VPN Timeout after 10 mins

**tescophil** · 07-07-2017, 02:46 AM

Hi,

Having issues with IPSec VPN timing out after 10 mins. I have this on Android 7.0 and MacBook Pro both using the build in VPN functionality.

Lots of 'unable to reauthenticate' events' etc.

Any idea what is going on here / how to resolve the issue ?

Thanks.

Code:

Jul  7 10:25:10 untangle charon: 10[CFG] lease 198.19.0.1 by 'phil' went offline
Jul  7 10:25:10 untangle charon: 10[NET] sending packet: from 192.168.0.254[4500] to 81.145.231.74[28065] (108 bytes)
Jul  7 10:25:10 untangle charon: 10[ENC] generating INFORMATIONAL_V1 request 1020595339 [ HASH D ]
Jul  7 10:25:10 untangle charon: 10[IKE] sending DELETE for IKE_SA VPN-XAUTH-0[26]
Jul  7 10:25:10 untangle charon: 10[IKE] deleting IKE_SA VPN-XAUTH-0[26] between 192.168.0.254[192.168.0.254]...81.145.231.74[172.16.2.103]
Jul  7 10:25:10 untangle charon: 10[IKE] deleting IKE_SA VPN-XAUTH-0[26] between 192.168.0.254[192.168.0.254]...81.145.231.74[172.16.2.103]
Jul  7 10:25:10 untangle charon: 10[NET] sending packet: from 192.168.0.254[4500] to 81.145.231.74[28065] (92 bytes)
Jul  7 10:25:10 untangle charon: 10[ENC] generating INFORMATIONAL_V1 request 2898521862 [ HASH D ]
Jul  7 10:24:51 untangle charon: 03[IKE] unable to reauthenticate in CHILD_SA REKEYING state, delaying for 26s
Jul  7 10:24:49 untangle charon: 04[KNL] creating rekey job for ESP CHILD_SA with SPI c1033e04 and reqid {15}
Jul  7 10:24:38 untangle charon: 10[IKE] unable to reauthenticate in CHILD_SA REKEYING state, delaying for 13s
Jul  7 10:24:31 untangle charon: 12[KNL] creating rekey job for ESP CHILD_SA with SPI c8144485 and reqid {15}
Jul  7 10:24:24 untangle charon: 14[IKE] unable to reauthenticate in CHILD_SA REKEYING state, delaying for 14s
Jul  7 10:24:20 untangle charon: 05[KNL] creating rekey job for ESP CHILD_SA with SPI 06c52142 and reqid {15}
Jul  7 10:15:56 untangle charon: 14[IKE] received 3600s lifetime, configured 900s
Jul  7 10:15:56 untangle charon: 14[IKE] expected IPComp proposal but peer did not send one, IPComp disabled
Jul  7 10:15:56 untangle charon: 14[ENC] parsed QUICK_MODE request 2351514339 [ HASH SA No ID ID ]
Jul  7 10:15:56 untangle charon: 06[ENC] generating TRANSACTION response 3300946328 [ HASH CPRP(ADDR DNS) ]
Jul  7 10:15:56 untangle charon: 06[IKE] assigning virtual IP 198.19.0.1 to peer 'phil'
Jul  7 10:15:56 untangle charon: 06[CFG] reassigning offline lease to 'phil'
Jul  7 10:15:56 untangle charon: 06[IKE] peer requested virtual IP %any
Jul  7 10:15:56 untangle charon: 06[ENC] parsed TRANSACTION request 3300946328 [ HASH CPRQ(ADDR MASK DNS NBNS EXP VER U_BANNER U_DEFDOM U_SPLITDNS U_SPLITINC U_LOCALLAN U_PFS U_SAVEPWD U_FWTYPE U_BKPSRV (28683)) ]
Jul  7 10:15:56 untangle charon: 06[ENC] unknown attribute type (28683)
Jul  7 10:15:56 untangle charon: 06[NET] received packet: from 81.145.231.74[28065] to 192.168.0.254[4500] (188 bytes)
Jul  7 10:15:56 untangle charon: 05[IKE] maximum IKE_SA lifetime 553s
Jul  7 10:15:56 untangle charon: 05[IKE] scheduling reauthentication in 13s
Jul  7 10:15:56 untangle charon: 05[IKE] IKE_SA VPN-XAUTH-0[26] established between 192.168.0.254[192.168.0.254]...81.145.231.74[172.16.2.103]
Jul  7 10:15:56 untangle charon: 05[IKE] IKE_SA VPN-XAUTH-0[26] established between 192.168.0.254[192.168.0.254]...81.145.231.74[172.16.2.103]
Jul  7 10:15:56 untangle charon: 05[ENC] parsed TRANSACTION response 2713431574 [ HASH CPA(X_STATUS) ]
Jul  7 10:15:56 untangle charon: 08[ENC] generating TRANSACTION request 2713431574 [ HASH CPS(X_STATUS) ]
Jul  7 10:15:56 untangle charon: 08[IKE] XAuth authentication of 'phil' successful
Jul  7 10:15:56 untangle charon: 08[ENC] parsed TRANSACTION response 1401685470 [ HASH CPRP(X_USER X_PWD) ]
Jul  7 10:15:56 untangle charon: 02[ENC] generating TRANSACTION request 1401685470 [ HASH CPRQ(X_USER X_PWD) ]
Jul  7 10:15:56 untangle charon: 02[NET] sending packet: from 192.168.0.254[4500] to 81.145.231.74[28065] (92 bytes)
Jul  7 10:15:56 untangle charon: 02[ENC] generating ID_PROT response 0 [ ID HASH ]
Jul  7 10:15:56 untangle charon: 02[CFG] selected peer config "VPN-XAUTH-0"
Jul  7 10:15:56 untangle charon: 02[CFG] looking for XAuthInitPSK peer configs matching 192.168.0.254...81.145.231.74[172.16.2.103]
Jul  7 10:15:56 untangle charon: 02[ENC] parsed ID_PROT request 0 [ ID HASH ]
Jul  7 10:15:56 untangle charon: 10[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Jul  7 10:15:56 untangle charon: 10[IKE] remote host is behind NAT
Jul  7 10:15:56 untangle charon: 10[IKE] local host is behind NAT, sending keep alives
Jul  7 10:15:56 untangle charon: 10[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Jul  7 10:15:56 untangle charon: 16[ENC] generating ID_PROT response 0 [ SA V V V ]
Jul  7 10:15:56 untangle charon: 16[IKE] 81.145.231.74 is initiating a Main Mode IKE_SA
Jul  7 10:15:56 untangle charon: 16[IKE] 81.145.231.74 is initiating a Main Mode IKE_SA
Jul  7 10:15:56 untangle charon: 16[IKE] received DPD vendor ID
Jul  7 10:15:56 untangle charon: 16[IKE] received FRAGMENTATION vendor ID
Jul  7 10:15:56 untangle charon: 16[IKE] received Cisco Unity vendor ID
Jul  7 10:15:56 untangle charon: 16[IKE] received XAuth vendor ID
Jul  7 10:15:56 untangle charon: 16[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Jul  7 10:15:56 untangle charon: 16[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Jul  7 10:15:56 untangle charon: 16[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Jul  7 10:15:56 untangle charon: 16[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID
Jul  7 10:15:56 untangle charon: 16[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID
Jul  7 10:15:56 untangle charon: 16[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID
Jul  7 10:15:56 untangle charon: 16[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID
Jul  7 10:15:56 untangle charon: 16[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID
Jul  7 10:15:56 untangle charon: 16[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID
Jul  7 10:15:56 untangle charon: 16[IKE] received NAT-T (RFC 3947) vendor ID
Jul  7 10:15:56 untangle charon: 16[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V V V V V ]
Jul  7 10:15:56 untangle charon: 16[NET] received packet: from 81.145.231.74[58279] to 192.168.0.254[500] (848 bytes)

**rathb18** · 07-07-2017, 10:30 AM

I thought it was just me lol I've had the same issues when I tried it out. I usually just use openvpn though. But yeah it's not just you. I've had the issue on my pixel XL running Android 7 and 8. My logs look the same. Mainly unable to reauthenticate..

**SecureZone** · 07-12-2017, 08:55 PM

I have this issue too, with all clients I have tried.

Thread: VPN Timeout after 10 mins

LinkBack

Thread Tools

VPN Timeout after 10 mins

Posting Permissions