My connection IPSec have problem.
This is my Diagram.
Connect VPN is not OK must be restart IPsec ==> OK and after that not OK
root@vungtau:~# telnet 10.225.198.3 3900
Trying 10.225.198.3...
telnet: Unable to connect to remote host: Connection timed out
root@vungtau:~# /etc/init.d/ipsec restart
ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: Starting Openswan IPsec U2.6.38/K3.19.0-25-generic...
root@vungtau:~# telnet 10.225.198.3 3900
Trying 10.225.198.3...
Escape character is '^]'.
^[$^]
telnet> q
Connection closed.
And for 5m after cannot telnet to 10.225.198.3 3900 (Tunnel VPN still up )
root@vungtau:~# telnet 10.225.198.3 3900
Trying 10.225.198.3...
telnet: Unable to connect to remote host: Connection timed out
root@vungtau:~# telnet 10.225.198.3 3900
Trying 10.225.198.3...
telnet: Unable to connect to remote host: Connection timed out
Status VPN
IPsec running - pluto pid: 11088
pluto pid 11088
1 tunnels up
some eroutes exist
Some time status is 2 or 3 or 4 or 5 or 0 tunnel UP
IPsec running - pluto pid: 11088
pluto pid 11088
3 tunnels up
some eroutes exist
=> What happened with my VPN connection, and why? What can I do?
This is my config
# /etc/ipsec.conf - Openswan IPsec configuration file
# This file: /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Do not set debug options to debug configuration issues!
# plutodebug / klipsdebug = "all", "none" or a combation from below:
# "raw crypt parsing emitting control klips pfkey natt x509 dpd private"
# eg:
# plutodebug="control parsing"
# Again: only enable plutodebug or klipsdebug when asked by a developer
#
# enable to get logs per-peer
# plutoopts="--perpeerlog"
#
# Enable core dumps (might require system changes, like ulimit -C)
# This is required for abrtd to work properly
# Note: incorrect SElinux policies might prevent pluto writing the core
dumpdir=/var/run/pluto/
#
# NAT-TRAVERSAL support, see README.NAT-Traversal
nat_traversal=yes
# exclude networks used on server side by adding %v4:!a.b.c.0/24
# It seems that T-Mobile in the US and Rogers/Fido in Canada are
# using 25/8 as "private" address space on their 3G network.
# This range has not been announced via BGP (at least upto 2010-12-21)
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
# OE is now off by default. Uncomment and change to on, to enable.
oe=off
# which IPsec stack to use. auto will try netkey, then klips then mast
#protostack=auto
protostack=netkey
# Use this to log to a file, or disable logging on embedded systems (like openwrt)
#plutostderrlog=/dev/null
conn vpntanza
authby=secret
auto=start
ike=aes128-sha1;modp1024
## phase 1 ##
keyexchange=ike
## phase 2 ##
phase2=esp
phase2alg=3des,aes
compress=no
pfs=yes
type=tunnel
#FROM TTV
left=125.X.X.X.X
leftsourceip=10.58.82.179
# leftsourceip=125.X.X.X
leftsubnet=10.58.82.0/24
## for direct routing ##
leftnexthop=%defaultroute
rightnexthop=%defaultroute
#TO
right=169.255.X.X
rightsubnet=10.225.196.0/22
#include /etc/ipsec.d/*.conf
sudo service ipsec status
when telnet is working, and when it is not. – Rui F Ribeiro Mar 04 '16 at 09:38IPsec running - pluto pid: 11088 pluto pid 11088 1 tunnels up (((<<=== This line sometime 2-5 tunnels up))) some eroutes exist
– Uncelvel Mar 04 '16 at 09:50