.***
2012:05:16-08:13:26 verw-asg320-01-2 pluto[9017]: "S_REF_lCdKJjLhOS_1"[3] 87.78.***.*** #133: NAT-Traversal: Result using RFC 3947: peer is NATed
2012:05:16-08:13:26 verw-asg320-01-2 pluto[9017]: "S_REF_lCdKJjLhOS_1"[3] 87.78.***.*** #133: Peer ID is ID_IPV4_ADDR: '192.168.15y.yy'
2012:05:16-08:13:26 verw-asg320-01-2 pluto[9017]: "S_REF_lCdKJjLhOS_1"[4] 87.78.***.*** #133: deleting connection "S_REF_lCdKJjLhOS_1"[3] instance with peer 87.78.***.*** {isakmp=#0/ipsec=#0}
2012:05:16-08:13:26 verw-asg320-01-2 pluto[9017]: | NAT-T: new mapping 87.78.***.***:500/4500)
2012:05:16-08:13:26 verw-asg320-01-2 pluto[9017]: "S_REF_lCdKJjLhOS_1"[4] 87.78.***.***:4500 #133: sent MR3, ISAKMP SA established
2012:05:16-08:13:26 verw-asg320-01-2 pluto[9017]: "S_REF_lCdKJjLhOS_1"[4] 87.78.***.***:4500 #133: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2012:05:16-08:13:27 verw-asg320-01-2 pluto[9017]: "S_REF_lCdKJjLhOS_0"[2] 87.78.***.***:4500 #134: responding to Quick Mode
2012:05:16-08:13:27 verw-asg320-01-2 pluto[9017]: "S_REF_lCdKJjLhOS_0"[2] 87.78.***.***:4500 #134: ERROR: netlink response for Add SA esp.872915a@87.78.***.*** included errno 93: Protocol not supported
2012:05:16-08:13:37 verw-asg320-01-2 pluto[9017]: "S_REF_lCdKJjLhOS_0"[2] 87.78.***.***:4500 #134: ERROR: netlink response for Add SA esp.872915a@87.78.***.*** included errno 93: Protocol not supported
2012:05:16-08:13:57 verw-asg320-01-2 pluto[9017]: "S_REF_lCdKJjLhOS_0"[2] 87.78.***.***:4500 #134: ERROR: netlink response for Add SA esp.872915a@87.78.***.*** included errno 93: Protocol not supported
2012:05:16-08:14:37 verw-asg320-01-2 pluto[9017]: "S_REF_lCdKJjLhOS_0"[2] 87.78.***.***:4500 #134: max number of retransmissions (2) reached STATE_QUICK_R1
2012:05:16-08:14:37 verw-asg320-01-2 pluto[9017]: "S_REF_lCdKJjLhOS_0"[2] 87.78.***.***:4500: deleting connection "S_REF_lCdKJjLhOS_0"[2] instance with peer 87.78.***.*** {isakmp=#0/ipsec=#0}I also tried to set up a PPTP remote access for testing purposes, but that one also returns an error. Maybe these two problems have the same source.
Here's the pptd log:
Code:
2012:05:16-08:12:43 verw-asg320-01-2 pptpd[18210]: CTRL: Client 87.78.***.*** control connection started
2012:05:16-08:12:43 verw-asg320-01-2 pptpd[18210]: CTRL: Starting call (launching pppd, opening GRE)
2012:05:16-08:12:43 verw-asg320-01-2 pppd-pptp[18211]: Plugin aua.so loaded.
2012:05:16-08:12:43 verw-asg320-01-2 pppd-pptp[18211]: AUA plugin initialized.
2012:05:16-08:12:43 verw-asg320-01-2 pppd-pptp[18211]: pppd 2.4.5 started by (unknown), uid 0
2012:05:16-08:12:43 verw-asg320-01-2 pppd-pptp[18211]: Couldn't set tty to PPP discipline: Invalid argument
2012:05:16-08:12:43 verw-asg320-01-2 pppd-pptp[18211]: Exit.
2012:05:16-08:12:43 verw-asg320-01-2 pptpd[18210]: GRE: read(fd=6,buffer=805a540,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
2012:05:16-08:12:43 verw-asg320-01-2 pptpd[18210]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
2012:05:16-08:12:43 verw-asg320-01-2 pptpd[18210]: CTRL: Reaping child PPP[18211]
2012:05:16-08:12:43 verw-asg320-01-2 pptpd[18210]: CTRL: Client 87.78.***.*** control connection finishedRegards
Manfred