I have ClearOS 7 connected to ClearOS 5 using the ClearSDN Dynamic VPN. Everything works fine and is solid except for one thing... Using SVN (Subversion).
We have a SVN server on the ClearOS 5 side the VPN and all those clients are fine. We have a handful of clients on the ClearOS 7 side of the VPN, however, _anytime_ a client tries to do a SVN checkout the VPN goes down and goes away for 5 to 10 minutes then comes back. Obviously the SVN checkout fails.
We upgraded the ClearOS 5 side to the latest ClearOS 7 hoping the problem would go away with both firewalls being ClearOS 7 now, but it did not, and still persists.
I have no idea where to start troubleshooting this problem.
I'm starting here since it seems to be a network wide problem anytime anyone does a SVN checkout and it's not isolated to any one machine.
Any ideas???
We have a SVN server on the ClearOS 5 side the VPN and all those clients are fine. We have a handful of clients on the ClearOS 7 side of the VPN, however, _anytime_ a client tries to do a SVN checkout the VPN goes down and goes away for 5 to 10 minutes then comes back. Obviously the SVN checkout fails.
We upgraded the ClearOS 5 side to the latest ClearOS 7 hoping the problem would go away with both firewalls being ClearOS 7 now, but it did not, and still persists.
I have no idea where to start troubleshooting this problem.
I'm starting here since it seems to be a network wide problem anytime anyone does a SVN checkout and it's not isolated to any one machine.
Any ideas???
In Dynamic VPN
Share this post:
Responses (8)
-
Accepted Answer
-
Accepted Answer
[root@gate253x ~]# lspci -k | grep Eth -A3
01:00.0 Ethernet controller: Intel Corporation 82576 Gigabit Network Connection (rev 01)
Subsystem: Super Micro Computer Inc Device 10c9
Kernel driver in use: igb
01:00.1 Ethernet controller: Intel Corporation 82576 Gigabit Network Connection (rev 01)
Subsystem: Super Micro Computer Inc Device 10c9
Kernel driver in use: igb
03:00.0 Ethernet controller: Intel Corporation 82580 Gigabit Network Connection (rev 01)
Subsystem: Intel Corporation Ethernet Server Adapter I340-T4
Kernel driver in use: igb
03:00.1 Ethernet controller: Intel Corporation 82580 Gigabit Network Connection (rev 01)
Subsystem: Intel Corporation Ethernet Server Adapter I340-T4
Kernel driver in use: igb
03:00.2 Ethernet controller: Intel Corporation 82580 Gigabit Network Connection (rev 01)
Subsystem: Intel Corporation Ethernet Server Adapter I340-T4
Kernel driver in use: igb
03:00.3 Ethernet controller: Intel Corporation 82580 Gigabit Network Connection (rev 01)
Subsystem: Intel Corporation Ethernet Server Adapter I340-T4
Kernel driver in use: igb
04:01.0 VGA compatible controller: Matrox Electronics Systems Ltd. MGA G200eW WPCM450 (rev 0a)
Subsystem: Super Micro Computer Inc Device 0007
[root@mvp ~]# lspci -k | grep Eth -A3
01:00.0 Ethernet controller: Intel Corporation 82574L Gigabit Network Connection
Subsystem: Intel Corporation Device 0000
Kernel driver in use: e1000e
02:00.0 Ethernet controller: Intel Corporation 82574L Gigabit Network Connection
Subsystem: Intel Corporation Device 0000
Kernel driver in use: e1000e
03:00.0 Ethernet controller: Intel Corporation 82574L Gigabit Network Connection
Subsystem: Intel Corporation Device 0000
Kernel driver in use: e1000e
04:00.0 Ethernet controller: Intel Corporation 82574L Gigabit Network Connection
Subsystem: Intel Corporation Device 0000
Kernel driver in use: e1000e
05:00.0 Ethernet controller: Intel Corporation 82574L Gigabit Network Connection
Subsystem: Intel Corporation Device 0000
Kernel driver in use: e1000e
06:00.0 Ethernet controller: Intel Corporation 82574L Gigabit Network Connection
Subsystem: Intel Corporation Device 0000
Kernel driver in use: e1000e
-
Accepted Answer
-
Accepted Answer
If pluto is crashing it could be helpful if you could work out which end was failing. Having said that, if it is a pluto crash, it would probably be up to the libreswan devs to sort.
There are a couple of later versions of libreswan on their site, but I probably would not install them if you're opening a ticket (I use 3.17 myself as I have the libreswan repo installed). -
Accepted Answer
Thanks for the edit, I was posting from my iPad and an SSH client and it was being a bit uncooperative!
So yeah, what I posted above was from the syslog (/var/log/messages). I don't have any ipsec logs at all.
I did open a ticket and I will add your suggested debug to ipsec and see if anything pops up there. -
Accepted Answer
No the log is not helpful. Is that the audit log? Most messages go to /var/log/ipsec or /var/log/messages.
You can try adding plutodebug=all into your "config setup" section of ipsec.conf but I would not know how to interpret it. If pluto is crashing you can also capture the dump but again, I would not know where to start.
BTW I edited your post to put your log between "code" tags. It is generally better for system output, but in this case it did not make much difference. -
Accepted Answer
Thanks Nick! I was hoping maybe someone here had seen the issue first before I went to support. I will open a case right now.
But in the meantime I've got lots of pluto entries in the logs. They're not real useful, but there are lots. Here are the entries so far today since midnight. And I've got libreswan-3.15-5.el7_1.x86_64...
Jul 13 00:16:50 gate253x kernel: type=2408 audit(1468394210.710:373633): pid=29342 uid=0 auid=4294967295 ses=4294967295 msg='op=start direction=initiator conn-name="vpn-mvp-lan-to-lan" connstate=10 ike-version=1 auth=PRESHARED_KEY cipher=aes ksize=256 integ=sha1 prf=sha1 pfs=MODP2048 laddr=24.121.227.71 exe="/usr/libexec/ipsec/pluto" hostname=? addr=184.182.184.82 terminal=? res=success'
Jul 13 00:34:02 gate253x kernel: type=2408 audit(1468395242.546:374172): pid=29342 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy direction=initiator conn-name="vpn-mvp-lan-to-lan" connstate=9 ike-version=1 auth=PRESHARED_KEY cipher=aes ksize=256 integ=sha1 prf=sha1 pfs=MODP2048 laddr=24.121.227.71 exe="/usr/libexec/ipsec/pluto" hostname=? addr=184.182.184.82 terminal=? res=success'
Jul 13 01:06:04 gate253x kernel: type=2408 audit(1468397164.887:375439): pid=29342 uid=0 auid=4294967295 ses=4294967295 msg='op=start direction=initiator conn-name="vpn-mvp-lan-to-lan" connstate=11 ike-version=1 auth=PRESHARED_KEY cipher=aes ksize=256 integ=sha1 prf=sha1 pfs=MODP2048 laddr=24.121.227.71 exe="/usr/libexec/ipsec/pluto" hostname=? addr=184.182.184.82 terminal=? res=success'
Jul 13 01:54:04 gate253x kernel: type=2408 audit(1468400044.067:380649): pid=29342 uid=0 auid=4294967295 ses=4294967295 msg='op=start direction=initiator conn-name="vpn-mvp-lan-to-lan" connstate=12 ike-version=1 auth=PRESHARED_KEY cipher=aes ksize=256 integ=sha1 prf=sha1 pfs=MODP2048 laddr=24.121.227.71 exe="/usr/libexec/ipsec/pluto" hostname=? addr=184.182.184.82 terminal=? res=success'
Jul 13 02:06:04 gate253x kernel: type=2408 audit(1468400764.857:383069): pid=29342 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy direction=initiator conn-name="vpn-mvp-lan-to-lan" connstate=11 ike-version=1 auth=PRESHARED_KEY cipher=aes ksize=256 integ=sha1 prf=sha1 pfs=MODP2048 laddr=24.121.227.71 exe="/usr/libexec/ipsec/pluto" hostname=? addr=184.182.184.82 terminal=? res=success'
Jul 13 02:54:04 gate253x kernel: type=2408 audit(1468403644.089:391465): pid=29342 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy direction=initiator conn-name="vpn-mvp-lan-to-lan" connstate=12 ike-version=1 auth=PRESHARED_KEY cipher=aes ksize=256 integ=sha1 prf=sha1 pfs=MODP2048 laddr=24.121.227.71 exe="/usr/libexec/ipsec/pluto" hostname=? addr=184.182.184.82 terminal=? res=success'
Jul 13 03:26:41 gate253x kernel: type=2408 audit(1468405601.416:397684): pid=29342 uid=0 auid=4294967295 ses=4294967295 msg='op=start direction=initiator conn-name="vpn-mvp-lan-to-lan" connstate=14 ike-version=1 auth=PRESHARED_KEY cipher=aes ksize=256 integ=sha1 prf=sha1 pfs=MODP2048 laddr=24.121.227.71 exe="/usr/libexec/ipsec/pluto" hostname=? addr=184.182.184.82 terminal=? res=success'
Jul 13 03:38:10 gate253x kernel: type=2408 audit(1468406290.258:399616): pid=29342 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy direction=initiator conn-name="vpn-mvp-lan-to-lan" connstate=13 ike-version=1 auth=PRESHARED_KEY cipher=aes ksize=256 integ=sha1 prf=sha1 pfs=MODP2048 laddr=24.121.227.71 exe="/usr/libexec/ipsec/pluto" hostname=? addr=184.182.184.82 terminal=? res=success'
Jul 13 04:12:42 gate253x kernel: type=2408 audit(1468408362.581:405998): pid=29342 uid=0 auid=4294967295 ses=4294967295 msg='op=start direction=initiator conn-name="vpn-mvp-lan-to-lan" connstate=15 ike-version=1 auth=PRESHARED_KEY cipher=aes ksize=256 integ=sha1 prf=sha1 pfs=MODP2048 laddr=24.121.227.71 exe="/usr/libexec/ipsec/pluto" hostname=? addr=184.182.184.82 terminal=? res=success'
Jul 13 04:26:41 gate253x kernel: type=2408 audit(1468409201.423:408458): pid=29342 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy direction=initiator conn-name="vpn-mvp-lan-to-lan" connstate=14 ike-version=1 auth=PRESHARED_KEY cipher=aes ksize=256 integ=sha1 prf=sha1 pfs=MODP2048 laddr=24.121.227.71 exe="/usr/libexec/ipsec/pluto" hostname=? addr=184.182.184.82 terminal=? res=success'
Jul 13 04:59:25 gate253x kernel: type=2408 audit(1468411165.748:411295): pid=29342 uid=0 auid=4294967295 ses=4294967295 msg='op=start direction=initiator conn-name="vpn-mvp-lan-to-lan" connstate=16 ike-version=1 auth=PRESHARED_KEY cipher=aes ksize=256 integ=sha1 prf=sha1 pfs=MODP2048 laddr=24.121.227.71 exe="/usr/libexec/ipsec/pluto" hostname=? addr=184.182.184.82 terminal=? res=success'
Jul 13 05:10:15 gate253x kernel: type=1300 audit(1468411815.711:412908): arch=c000003e syscall=1 success=yes exit=420 a0=a a1=7ffd6db309c0 a2=1a4 a3=7ffd6db30970 items=0 ppid=1 pid=29342 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="pluto" exe="/usr/libexec/ipsec/pluto" key=(null)
Jul 13 05:12:42 gate253x kernel: type=2408 audit(1468411962.589:413319): pid=29342 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy direction=initiator conn-name="vpn-mvp-lan-to-lan" connstate=15 ike-version=1 auth=PRESHARED_KEY cipher=aes ksize=256 integ=sha1 prf=sha1 pfs=MODP2048 laddr=24.121.227.71 exe="/usr/libexec/ipsec/pluto" hostname=? addr=184.182.184.82 terminal=? res=success'
Jul 13 05:59:25 gate253x kernel: type=2408 audit(1468414765.755:424912): pid=29342 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy direction=initiator conn-name="vpn-mvp-lan-to-lan" connstate=16 ike-version=1 auth=PRESHARED_KEY cipher=aes ksize=256 integ=sha1 prf=sha1 pfs=MODP2048 laddr=24.121.227.71 exe="/usr/libexec/ipsec/pluto" hostname=? addr=184.182.184.82 terminal=? res=success'
Jul 13 06:31:10 gate253x kernel: type=2408 audit(1468416670.083:430459): pid=29342 uid=0 auid=4294967295 ses=4294967295 msg='op=start direction=initiator conn-name="vpn-mvp-lan-to-lan" connstate=19 ike-version=1 auth=PRESHARED_KEY cipher=aes ksize=256 integ=sha1 prf=sha1 pfs=MODP2048 laddr=24.121.227.71 exe="/usr/libexec/ipsec/pluto" hostname=? addr=184.182.184.82 terminal=? res=success'
Jul 13 07:31:10 gate253x kernel: type=2408 audit(1468420270.099:444242): pid=29342 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy direction=initiator conn-name="vpn-mvp-lan-to-lan" connstate=19 ike-version=1 auth=PRESHARED_KEY cipher=aes ksize=256 integ=sha1 prf=sha1 pfs=MODP2048 laddr=24.121.227.71 exe="/usr/libexec/ipsec/pluto" hostname=? addr=184.182.184.82 terminal=? res=success'
Jul 13 07:56:22 gate253x kernel: type=2408 audit(1468421782.421:448382): pid=29342 uid=0 auid=4294967295 ses=4294967295 msg='op=start direction=initiator conn-name="vpn-mvp-lan-to-lan" connstate=21 ike-version=1 auth=PRESHARED_KEY cipher=aes ksize=256 integ=sha1 prf=sha1 pfs=MODP2048 laddr=24.121.227.71 exe="/usr/libexec/ipsec/pluto" hostname=? addr=184.182.184.82 terminal=? res=success'
Jul 13 08:13:36 gate253x kernel: type=2408 audit(1468422816.269:452343): pid=29342 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy direction=initiator conn-name="vpn-mvp-lan-to-lan" connstate=20 ike-version=1 auth=PRESHARED_KEY cipher=aes ksize=256 integ=sha1 prf=sha1 pfs=MODP2048 laddr=24.121.227.71 exe="/usr/libexec/ipsec/pluto" hostname=? addr=184.182.184.82 terminal=? res=success'
[root@gate253x log]# -
Accepted Answer
Since you have a subscription, can I suggest you raise a ticket?
I am really not sure how to troubleshoot this one. Do you see anything in your logs, probably referring to a process called "pluto"? Try /var/log/ipsec if you have one, otherwise /var/log/messages. Also what version of libreswan are you running ("rpm -qa | grep libreswan")?
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »