投稿日:2004年05月02日 作成鷹の巣

No.15816 何故か落ちてしまいます。(VPNが原因?)



何故か落ちてしまいます。(VPNが原因?)

No.15816 投稿時間:2004年05月02日(Sun) 14:29 投稿者名:Chikako URL:

よろしくお願いいたします。



hostA.dyndns.net─Win2k

WAN─hostB.dyndns.com─Win2k

hostC.dyndns.co.jp─Win2k

の3マシン(RedHat9)をVPN接続しています。
各ホストでは下記のように設定ファイルを記述しています。

# rpm -qa |grep freeswan
freeswan-userland-2.01_2.4.20_8-0
freeswan-module-2.01_2.4.20_8-0

# cat /etc/ipsec.conf | grep -v ^# | grep -v ^$
version 2.0 # conforms to second version of ipsec.conf specification
config setup
interfaces="ipsec0=ppp0"
klipsdebug=none
plutodebug=none
conn %default
type=tunnel
keyingtries=10
authby=rsasig
keylife=1h
pfs=yes
conn aa-to-bb
left=aaa.aaa.aaa.aaa
leftsubnet=192.168.0.0/24
leftid=@hostA.dyndns.net
leftrsasigkey=0sAQPUbp…9VU9
leftnexthop=AAA.AAA.AAA.AAA
right=bbb.bbb.bbb.bbb
rightsubnet=192.168.2.0/24
rightid=@hostB.dyndns.com
rightrsasigkey=0sAQN7m…S6IXIn
rightnexthop=BBB.BBB.BBB.BBB
auto=add
conn aa-to-cc
left=aaa.aaa.aaa.aaa
leftsubnet=192.168.0.0/24
leftid=@hostA.dyndns.net
leftrsasigkey=0sAQPUbp…9VU9
leftnexthop=AAA.AAA.AAA.AAA
right=ccc.ccc.ccc.ccc
rightsubnet=192.168.3.0/24
rightid=@hostC.dyndns.co.jp
rightrsasigkey=0sAQOa…UjSRYiap
rightnexthop=CCC.CCC.CCC.CCC
auto=add
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore

この状況下で

# ipsec auto --up aa-to-bb
# ipsec auto --up aa-to-cc

として接続できています。最近、hostCが突然落ちる事があります。落ちる直前のログ(/var/log/secure、/var/log/messages)は
以下の通りです。これから落ちる原因が分かりますでしょうか?


Apr 30 10:09:01 hostC pluto[6423ハ: "aa-to-cc" #4: responding to Main Mode
Apr 30 10:09:02 hostC pluto[6423ハ: "aa-to-cc" #4: sent MR3, ISAKMP SA established
Apr 30 10:09:57 hostC pluto[6423ハ: "aa-to-cc" #5: responding to Quick Mode
Apr 30 10:09:58 hostC pluto[6423ハ: "aa-to-cc" #5: IPsec SA established {ESP=>0x3eb1c523 <0x76d7f863}
Apr 30 10:20:26 hostC pluto[6423ハ: packet from bbb.bbb.bbb.bbb:500: Informational Exchange is for an unknown (expired?) SA
Apr 30 10:20:28 hostC pluto[6423ハ: "aa-to-cc" #4: received Delete SA(0x3eb1c521) payload: deleting IPSEC State #2
Apr 30 10:25:24 hostC pluto[6423ハ: "aa-to-cc" #4: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x3eb1c522) not found (maybe expired)
Apr 30 10:43:05 hostC pluto[6423ハ: shutting down
Apr 30 10:43:05 hostC pluto[6423ハ: forgetting secrets
Apr 30 10:43:05 hostC pluto[6423ハ: "aa-to-cc": deleting connection
Apr 30 10:43:05 hostC pluto[6423ハ: "aa-to-cc" #5: deleting state (STATE_QUICK_R2)
Apr 30 10:43:05 hostC pluto[6423ハ: "aa-to-cc" #4: deleting state (STATE_MAIN_R3)
Apr 30 10:43:05 hostC pluto[6423ハ: "cc-to-bb": deleting connection
Apr 30 10:43:05 hostC pluto[6423ハ: shutting down interface ipsec0/ppp0 ccc.ccc.ccc.ccc
Apr 30 10:43:08 hostC ipsec__plutorun: Starting Pluto subsystem...
Apr 30 10:43:09 hostC pluto[14716ハ: Starting Pluto (FreeS/WAN Version 2.05 PLUTO_USES_KEYRR)
Apr 30 10:43:09 hostC pluto[14716ハ: Using KLIPS IPsec interface code
Apr 30 10:43:09 hostC pluto[14716ハ: shutting down
Apr 30 10:43:13 hostC ipsec__plutorun: Starting Pluto subsystem...
Apr 30 10:43:13 hostC pluto[15324ハ: Starting Pluto (FreeS/WAN Version 2.05 PLUTO_USES_KEYRR)
Apr 30 10:43:13 hostC pluto[15324ハ: Using KLIPS IPsec interface code
Apr 30 10:43:13 hostC pluto[15324ハ: added connection description "cc-to-bb"
Apr 30 10:43:14 hostC pluto[15324ハ: added connection description "aa-to-cc"
Apr 30 10:43:14 hostC pluto[15324ハ: listening for IKE messages
Apr 30 10:43:14 hostC pluto[15324ハ: adding interface ipsec0/ppp0 ccc.ccc.ccc.ccc
Apr 30 10:43:14 hostC pluto[15324ハ: loading secrets from "/etc/ipsec.secrets"



Apr 30 10:36:57 hostC /etc/hotplug/net.agent: NET unregister event not supported
Apr 30 10:36:58 hostC adsl-connect: ADSL connection lost; attempting re-connection.
Apr 30 10:37:03 hostC pppd[13855ハ: pppd 2.4.1 started by root, uid 0
Apr 30 10:37:03 hostC pppd[13855ハ: Using interface ppp0
Apr 30 10:37:03 hostC pppd[13855ハ: Connect: ppp0 <--> /dev/pts/0
Apr 30 10:37:03 hostC /etc/hotplug/net.agent: assuming ppp0 is already up
Apr 30 10:37:03 hostC pppoe[13856ハ: PPP session is 4570
Apr 30 10:37:04 hostC pppd[13855ハ: local IP address ccc.ccc.ccc.ccc
Apr 30 10:37:04 hostC pppd[13855ハ: remote IP address CCC.CCC.CCC.CCC
Apr 30 10:41:35 hostC ddclient[3111ハ: WARNING: cannot connect to members.dyndns.org:80 socket: IO::Socket::INET: Bad hostname 'members.dyndns.org'
Apr 30 10:41:35 hostC ddclient[3111ハ: FAILED: updating hostC.dyndns.co.jp: Could not connect to members.dyndns.org.
Apr 30 10:42:51 hostC ntpd[3094ハ: synchronisation lost
Apr 30 10:43:05 hostC ipsec_setup: Stopping FreeS/WAN IPsec...
Apr 30 10:43:06 hostC kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Apr 30 10:43:06 hostC ipsec_setup: /usr/local/libexec/ipsec/tncfg: Socket ioctl failed on detach -- No such device. Is the virtual device valid? The ipsec module may not be linked into the kernel or loaded as a module.
Apr 30 10:43:06 hostC kernel:
Apr 30 10:43:06 hostC kernel:
Apr 30 10:43:06 hostC kernel: klips_info:pfkey_cleanup: shutting down PF_KEY domain sockets.
Apr 30 10:43:06 hostC kernel: klips_info:cleanup_module: ipsec module unloaded.
Apr 30 10:43:06 hostC ipsec_setup: ...FreeS/WAN IPsec stopped
Apr 30 10:43:06 hostC /etc/hotplug/net.agent: NET unregister event not supported
Apr 30 10:43:06 hostC last message repeated 3 times
Apr 30 10:43:08 hostC ipsec_setup: Starting FreeS/WAN IPsec 2.05...
Apr 30 10:43:08 hostC kernel: klips_info:ipsec_init: KLIPS startup, FreeS/WAN IPSec version: 2.05
Apr 30 10:43:08 hostC ipsec_setup: Using /lib/modules/2.4.20-8/kernel/net/ipsec/ipsec.o
Apr 30 10:43:08 hostC /etc/hotplug/net.agent: invoke ifup ipsec2
Apr 30 10:43:08 hostC /etc/hotplug/net.agent: invoke ifup ipsec1
Apr 30 10:43:08 hostC /etc/hotplug/net.agent: invoke ifup ipsec0
Apr 30 10:43:08 hostC /etc/hotplug/net.agent: invoke ifup ipsec3
Apr 30 10:43:08 hostC ipsec_setup: KLIPS debug `none'
Apr 30 10:43:08 hostC kernel:
Apr 30 10:43:08 hostC ipsec_setup: KLIPS ipsec0 on ppp0 ccc.ccc.ccc.ccc/255.255.255.255 pointopoint CCC.CCC.CCC.CCC
Apr 30 10:43:08 hostC ipsec_setup: WARNING: changing route filtering on ppp0 (changing /proc/sys/net/ipv4/conf/ppp0/rp_filter from 1 to 0)
Apr 30 10:43:09 hostC ipsec_setup: ...FreeS/WAN IPsec started
Apr 30 10:43:09 hostC ipsec_setup: Stopping FreeS/WAN IPsec...
Apr 30 10:43:09 hostC ipsec__plutorun: whack: read() failed (104 Connection reset by peer)
Apr 30 10:43:09 hostC ipsec__plutorun: ...could not add conn "cc-to-bb"
Apr 30 10:43:09 hostC ipsec__plutorun: whack: Pluto is not running (no "/var/run/pluto.ctl")
Apr 30 10:43:09 hostC ipsec__plutorun: ...could not add conn "aa-to-cc"
Apr 30 10:43:09 hostC ipsec__plutorun: whack: Pluto is not running (no "/var/run/pluto.ctl")
Apr 30 10:43:10 hostC kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Apr 30 10:43:10 hostC kernel:
Apr 30 10:43:10 hostC /etc/hotplug/net.agent: NET unregister event not supported
Apr 30 10:43:11 hostC kernel:
Apr 30 10:43:11 hostC kernel: klips_info:pfkey_cleanup: shutting down PF_KEY domain sockets.
Apr 30 10:43:11 hostC kernel: klips_info:cleanup_module: ipsec module unloaded.
Apr 30 10:43:11 hostC /etc/hotplug/net.agent: NET unregister event not supported
Apr 30 10:43:11 hostC last message repeated 2 times
Apr 30 10:43:11 hostC ipsec_setup: ...FreeS/WAN IPsec stopped
Apr 30 10:43:12 hostC ipsec_setup: Starting FreeS/WAN IPsec 2.05...
Apr 30 10:43:12 hostC kernel: klips_info:ipsec_init: KLIPS startup, FreeS/WAN IPSec version: 2.05
Apr 30 10:43:12 hostC ipsec_setup: Using /lib/modules/2.4.20-8/kernel/net/ipsec/ipsec.o
Apr 30 10:43:12 hostC /etc/hotplug/net.agent: invoke ifup ipsec2
Apr 30 10:43:12 hostC /etc/hotplug/net.agent: invoke ifup ipsec1
Apr 30 10:43:12 hostC ipsec_setup: KLIPS debug `none'
Apr 30 10:43:12 hostC /etc/hotplug/net.agent: invoke ifup ipsec3
Apr 30 10:43:12 hostC /etc/hotplug/net.agent: invoke ifup ipsec0
Apr 30 10:43:13 hostC kernel:
Apr 30 10:43:13 hostC ipsec_setup: KLIPS ipsec0 on ppp0 ccc.ccc.ccc.ccc/255.255.255.255 pointopoint CCC.CCC.CCC.CCC
Apr 30 10:43:13 hostC ipsec_setup: ...FreeS/WAN IPsec started
Apr 30 10:43:51 hostC ntpd[3094ハ: sendto(133.100.9.2): Invalid argument
Apr 30 10:43:56 hostC ntpd[3094ハ: sendto(133.100.11.8): Invalid argument
Apr 30 10:43:56 hostC ntpd[3094ハ: sendto(130.69.251.23): Invalid argument


|目次|掲示板|過去ログ目次|▲頁先頭|