On 01/10/2012 07:47 AM, Mark A. DeMichele wrote:
I came across you web page that explains how to make a report, so here
it is.
Problem:
VPN normally works, but during the night (and sometimes during the day),
I lose my connection for no apparent reason.
I ran overnight with the debug log on. Sometime after 6:00am I lost the
connection. Is there something in the log that can help.
VPN Client Version = 2.1.7
Windows OS Version = Windows 7 Home Premium SP 1 - 64bit
Gateway Make/Model = Netscreen 10
Gateway OS Version = 3.0.1r7.0
From: Mark A. DeMichele
Sent: Monday, January 09, 2012 10:17 PM
To: '[email protected]'
Subject: Random Disconnects
I'm using the latest ShrewSoft with Windows 7 64bit. I'm connecting to
a Netscreen 10. Everything works except I get random disconnects. I
also noticed on one of my boxes, if I use Windows Explorer to upload a
large file to my server I'm connected to, the VPN hangs. I then need to
restart all the services and re-connect. What's odd is that I have two
Windows 7 64bit machines and one works fine for uploading. However,
both will disconnect randomly, especially, if my machine is dormant.
Hi Mark,
I think part of your problems may be a phase1 lifetime mismatch between
the gateway (Netscreen) and client (Shrew).
You can see in the log snippets below that the phase2 security
association (sa) renegotiates every 48 minutes, so the next phase2
renegotiation should have initiated at 06:31. However, the gateway
appears to have sent a disconnect (DELETE) message before that.
According to the log, the phase2 still had time to go (15m or so) and
the phase1 still had a long while (16h) to go.
The DELETE message came almost 8 hours exactly after the phase1 session
was established. I'd check on the gateway to see if perhaps the phase1
lifetime is set to 28800 seconds on that side (instead of the 86400 that
Shrew thinks). If the gateway and Shrew do not agree on lifetimes, the
VPN can still be established, but the phase1 will not be renegotiated
properly, leading to sudden disconnects when the gateway's phase1 timer
expires.
I'm not sure about your uploading problems, let's see if they persist
after we fix the disconnects issue.
Log snippets:
12/01/09 22:27:13 DB : new phase1 ( ISAKMP initiator )
12/01/09 22:27:15 ii : matched isakmp proposal #1 transform #1
12/01/09 22:27:15 ii : - life seconds = 86400
12/01/09 22:27:34 DB : new phase2 ( IPSEC initiator )
12/01/09 22:27:35 ii : matched ipsec-esp proposal #1 transform #1
12/01/09 22:27:35 ii : - life seconds = 3600
12/01/09 22:27:35 ii : phase2 sa established
12/01/09 23:15:35 ii : phase2 sa will expire in 721 seconds
12/01/09 23:15:37 ii : phase2 sa established
12/01/10 00:03:37 ii : phase2 sa will expire in 721 seconds
12/01/10 00:04:06 ii : phase2 sa established
12/01/10 00:52:06 ii : phase2 sa will expire in 721 seconds
12/01/10 00:52:58 ii : phase2 sa established
12/01/10 01:40:58 ii : phase2 sa will expire in 721 seconds
12/01/10 01:41:28 ii : phase2 sa established
12/01/10 02:29:28 ii : phase2 sa will expire in 721 seconds
12/01/10 02:30:24 ii : phase2 sa established
12/01/10 03:18:24 ii : phase2 sa will expire in 721 seconds
12/01/10 03:19:22 ii : phase2 sa established
12/01/10 04:07:22 ii : phase2 sa will expire in 721 seconds
12/01/10 04:07:53 ii : phase2 sa established
12/01/10 04:55:53 ii : phase2 sa will expire in 721 seconds
12/01/10 04:55:54 ii : phase2 sa established
12/01/10 05:43:54 ii : phase2 sa will expire in 721 seconds
12/01/10 05:44:24 ii : phase2 sa established
12/01/10 06:27:45 ii : received peer DELETE message
12/01/10 06:27:45 ii : - xxx.xxx.78.2:500 -> 192.168.2.19:500
12/01/10 06:27:45 ii : - isakmp spi = 9847316d1acea25c:124ab0a9a93773f2
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help
