search

ubergarm / l2tp-ipsec-vpn-client

A tiny Alpine based docker image to quickly setup an L2TP over IPsec VPN client w/ PSK.
MIT License
162 stars 125 forks source link

Not staying connected for very long #8

Open dmp1ce opened 5 years ago

dmp1ce commented 5 years ago

After about 15 minutes or so after connecting to a Ubiquity gateway VPN I get the following message in the logs and then disconnected from VPN.

Mar  7 17:26:13: "L2TP-PSK" #1: ISAKMP SA expired (--dontrekey)
Mar  7 17:26:13: "L2TP-PSK" #1: deleting state (STATE_MAIN_I4) and sending notification
Mar  7 17:26:19: "L2TP-PSK" #2: DPD: could not find newest phase 1 state - initiating a new one                                                                                                      
Mar  7 17:26:19: "L2TP-PSK" #2: IKEv1 DPD: action - clearing connection
Mar  7 17:26:19: "L2TP-PSK" #2: %s action clear: Clearing Connection L2TP-PSK[0] CK_PERMANENT                                                                                                        
Mar  7 17:26:19: "L2TP-PSK" #2: deleting state (STATE_QUICK_I2) and sending notification
Mar  7 17:26:19: "L2TP-PSK" #2: ESP traffic information: in=0B out=0B
xl2tpd[1]: Maximum retries exceeded for tunnel 50899.  Closing.
xl2tpd[1]: Terminating pppd: sending TERM signal to pid 39
xl2tpd[1]: Connection 17209 closed to xxx.xxx.xxx.xxx, port 1701 (Timeout)
xl2tpd[1]: Unable to deliver closing message for tunnel 50899. Destroying anyway.

Is there a way for me to keep the connection alive?

lilvinz commented 5 years ago

I see that same issue. Did you find a fix for this?

dmp1ce commented 5 years ago

Sorry, I did not. I just stop the container, remove all volumes and restart.

zhangsean commented 4 years ago

I met the same issue, which timeout during connecting to server port 1701. My L2TP/IPSec VPN runs normaly for Windows and Mac clients, only UDP port 500 and 4500 are exported but without export port 1701. Why this l2tp-ipsec-vpn-client need port 1701? Is port 1701 necessary? Should I export UDP port 1701 on the server or client gateway?

arctic-ice-cool commented 3 years ago

Did anyone resolve this issue? It's currently just disconnecting after about 15 minutes, which is such a shame because other than that this connects seamlessly?

arctic-ice-cool commented 3 years ago

So I had to write a bash script to run to monitor the VPN connection presence and restart the container if it fails (just quick and dirty) and this morning I decided to get it to send me an email whenever it discovered it was down and had to kill and relaunch the container, and these are the times it did it:

It's actually doing it on the hour, every hour (the monitor script runs every minute). It's like as soon as the container hits 60 minute runtime, it then disconnects?

Screenshot 2021-09-10 at 16 21 28
sautvaste commented 6 months ago

Mar 7 17:26:13: "L2TP-PSK" #1: ISAKMP SA expired (--dontrekey) says that the ipsec connection is expired

Check the libreswan's doc about ipsec.conf The parameter ikelifetime is set to 1 hour by default, and rekey=no was configured. Therefore, the client will not attempt to perform rekeying, and the IPsec connection will disconnect when the ikelifetime is reached.

Just set rekey to yes