Results 1 to 5 of 5
  1. #1
    Untangler
    Join Date
    Nov 2010
    Location
    São Paulo, SP, Brasil
    Posts
    38

    Default Azure Site to site unstable

    Hello everyone,

    I'm having trouble getting a stable connection between the Untangle and Azure.

    I have used the confgurations recommended by Azure, I have done tests with different encryptation, life cycles, among others.

    It happens that after detarminado period, there is no standard, occurs intermittently. The connection between the two stops running. However, both the Untangle as in Azure, the connection appears as active.
    Then disconnect the IPsec module and start it again, and the connection is restored immediately.

    I am monitoring the connection through a simple "ping" in one of the VMs on Azure. When I stop receiving ping response, I know that the VPN was interrupted.

    Below IPsec log the last time that the VPN was interrupted. And I'm putting attached the configuration I am using right now.
    Perhaps you can help me with something I'm not able to realize.



    Thank team.

    Feb 24 13:43:25 untangle pluto[13194]: "UT0_UntangleToAzure" #1: received and ignored informational message
    Feb 24 13:43:25 untangle pluto[13194]: "UT0_UntangleToAzure" #1: received Delete SA payload: replace IPSEC State #3 in 10 seconds
    Feb 24 13:38:24 untangle pluto[13194]: "UT0_UntangleToAzure" #1: received and ignored informational message
    Feb 24 13:38:24 untangle pluto[13194]: "UT0_UntangleToAzure" #1: received Delete SA(0xf6937286) payload: deleting IPSEC State #2
    Feb 24 13:38:24 untangle pluto[13194]: "UT0_UntangleToAzure" #3: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x1a9982da <0x244ea4ed xfrm=AES_256-HMAC_SHA2_256 NATOA=none NATD=none DPD=none}
    Feb 24 13:38:24 untangle pluto[13194]: "UT0_UntangleToAzure" #3: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
    Feb 24 13:38:24 untangle pluto[13194]: "UT0_UntangleToAzure" #3: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
    Feb 24 13:38:24 untangle pluto[13194]: "UT0_UntangleToAzure" #3: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
    Feb 24 13:38:24 untangle pluto[13194]: "UT0_UntangleToAzure" #3: keeping refhim=4294901761 during rekey
    Feb 24 13:38:24 untangle pluto[13194]: "UT0_UntangleToAzure" #3: them: 104.41.9.163<104.41.9.163>[+S=C]===10.0.0.0/8
    Feb 24 13:38:24 untangle pluto[13194]: "UT0_UntangleToAzure" #3: us: 192.168.1.0/24===201.28.122.203<201.28.122.203>[+S=C]
    Feb 24 13:38:24 untangle pluto[13194]: "UT0_UntangleToAzure" #3: responding to Quick Mode proposal {msgid:00000080}
    Feb 24 13:38:24 untangle pluto[13194]: "UT0_UntangleToAzure" #1: the peer proposed: 192.168.1.0/24:0/0 -> 10.0.0.0/8:0/0
    Last edited by arthurbovolon; 02-24-2015 at 10:16 AM.

  2. #2
    Untangler
    Join Date
    Nov 2010
    Location
    São Paulo, SP, Brasil
    Posts
    38

    Default

    Complementing...

    http://stackoverflow.com/questions/2...ing-every-hour

    My problem is very similar, I could see that the disconnection occurs approximately every hour.
    However, since IKE cycle set for 8 hours and the key for 1 hour.

    I noticed that Microsoft recommends that you not use the PFS, which left unchecked this option in Untangle. However, in the configuration "Phase 2" there is a "PFS Key Group" option where I can not help disabled. This can influence something?

  3. #3
    Untangler
    Join Date
    Nov 2010
    Location
    São Paulo, SP, Brasil
    Posts
    38

    Default

    Unfortunately the support Untangle says he can not help us in connections between Untangle and third. Only between Untangle's.
    So I can only use the excellent friends forum.

    It seems reasonable to at least try to help the client who followed all the Microsoft Configuration instructions and can not establish a stable connection. But anyway ...


    I thought of two options:
    - The team could inform the Untangle IPsec VPN is not compatible with Windows Azure.

    - If the Untangle is compatible, why not create a step to step how to establish a stable connection to the Windows Azure?

    The second option seems more attractive. Since it would be a great decoy have Untangle as an application approved for Windows Azure, such as those already here:
    https://msdn.microsoft.com/en-us/lib.../jj156075.aspx

    Are there any plans of the team for the Untangle is an approved gateway?

    I thank everyone and anyone who can help me find a stable connection.

  4. #4
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    I would try 11.1 beta as it uses strongswan instead of openswan.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Untangler
    Join Date
    Nov 2010
    Location
    São Paulo, SP, Brasil
    Posts
    38

    Default

    Thanks for the info Dmorris!

    Actually found many reports of users experiencing problems with openswan community.

    I will be eagerly waiting for a stable version 11.1

    Thanks!

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2