Re: [D] vpn - Peer requested tunnel 1 twice, ignoring second one [cloudstack]

Tue, 05 Aug 2025 00:23:32 -0700 


GitHub user PPisz closed a discussion: vpn - Peer requested tunnel 1 twice, 
ignoring second one

I'm having trouble with VPN tunnels. Generally, once configured, they work 
correctly. However, after connecting and disconnecting the tunnel several 
times, no clients are accepted. The following information appears in the 
daemon.log:

`Jul 16 18:36:56 systemvm ipsec[8324]: 07[IKE] 109.189.123.78 is initiating a 
Main Mode IKE_SA
Jul 16 18:36:56 systemvm ipsec[8324]: 07[CFG] selected proposal: 
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
Jul 16 18:36:56 systemvm ipsec[8324]: 07[ENC] generating ID_PROT response 0 [ 
SA V V V V ]
Jul 16 18:36:56 systemvm ipsec[8324]: 07[NET] sending packet: from 
91.223.68.218[500] to 109.189.123.78[500] (160 bytes)
Jul 16 18:36:56 systemvm ipsec[8324]: 11[NET] received packet: from 
109.189.123.78[500] to 91.223.68.218[500] (388 bytes)
Jul 16 18:36:56 systemvm ipsec[8324]: 11[ENC] parsed ID_PROT request 0 [ KE No 
NAT-D NAT-D ]
Jul 16 18:36:56 systemvm ipsec[8324]: 11[IKE] remote host is behind NAT
Jul 16 18:36:56 systemvm ipsec[8324]: 11[ENC] generating ID_PROT response 0 [ 
KE No NAT-D NAT-D ]
Jul 16 18:36:56 systemvm ipsec[8324]: 11[NET] sending packet: from 
91.223.68.218[500] to 109.189.123.78[500] (372 bytes)
Jul 16 18:36:56 systemvm ipsec[8324]: 08[NET] received packet: from 
109.189.123.78[4500] to 91.223.68.218[4500] (76 bytes)
Jul 16 18:36:56 systemvm ipsec[8324]: 08[ENC] parsed ID_PROT request 0 [ ID 
HASH ]
Jul 16 18:36:56 systemvm ipsec[8324]: 08[CFG] looking for pre-shared key peer 
configs matching 91.223.68.218...109.189.123.78[10.2.2.127]
Jul 16 18:36:56 systemvm ipsec[8324]: 08[CFG] selected peer config "L2TP-PSK"
Jul 16 18:36:56 systemvm ipsec[8324]: 08[IKE] IKE_SA L2TP-PSK[9] established 
between 91.223.68.218[91.223.68.218]...109.189.123.78[10.2.2.127]
Jul 16 18:36:56 systemvm ipsec[8324]: 08[ENC] generating ID_PROT response 0 [ 
ID HASH ]
Jul 16 18:36:56 systemvm ipsec[8324]: 08[NET] sending packet: from 
91.223.68.218[4500] to 109.189.123.78[4500] (76 bytes)
Jul 16 18:36:56 systemvm ipsec[8324]: 06[NET] received packet: from 
109.189.123.78[4500] to 91.223.68.218[4500] (332 bytes)
Jul 16 18:36:56 systemvm ipsec[8324]: 06[ENC] parsed QUICK_MODE request 1 [ 
HASH SA No ID ID NAT-OA NAT-OA ]
Jul 16 18:36:56 systemvm ipsec[8324]: 06[CFG] selected proposal: 
ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
Jul 16 18:36:56 systemvm ipsec[8324]: 06[IKE] received 3600s lifetime, 
configured 0s
Jul 16 18:36:56 systemvm ipsec[8324]: 06[IKE] received 250000000 lifebytes, 
configured 0
Jul 16 18:36:57 systemvm charon: 06[CFG] selected proposal: 
ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
Jul 16 18:36:57 systemvm ipsec[8324]: 06[ENC] generating QUICK_MODE response 1 
[ HASH SA No ID ID NAT-OA NAT-OA ]
Jul 16 18:36:57 systemvm charon: 06[IKE] received 3600s lifetime, configured 0s
Jul 16 18:36:57 systemvm charon: 06[IKE] received 250000000 lifebytes, 
configured 0
Jul 16 18:36:57 systemvm charon: 06[ENC] generating QUICK_MODE response 1 [ 
HASH SA No ID ID NAT-OA NAT-OA ]
Jul 16 18:36:57 systemvm charon: 06[NET] sending packet: from 
91.223.68.218[4500] to 109.189.123.78[4500] (204 bytes)
Jul 16 18:36:57 systemvm charon: 05[NET] received packet: from 
109.189.123.78[4500] to 91.223.68.218[4500] (60 bytes)
Jul 16 18:36:57 systemvm charon: 05[ENC] parsed QUICK_MODE request 1 [ HASH ]
Jul 16 18:36:57 systemvm charon: 05[IKE] CHILD_SA L2TP-PSK{7} established with 
SPIs c3e5d7ce_i 23e570fe_o and TS 91.223.68.218/32[udp/l2f] === 
109.189.123.78/32[udp/l2f]
Jul 16 18:36:58 systemvm charon: 08[KNL] creating acquire job for policy 
83.168.93.105/32[udp/l2f] === 109.189.123.78/32[udp/l2f] with reqid {1}
Jul 16 18:36:58 systemvm charon: 08[IKE] initiating IKE_SA L2TP-PSK[10] to 
109.189.123.78
Jul 16 18:36:58 systemvm charon: 08[ENC] generating IKE_SA_INIT request 0 [ SA 
KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Jul 16 18:36:58 systemvm charon: 08[NET] sending packet: from 
83.168.93.105[500] to 109.189.123.78[500] (828 bytes)
Jul 16 18:36:58 systemvm charon: 06[NET] received packet: from 
109.189.123.78[500] to 83.168.93.105[500] (36 bytes)
Jul 16 18:36:58 systemvm charon: 06[ENC] parsed IKE_SA_INIT response 0 [ 
N(NO_PROP) ]
Jul 16 18:36:58 systemvm charon: 06[IKE] received NO_PROPOSAL_CHOSEN notify 
error
Jul 16 18:37:00 systemvm xl2tpd[8347]: control_finish: Peer requested tunnel 5 
twice, ignoring second one.
Jul 16 18:37:02 systemvm systemd[1]: Started session-212.scope - Session 212 of 
User root.
Jul 16 18:37:02 systemvm systemd[1]: session-212.scope: Deactivated 
successfully.
Jul 16 18:37:04 systemvm xl2tpd[8347]: control_finish: Peer requested tunnel 5 
twice, ignoring second one.
Jul 16 18:37:12 systemvm xl2tpd[8347]: control_finish: Peer requested tunnel 5 
twice, ignoring second one.
Jul 16 18:37:22 systemvm xl2tpd[8347]: control_finish: Peer requested tunnel 5 
twice, ignoring second one.
Jul 16 18:37:29 systemvm xl2tpd[8347]: Maximum retries exceeded for tunnel 
30141.  Closing.
Jul 16 18:37:29 systemvm xl2tpd[8347]: Connection 5 closed to 109.189.123.78, 
port 1701 (Timeout)
Jul 16 18:37:32 systemvm charon: 16[NET] received packet: from 
109.189.123.78[4500] to 91.223.68.218[4500] (76 bytes)
Jul 16 18:37:32 systemvm charon: 16[ENC] parsed INFORMATIONAL_V1 request 
3657915425 [ HASH D ]
Jul 16 18:37:32 systemvm charon: 16[IKE] received DELETE for ESP CHILD_SA with 
SPI 23e570fe
Jul 16 18:37:32 systemvm charon: 16[IKE] closing CHILD_SA L2TP-PSK{7} with SPIs 
c3e5d7ce_i (540 bytes) 23e570fe_o (0 bytes) and TS 91.223.68.218/32[udp/l2f] 
=== 109.189.123.78/32[udp/l2f]
Jul 16 18:37:32 systemvm systemd[1]: Started session-213.scope - Session 213 of 
User root.
Jul 16 18:37:32 systemvm charon: 11[NET] received packet: from 
109.189.123.78[4500] to 91.223.68.218[4500] (92 bytes)
Jul 16 18:37:32 systemvm charon: 11[ENC] parsed INFORMATIONAL_V1 request 
3648886364 [ HASH D ]
Jul 16 18:37:32 systemvm charon: 11[IKE] received DELETE for IKE_SA L2TP-PSK[9]
Jul 16 18:37:32 systemvm charon: 11[IKE] deleting IKE_SA L2TP-PSK[9] between 
91.223.68.218[91.223.68.218]...109.189.123.78[10.2.2.127]
Jul 16 18:37:32 systemvm systemd[1]: session-213.scope: Deactivated 
successfully.`

I haven't found a way to restore the tunnel, restarting the network doesn't 
help. Please help :-(

GitHub link: https://github.com/apache/cloudstack/discussions/11224

----
This is an automatically sent email for users@cloudstack.apache.org.
To unsubscribe, please send an email to: users-unsubscr...@cloudstack.apache.org

Reply via email to