StrongSwan + xl2tpd client timeout between 2-5 minutes

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by Howard Guo on Server Fault See other posts from Server Fault or by Howard Guo
Published on 2013-11-03T09:27:21Z Indexed on 2013/11/03 9:57 UTC
Read the original article Hit count: 391

Filed under:
|
|
|
|

I run CentOS 6.4 on Amazon EC2, using xl2tpd-1.3.1 from EPEL repository together with StrongSwan 5.0.4.

I setup a simple IPSec connection:

conn l2tp
    type=transport
    keyexchange=ikev1
    rekey=no
    authby=psk
    leftsubnet=0.0.0.0/0
    rightsubnet=0.0.0.0/0
    compress=yes
    auto=add

And here is xl2tpd.conf:

[global]
ipsec saref = yes

[lns default]
ip range = 192.168.0.2-192.168.0.250
local ip = 192.168.0.1
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

Here is options.xl2tpd:

ms-dns 8.8.4.4
auth
lock
debug
proxyarp

There is only one client - Android 4.2

Android connects successfully:

Oct 27 19:45:02 ip-172-31-17-30 xl2tpd[2706]: Connection established to x.x.x.x, 59578.  Local: 18934, Remote: 29291 (ref=0/0).  LNS session is 'default'
Oct 27 19:45:02 ip-172-31-17-30 xl2tpd[2706]: Call established with x.x.x.x, Local: 36452, Remote: 29845, Serial: -1369754322
Oct 27 19:45:02 ip-172-31-17-30 pppd[2709]: pppd 2.4.5 started by howard, uid 0
Oct 27 19:45:02 ip-172-31-17-30 pppd[2709]: Using interface ppp0
Oct 27 19:45:02 ip-172-31-17-30 pppd[2709]: Connect: ppp0 <--> /dev/pts/0
Oct 27 19:45:02 ip-172-31-17-30 pppd[2709]: peer from calling number x.x.x.x authorized
Oct 27 19:45:02 ip-172-31-17-30 pppd[2709]: Deflate (15) compression enabled
Oct 27 19:45:03 ip-172-31-17-30 pppd[2709]: Cannot determine ethernet address for proxy ARP
Oct 27 19:45:03 ip-172-31-17-30 pppd[2709]: local  IP address 192.168.0.1
Oct 27 19:45:03 ip-172-31-17-30 pppd[2709]: remote IP address 192.168.0.2
Oct 27 19:45:03 ip-172-31-17-30 charon: 06[KNL] 192.168.0.1 appeared on ppp0
Oct 27 19:45:03 ip-172-31-17-30 charon: 06[KNL] 192.168.0.1 disappeared from ppp0
Oct 27 19:45:03 ip-172-31-17-30 charon: 06[KNL] 192.168.0.1 appeared on ppp0
Oct 27 19:45:03 ip-172-31-17-30 charon: 06[KNL] interface ppp0 activated

In the meanwhile, Internet works perfectly on the Android client, the VPN connection is stable and fast.

However, it always happens that within 2-5 minutes after the connection is established:

Oct 27 19:47:07 ip-172-31-17-30 xl2tpd[2706]: Maximum retries exceeded for tunnel 18934.  Closing.
Oct 27 19:47:07 ip-172-31-17-30 xl2tpd[2706]: Connection 29291 closed to 95.91.227.224, port 59578 (Timeout)
Oct 27 19:47:07 ip-172-31-17-30 charon: 06[KNL] interface ppp0 deactivated
Oct 27 19:47:07 ip-172-31-17-30 charon: 06[KNL] interface ppp0 deleted

Then the VPN connection is broken.

So what might have gone wrong?

The same L2TP service works flawlessly on iOS 7, MacOS 10.8, and Windows 7, there is no disconnection issue on those OSes.

Thank you!

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about vpn

Related posts about ipsec

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle