Reply
pablogiganti
Posts: 1
Registered: ‎10-03-2006

Unstable VPN tunnel between Rv082 and aRV042

Hi,
I have a tunnel established between a RV082 and a RV042.

For some reason it keeps dropping. Any ideas why?

Here’s part of the log of the RV082:

  [Tunnel Negotiation Info] >>> Initiator send Aggressive Mode 3rd packet
  [Tunnel Negotiation Info] Aggressive Mode Phase 1 SA Established
  [Tunnel Negotiation Info] Initiator Cookies = 84b2 fd1b fe56 befa
  [Tunnel Negotiation Info] Responder Cookies = ca15 3b19 8f29 70bb
  initiating Quick Mode PSK+COMPRESS+TUNNEL+PFS+AGGRESSIVE
  [Tunnel Negotiation Info] >>> Initiator send Quick Mode 1st packet
  [Tunnel Negotiation Info] >>> Initiator Send Aggressive Mode 1st packet
  initiating Aggressive Mode #193, connection "ips0"
  STATE_AGGR_I1: initiate
  Quick Mode message is for a non-existent (expired?) ISAKMP SA
  Informational Exchange is for an unknown (expired?) SA
  Received Vendor ID payload Type = [Dead Peer Detection]
  [Tunnel Negotiation Info] <<< Initiator Received Aggressive Mode 2nd packet
  Aggressive mode peer ID is ID_IPV4_ADDR: '80.177.205.1'
  [Tunnel Negotiation Info] >>> Initiator send Aggressive Mode 3rd packet
  [Tunnel Negotiation Info] Aggressive Mode Phase 1 SA Established
  [Tunnel Negotiation Info] Initiator Cookies = 2d83 ecb9 975b cc4f
  [Tunnel Negotiation Info] Responder Cookies = 5a88 2463 b1ee 3481
  initiating Quick Mode PSK+COMPRESS+TUNNEL+PFS+AGGRESSIVE
  [Tunnel Negotiation Info] >>> Initiator send Quick Mode 1st packet
  [Tunnel Negotiation Info] <<< Initiator Received Quick Mode 2nd packet
  [Tunnel Negotiation Info] Inbound SPI value = 48e1ba48
  [Tunnel Negotiation Info] Outbound SPI value = 4fe53a78
  [Tunnel Negotiation Info] >>> Initiator Send Quick Mode 3rd packet
  [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
  Dead Peer Detection Start, DPD delay timer=10 sec timeout=10 sec
  received Delete SA payload: deleting IPSEC State #194
  received Delete SA payload: deleting ISAKMP State #193
  [Tunnel Negotiation Info] >>> Initiator Send Aggressive Mode 1st packet
  initiating Aggressive Mode #195, connection "ips0"
  STATE_AGGR_I1: initiate


Here’s part of the log of the RV042:

  [Tunnel Negotiation Info] Aggressive Mode Phase 1 SA Established
  [Tunnel Negotiation Info] Initiator Cookies = 60c1 b323 7cd0 afeb
  [Tunnel Negotiation Info] Responder Cookies = 81bf 7ac6 53d5 9ce0
  [Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet
  [Tunnel Negotiation Info] Inbound SPI value = 4fe53a7e
  [Tunnel Negotiation Info] Outbound SPI value = 48e1ba4e
  [Tunnel Negotiation Info] >>> Responder send Quick Mode 2nd packet
  [Tunnel Negotiation Info] <<< Responder Received Quick Mode 3rd packet
  [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
  Dead Peer Detection Start, DPD delay timer=10 sec timeout=10 sec
  Informational Exchange is for an unknown (expired?) SA
  Received Vendor ID payload Type = [Dead Peer Detection]
  [Tunnel Negotiation Info] <<< Responder Received Aggressive Mode 1st packet
  Initial Aggressive Mode message from 84.76.146.116 but no (wildcard) connection has been configured
  Received Vendor ID payload Type = [Dead Peer Detection]
  [Tunnel Negotiation Info] <<< Responder Received Aggressive Mode 1st packet
  Aggressive mode peer ID is ID_FQDN: '@cmr.dnsalias.com'
   Responding to Aggressive Mode from 84.76.146.116
  [Tunnel Negotiation Info] >>> Responder Send Aggressive Mode 2nd packet
  [Tunnel Negotiation Info] <<< Responder Received Aggressive Mode 3rd packet
  Aggressive mode peer ID is ID_FQDN: '@cmr.dnsalias.com'
   [Tunnel Negotiation Info] Aggressive Mode Phase 1 SA Established
  [Tunnel Negotiation Info] Initiator Cookies = 856b 14c5 15e3 2d46
  [Tunnel Negotiation Info] Responder Cookies = 2a7f 945 31d2 cd99
  [Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet
  [Tunnel Negotiation Info] Inbound SPI value = 4fe53a7f
  [Tunnel Negotiation Info] Outbound SPI value = 48e1ba4f
  [Tunnel Negotiation Info] >>> Responder send Quick Mode 2nd packet
  [Tunnel Negotiation Info] <<< Responder Received Quick Mode 3rd packet
  [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
  Dead Peer Detection Start, DPD delay timer=10 sec timeout=10 sec

Thanks,
Pablo

linksysinfo
Posts: 518
Registered: ‎06-29-2006

Re: Unstable VPN tunnel between Rv082 and aRV042

try turning off agressive mode
Regards Simon

NAS: TS-459 Pro - 3.6.1 Build0302T - 4 x 1TB Samsung HD103SJ : EXT4 - APC ES 700VA UPS
QPKG: WordPress 3.4, TwonkyMedia 6.0.39 QPKG - Zenphoto1.4.2.1 [7802] - phpMyAdmin v3.3.10
Network: Netgear DG834G V4.01.40 - DGTeam Rev. 0849 -> Cisco RV220W 1.0.4.13, Cisco SLM2008, Dlink DSM-520, Xbox360
cyboc
Posts: 8
Registered: ‎10-25-2006

Re: Unstable VPN tunnel between Rv082 and aRV042

I have the exact same problem with a very similar looking log. The suggestion to turn off aggressive mode doesn't apply to me because it was never on in the first place.

I have enabled keepalive and DPD on both sides.

On the RV042, the firmware version is 1.3.7.10 (latest as of today). On the RV082, the firmware version is 1.3.3.5 (latest as of today).

Here is the log from the RV082:
-----------------------------
Dec 8 07:07:59 2006 VPN Log [Tunnel Negotiation Info] Responder Received Main Mode 1st packet
Dec 8 07:07:59 2006 VPN Log [Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet
Dec 8 07:07:59 2006 VPN Log [Tunnel Negotiation Info] Responder Received Main Mode 3rd packet
Dec 8 07:07:59 2006 VPN Log [Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet
Dec 8 07:07:59 2006 VPN Log [Tunnel Negotiation Info] Responder Received Main Mode 5th packet
Dec 8 07:07:59 2006 VPN Log Main mode peer ID is ID_IPV4_ADDR: ''
Dec 8 07:07:59 2006 VPN Log [Tunnel Negotiation Info] >>> Responder Send Main Mode 6th packet
Dec 8 07:07:59 2006 VPN Log [Tunnel Negotiation Info] Main Mode Phase 1 SA Established
Dec 8 07:07:59 2006 VPN Log [Tunnel Negotiation Info] Initiator Cookies = 77a7 2735 5fd 8145
Dec 8 07:07:59 2006 VPN Log [Tunnel Negotiation Info] Responder Cookies = 649f f89 459f f449
Dec 8 07:08:18 2006 VPN Log received Delete SA payload: deleting ISAKMP State #6045
Dec 8 07:08:18 2006 VPN Log Initiating Main Mode
Dec 8 07:08:18 2006 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet
Dec 8 07:08:18 2006 VPN Log Informational Exchange is for an unknown (expired?) SA
Dec 8 07:08:19 2006 VPN Log Received Vendor ID payload Type = [Dead Peer Detection]
Dec 8 07:08:19 2006 VPN Log [Tunnel Negotiation Info] Initiator Received Main Mode 2nd packet
Dec 8 07:08:19 2006 VPN Log [Tunnel Negotiation Info] >>> Initiator send Main Mode 3rd packet
Dec 8 07:08:19 2006 VPN Log Received Vendor ID payload Type = [Dead Peer Detection]
Dec 8 07:08:19 2006 VPN Log [Tunnel Negotiation Info] Responder Received Main Mode 1st packet
Dec 8 07:08:19 2006 VPN Log [Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet
Dec 8 07:08:19 2006 VPN Log [Tunnel Negotiation Info] Responder Received Main Mode 3rd packet
Dec 8 07:08:19 2006 VPN Log [Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet
Dec 8 07:08:19 2006 VPN Log [Tunnel Negotiation Info] Responder Received Main Mode 5th packet
Dec 8 07:08:19 2006 VPN Log Main mode peer ID is ID_IPV4_ADDR: ''
Dec 8 07:08:19 2006 VPN Log [Tunnel Negotiation Info] >>> Responder Send Main Mode 6th packet
Dec 8 07:08:19 2006 VPN Log [Tunnel Negotiation Info] Main Mode Phase 1 SA Established
Dec 8 07:08:19 2006 VPN Log [Tunnel Negotiation Info] Initiator Cookies = 69ad 29d8 e6af 10d
Dec 8 07:08:19 2006 VPN Log [Tunnel Negotiation Info] Responder Cookies = 5919 d2f3 7d3 c71f
Dec 8 07:08:19 2006 VPN Log initiating Quick Mode PSK+TUNNEL+PFS
Dec 8 07:08:19 2006 VPN Log [Tunnel Negotiation Info] >>> Initiator send Quick Mode 1st packet
Dec 8 07:08:19 2006 VPN Log [Tunnel Negotiation Info] Responder Received Quick Mode 1st packet
Dec 8 07:08:19 2006 VPN Log [Tunnel Negotiation Info] Inbound SPI value = 58ba2a21
Dec 8 07:08:19 2006 VPN Log [Tunnel Negotiation Info] Outbound SPI value = 3f73cb10
Dec 8 07:08:19 2006 VPN Log [Tunnel Negotiation Info] >>> Responder send Quick Mode 2nd packet
Dec 8 07:08:19 2006 VPN Log [Tunnel Negotiation Info] Responder Received Quick Mode 1st packet
Dec 8 07:08:19 2006 VPN Log [Tunnel Negotiation Info] Inbound SPI value = 58ba2a22
Dec 8 07:08:19 2006 VPN Log [Tunnel Negotiation Info] Outbound SPI value = 3f73cb11
Dec 8 07:08:19 2006 VPN Log [Tunnel Negotiation Info] >>> Responder send Quick Mode 2nd packet
Dec 8 07:08:20 2006 VPN Log [Tunnel Negotiation Info] Initiator Received Quick Mode 2nd packet
Dec 8 07:08:20 2006 VPN Log [Tunnel Negotiation Info] Inbound SPI value = 58ba2a20
Dec 8 07:08:20 2006 VPN Log [Tunnel Negotiation Info] Outbound SPI value = 3f73cb12
Dec 8 07:08:20 2006 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Quick Mode 3rd packet
Dec 8 07:08:20 2006 VPN Log [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Dec 8 07:08:20 2006 VPN Log Dead Peer Detection Start, DPD delay timer=10 sec timeout=10 sec
Dec 8 07:08:20 2006 VPN Log [Tunnel Negotiation Info] Responder Received Quick Mode 3rd packet
Dec 8 07:08:20 2006 VPN Log [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Dec 8 07:08:20 2006 VPN Log Dead Peer Detection Start, DPD delay timer=10 sec timeout=10 sec
-----------------------------

Here is the log from the RV042:
-----------------------------
Dec 8 08:08:19 2006 VPN Log Initiating Main Mode
Dec 8 08:08:19 2006 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet
Dec 8 08:08:19 2006 VPN Log Phase 1 message is part of an unknown exchange
Dec 8 08:08:19 2006 VPN Log Received Vendor ID payload Type = [Dead Peer Detection]
Dec 8 08:08:19 2006 VPN Log [Tunnel Negotiation Info] Initiator Received Main Mode 2nd packet
Dec 8 08:08:19 2006 VPN Log [Tunnel Negotiation Info] >>> Initiator send Main Mode 3rd packet
Dec 8 08:08:19 2006 VPN Log [Tunnel Negotiation Info] Initiator Received Main Mode 4th packet
Dec 8 08:08:19 2006 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Main Mode 5th packet
Dec 8 08:08:19 2006 VPN Log [Tunnel Negotiation Info] >>> Initiator Receive Main Mode 6th packet
Dec 8 08:08:19 2006 VPN Log Main mode peer ID is ID_IPV4_ADDR: ''
Dec 8 08:08:19 2006 VPN Log [Tunnel Negotiation Info] Main Mode Phase 1 SA Established
Dec 8 08:08:19 2006 VPN Log [Tunnel Negotiation Info] Initiator Cookies = 69ad 29d8 e6af 10d
Dec 8 08:08:19 2006 VPN Log [Tunnel Negotiation Info] Responder Cookies = 5919 d2f3 7d3 c71f
Dec 8 08:08:19 2006 VPN Log initiating Quick Mode PSK+TUNNEL+PFS
Dec 8 08:08:19 2006 VPN Log [Tunnel Negotiation Info] >>> Initiator send Quick Mode 1st packet
Dec 8 08:08:19 2006 VPN Log initiating Quick Mode PSK+TUNNEL+PFS
Dec 8 08:08:20 2006 VPN Log [Tunnel Negotiation Info] >>> Initiator send Quick Mode 1st packet
Dec 8 08:08:20 2006 VPN Log [Tunnel Negotiation Info] Responder Received Quick Mode 1st packet
Dec 8 08:08:20 2006 VPN Log [Tunnel Negotiation Info] Inbound SPI value = 3f73cb12
Dec 8 08:08:20 2006 VPN Log [Tunnel Negotiation Info] Outbound SPI value = 58ba2a20
Dec 8 08:08:20 2006 VPN Log [Tunnel Negotiation Info] >>> Responder send Quick Mode 2nd packet
Dec 8 08:08:20 2006 VPN Log [Tunnel Negotiation Info] Initiator Received Quick Mode 2nd packet
Dec 8 08:08:20 2006 VPN Log [Tunnel Negotiation Info] Inbound SPI value = 3f73cb10
Dec 8 08:08:20 2006 VPN Log [Tunnel Negotiation Info] Outbound SPI value = 58ba2a21
Dec 8 08:08:20 2006 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Quick Mode 3rd packet
Dec 8 08:08:21 2006 VPN Log [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Dec 8 08:08:21 2006 VPN Log Dead Peer Detection Start, DPD delay timer=10 sec timeout=10 sec
Dec 8 08:08:21 2006 VPN Log [Tunnel Negotiation Info] Initiator Received Quick Mode 2nd packet
Dec 8 08:08:21 2006 VPN Log [Tunnel Negotiation Info] Inbound SPI value = 3f73cb11
Dec 8 08:08:21 2006 VPN Log [Tunnel Negotiation Info] Outbound SPI value = 58ba2a22
Dec 8 08:08:21 2006 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Quick Mode 3rd packet
Dec 8 08:08:21 2006 VPN Log [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Dec 8 08:08:21 2006 VPN Log Dead Peer Detection Start, DPD delay timer=10 sec timeout=10 sec
Dec 8 08:08:21 2006 VPN Log [Tunnel Negotiation Info] Responder Received Quick Mode 3rd packet
Dec 8 08:08:21 2006 VPN Log [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Dec 8 08:08:21 2006 VPN Log Dead Peer Detection Start, DPD delay timer=10 sec timeout=10 sec
Dec 8 08:08:29 2006 VPN Log Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x4b99fc5b (perhaps this is a duplicated packet)
-----------------------------

The strange thing is, when I checked the status of the tunnel on the VPN Summary page on the RV082 it said "Connected". (Unfortunately, I didn't check the status on the RV042...dummy).

To fix it, I have to disconnect and then reconnect the tunnel on the RV082. I don't want to have to do this every time the tunnel goes down like this (seems to happen once a day). Any suggestions for fixing this permanently????
tbizsys
Posts: 1
Registered: ‎12-08-2006

Re: Unstable VPN tunnel between Rv082 and aRV042

Try using the latest RV082 firmware 1.3.3.6.  It is posted at ftp://ftp.linksys.com/pub/network/
 
It resolved similar problems for me.
 
jt
eleelinksys
Posts: 2
Registered: ‎01-04-2007

Re: Unstable VPN tunnel between Rv082 and aRV042

I found Firmware 1.3.3.6 on the FTP site, but it is not posted as a download from the Linksys support site. Is this a tested firmware and in production, or is it still in test
linksysinfo
Posts: 518
Registered: ‎06-29-2006

Re: Unstable VPN tunnel between Rv082 and aRV042

it is a beta firmware to fix issues. v1.3.3.8 is now out. available at my site.
Regards Simon

NAS: TS-459 Pro - 3.6.1 Build0302T - 4 x 1TB Samsung HD103SJ : EXT4 - APC ES 700VA UPS
QPKG: WordPress 3.4, TwonkyMedia 6.0.39 QPKG - Zenphoto1.4.2.1 [7802] - phpMyAdmin v3.3.10
Network: Netgear DG834G V4.01.40 - DGTeam Rev. 0849 -> Cisco RV220W 1.0.4.13, Cisco SLM2008, Dlink DSM-520, Xbox360
eleelinksys
Posts: 2
Registered: ‎01-04-2007

Re: Unstable VPN tunnel between Rv082 and aRV042

Thanks for the reply. I have just worked with a support tech to try 1.3.3.8, and I have upgraded the firmware. He suggested that rather then just upgrade, that I also reset to default, then reload the configuration. It seems to be steady
linksysinfo
Posts: 518
Registered: ‎06-29-2006

Re: Unstable VPN tunnel between Rv082 and aRV042

[ Edited ]
the RV042 also has a newer firmware. v1.3.8

Message Edited by linksysinfo on 01-07-200712:57 PM

Regards Simon

NAS: TS-459 Pro - 3.6.1 Build0302T - 4 x 1TB Samsung HD103SJ : EXT4 - APC ES 700VA UPS
QPKG: WordPress 3.4, TwonkyMedia 6.0.39 QPKG - Zenphoto1.4.2.1 [7802] - phpMyAdmin v3.3.10
Network: Netgear DG834G V4.01.40 - DGTeam Rev. 0849 -> Cisco RV220W 1.0.4.13, Cisco SLM2008, Dlink DSM-520, Xbox360
Gaspiore
Posts: 2
Registered: ‎03-17-2008

Re: Unstable VPN tunnel between Rv082 and aRV042

I HAVE THE SAME PROBLEM WITH RV082 AND BEFPV41. MI VPN WORKS FINE BETWEEN BEFPV41 AND ANOTHER BEFPV41, BUT WITH RV082 DOESN'T WORK ANYMORE, HELPP...... I HAV THE SAME PARAMETERS...
 
 
MY LOG ROUTER..RV082 SAID..
 
 [Tunnel Negotiation Info] <<< Responder Received Aggressive Mode 1st packet 
Initial Aggressive Mode message from XXX.XXX.XX.XX but no (wildcard) connection has been configured 
HELP....