Hello, On Fri, 12.06.2009 at 10:54:56 +0200, Toni Mueller <openbsd-m...@oeko.net> wrote: > I have a VPN running which looks like a hub-and-spoke configuration. > For the remainder of the discussion, the spokes are OpenBSD 4.4. Since > I've upgraded the hub to 4.5, a connection to one of the spoke starts > to fail. After running for well over a week, the connection was not > automatically renegotiated. I first reset the spoke, but to no avail. I > could see the connection going just up to INFO_PROT encrypted, and then > the hub stopped responding to that spoke. Things only returned to > normal after I said "echo R > /var/run/isakmpd.fifo" on the hub.
I've now determined that the error specifically prevents the 4.5 box to answer incoming connection attempts from the 4.4 box, but has no problems to establish the VPN when itself initiates the connection. Simply reloading the configuration does not appear to help, but was most likely an artifact in conjunction with timing effects. Today, after experiencing the same problem, I had to completely restart isakmpd on the 4.5 box to get things going again. I'm very much interested in ways to debug such kind of a failure. TIA! -- Kind regards, --Toni++
