Openswan is not sending packets on new ip after DPD

Question

I have configured tunnel with DDNS. After appliance get rebooted the other side is not sending packets on new ip-address (even i have set dpdaction=restart). I am using openswan 2.6.38.

Here is my configuration:

config setup
nat_traversal=yes
oe=off
protostack=netkey

conn netgeniepassthrough
left=10.1.1.1
right=0.0.0.0
leftsubnet=10.1.1.0/24
rightsubnet=10.1.1.0/24
authby=never
type=passthrough
auto=route

conn netgenie
right=CXYZ-HHYZ-AXYZ-A010.ddns.netgenie.net
rightsubnet=192.168.1.0/24
left=115.240.29.236
leftsubnet=10.1.1.0/24
leftnexthop=220.224.141.129
leftupdown="ipsec _updown --route yes"
auto=start
leftid=@DEMO-VDSL-DEMO-0035.ddns.netgenie.net
rightid=@CXYZ-HHYZ-AXYZ-A010.ddns.netgenie.net
#x_rightdynamic=yes
authby=secret
compress=no
failureshunt=drop
dpddelay=15
dpdtimeout=60
dpdaction=restart
pfs=yes
ike=aes128-md5-modp1024,aes192-md5-modp1024,aes256-md5-modp1024,aes128-sha1-modp1024,aes192-sha1-modp1024,aes256-sha1-modp1024,3des-md5-modp1024,3des-sha1-modp1024,aes128-md5-modp1536,aes192-md5-modp1536,aes256-md5-modp1536,aes128-sha1-modp1536,aes192-sha1-modp1536,aes256-sha1-modp1536,3des-md5-modp1536,3des-sha1-modp1536,aes128-md5-modp2048,aes192-md5-modp2048,aes256-md5-modp2048,aes128-sha1-modp2048,aes192-sha1-modp2048,aes256-sha1-modp2048,3des-md5-modp2048,3des-sha1-modp2048
esp=aes128-md5,aes192-md5,aes256-md5,aes128-sha1,aes192-sha1,aes256-sha1,3des-md5,3des-sha1

This is the log file:

Jan  1 05:30:49 (none) daemon.err ipsec_setup: Starting Openswan IPsec U2.6.38/K...
Jan  1 05:30:49 (none) daemon.err ipsec_setup: Using NETKEY(XFRM) stack
Jan  1 05:30:50 (none) authpriv.err ipsec__plutorun: Starting Pluto subsystem...
Jan  1 05:30:50 (none) daemon.err ipsec_setup: ...Openswan IPsec started
Jan  1 05:30:50 (none) user.warn syslog: adjusting ipsec.d to /etc/ipsec.d
Jan  1 05:30:50 (none) authpriv.warn pluto[2108]: LEAK_DETECTIVE support [disabled]
Jan  1 05:30:50 (none) authpriv.warn pluto[2108]: OCF support for IKE [disabled]
Jan  1 05:30:50 (none) authpriv.warn pluto[2108]: SAref support [disabled]: Protocol not available
Jan  1 05:30:50 (none) authpriv.warn pluto[2108]: SAbind support [disabled]: Protocol not available
Jan  1 05:30:50 (none) authpriv.warn pluto[2108]: NSS support [disabled]
Jan  1 05:30:50 (none) daemon.err ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Jan  1 05:30:50 (none) authpriv.warn pluto[2108]: HAVE_STATSD notification support not compiled in
Jan  1 05:30:50 (none) authpriv.warn pluto[2108]: Setting NAT-Traversal port-4500 floating to on
Jan  1 05:30:50 (none) authpriv.warn pluto[2108]: port floating activation criteria nat_t=1/port_float=1
Jan  1 05:30:50 (none) authpriv.warn pluto[2108]: NAT-Traversal support  [enabled]
Jan  1 05:30:50 (none) authpriv.warn pluto[2108]: using /dev/urandom as source of random entropy
Jan  1 05:30:50 (none) authpriv.warn pluto[2108]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Jan  1 05:30:50 (none) authpriv.warn pluto[2108]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Jan  1 05:30:50 (none) authpriv.warn pluto[2108]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Jan  1 05:30:50 (none) authpriv.warn pluto[2108]: starting up 1 cryptographic helpers
Jan  1 05:30:50 (none) authpriv.warn pluto[2108]: started helper pid=2113 (fd:6)
Jan  1 05:30:50 (none) authpriv.warn pluto[2113]: using /dev/urandom as source of random entropy
Jan  1 05:30:50 (none) authpriv.warn pluto[2108]: Using Linux 2.6 IPsec interface code on 2.6.30 (experimental code)
Jan  1 05:30:50 (none) authpriv.warn pluto[2108]: ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)
Jan  1 05:30:50 (none) authpriv.warn pluto[2108]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
Jan  1 05:30:50 (none) authpriv.warn pluto[2108]: ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)
Jan  1 05:30:50 (none) authpriv.warn pluto[2108]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
Jan  1 05:30:50 (none) authpriv.warn pluto[2108]: ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)
Jan  1 05:30:50 (none) authpriv.warn pluto[2108]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
Jan  1 05:30:50 (none) authpriv.warn pluto[2108]: ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)
Jan  1 05:30:50 (none) authpriv.warn pluto[2108]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
Jan  1 05:30:50 (none) authpriv.warn pluto[2108]: ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)
Jan  1 05:30:50 (none) authpriv.warn pluto[2108]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists
Jan  1 05:30:50 (none) authpriv.warn pluto[2108]: ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)
Jan  1 05:30:51 (none) authpriv.warn pluto[2108]: Could not change to directory '/etc/ipsec.d/cacerts': No such file or directory
Jan  1 05:30:51 (none) authpriv.warn pluto[2108]: Could not change to directory '/etc/ipsec.d/aacerts': No such file or directory
Jan  1 05:30:51 (none) authpriv.warn pluto[2108]: Could not change to directory '/etc/ipsec.d/ocspcerts': No such file or directory
Jan  1 05:30:51 (none) authpriv.warn pluto[2108]: Could not change to directory '/etc/ipsec.d/crls': 2 No such file or directory
Jan  1 05:30:51 (none) authpriv.warn pluto[2108]: added connection description "netgeniepassthrough"
Jan  1 05:30:51 (none) daemon.err ipsec__plutorun: 002 added connection description "netgeniepassthrough"
Apr  4 18:12:37 (none) authpriv.warn pluto[2108]: added connection description "netgenie"
Apr  4 18:12:37 (none) daemon.err ipsec__plutorun: 002 added connection description "netgenie"
Apr  4 18:12:37 (none) authpriv.warn pluto[2108]: listening for IKE messages
Apr  4 18:12:37 (none) authpriv.warn pluto[2108]: adding interface ppp0/ppp0 14.99.180.56:500
Apr  4 18:12:37 (none) authpriv.warn pluto[2108]: adding interface ppp0/ppp0 14.99.180.56:4500
Apr  4 18:12:37 (none) authpriv.warn pluto[2108]: adding interface br0/br0 192.168.1.1:500
Apr  4 18:12:37 (none) authpriv.warn pluto[2108]: adding interface br0/br0 192.168.1.1:4500
Apr  4 18:12:37 (none) authpriv.warn pluto[2108]: adding interface lo/lo 127.0.0.1:500
Apr  4 18:12:37 (none) authpriv.warn pluto[2108]: adding interface lo/lo 127.0.0.1:4500
Apr  4 18:12:37 (none) authpriv.warn pluto[2108]: adding interface lo/lo ::1:500
Apr  4 18:12:37 (none) authpriv.warn pluto[2108]: loading secrets from "/etc/ipsec.secrets"
Apr  4 18:12:38 (none) authpriv.warn pluto[2108]: "netgenie": route-client output: Evaluating Route: ip route replace 10.1.1.0/24 via 192.168.1.1 dev br0 
Apr  4 18:12:38 (none) authpriv.warn pluto[2108]: "netgenie" #1: initiating Main Mode
Apr  4 18:12:38 (none) daemon.err ipsec__plutorun: 104 "netgenie" #1: STATE_MAIN_I1: initiate
Apr  4 18:16:01 (none) authpriv.warn pluto[2108]: packet from 115.242.13.228:500: received Vendor ID payload [Openswan (this version) 2.6.38 ]
Apr  4 18:16:01 (none) authpriv.warn pluto[2108]: packet from 115.242.13.228:500: received Vendor ID payload [Dead Peer Detection]
Apr  4 18:16:01 (none) authpriv.warn pluto[2108]: packet from 115.242.13.228:500: received Vendor ID payload [RFC 3947] method set to=115 
Apr  4 18:16:01 (none) authpriv.warn pluto[2108]: packet from 115.242.13.228:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
Apr  4 18:16:01 (none) authpriv.warn pluto[2108]: packet from 115.242.13.228:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Apr  4 18:16:01 (none) authpriv.warn pluto[2108]: packet from 115.242.13.228:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
Apr  4 18:16:01 (none) authpriv.warn pluto[2108]: packet from 115.242.13.228:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Apr  4 18:16:01 (none) authpriv.warn pluto[2108]: "netgenie" #2: responding to Main Mode
Apr  4 18:16:01 (none) authpriv.warn pluto[2108]: "netgenie" #2: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Apr  4 18:16:01 (none) authpriv.warn pluto[2108]: "netgenie" #2: STATE_MAIN_R1: sent MR1, expecting MI2
Apr  4 18:16:03 (none) authpriv.warn pluto[2108]: "netgenie" #2: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected
Apr  4 18:16:03 (none) authpriv.warn pluto[2108]: "netgenie" #2: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Apr  4 18:16:03 (none) authpriv.warn pluto[2108]: "netgenie" #2: STATE_MAIN_R2: sent MR2, expecting MI3
Apr  4 18:16:04 (none) authpriv.warn pluto[2108]: "netgenie" #2: Main mode peer ID is ID_FQDN: '@DEMO-VDSL-DEMO-0035.ddns.netgenie.net'
Apr  4 18:16:04 (none) authpriv.warn pluto[2108]: "netgenie" #2: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Apr  4 18:16:04 (none) authpriv.warn pluto[2108]: "netgenie" #2: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_md5 group=modp1024}
Apr  4 18:16:04 (none) authpriv.warn pluto[2108]: "netgenie" #2: Dead Peer Detection (RFC 3706): enabled
Apr  4 18:16:05 (none) authpriv.warn pluto[2108]: "netgenie" #2: the peer proposed: 192.168.1.0/24:0/0 -> 10.1.1.0/24:0/0
Apr  4 18:16:05 (none) authpriv.warn pluto[2108]: "netgenie" #3: responding to Quick Mode proposal {msgid:80e241b3}
Apr  4 18:16:05 (none) authpriv.warn pluto[2108]: "netgenie" #3: us: 192.168.1.0/24===14.99.180.56<14.99.180.56>[@CXYZ-HHYZ-AXYZ-A010.ddns.netgenie.net]---172.23.130.4
Apr  4 18:16:05 (none) authpriv.warn pluto[2108]: "netgenie" #3: them: 115.242.13.228<DEMO-VDSL-DEMO-0035.ddns.netgenie.net>[@DEMO-VDSL-DEMO-0035.ddns.netgenie.net]===10.1.1.0/24
Apr  4 18:16:05 (none) authpriv.warn pluto[2108]: "netgenie" #3: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Apr  4 18:16:05 (none) authpriv.warn pluto[2108]: "netgenie" #3: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Apr  4 18:16:07 (none) authpriv.warn pluto[2108]: "netgenie" #3: up-client output: client list: 115.242.13.228,
Apr  4 18:16:07 (none) authpriv.warn pluto[2108]: "netgenie" #3: Dead Peer Detection (RFC 3706): enabled
Apr  4 18:16:07 (none) authpriv.warn pluto[2108]: "netgenie" #3: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Apr  4 18:16:07 (none) authpriv.warn pluto[2108]: "netgenie" #3: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0xec774557 <0xe6ce5933 xfrm=AES_128-HMAC_MD5 NATOA=none NATD=none DPD=enabled}
Apr  4 18:16:37 (none) authpriv.warn pluto[2108]: pending Quick Mode with 115.242.13.228 "netgenie" took too long -- replacing phase 1
Apr  4 18:16:37 (none) authpriv.warn pluto[2108]: "netgenie": terminating SAs using this connection
Apr  4 18:16:37 (none) authpriv.warn pluto[2108]: "netgenie" #3: deleting state (STATE_QUICK_R2)
Apr  4 18:16:37 (none) authpriv.warn pluto[2108]: "netgenie" #3: down-client output: client list: 
Apr  4 18:16:37 (none) authpriv.warn pluto[2108]: "netgenie" #2: deleting state (STATE_MAIN_R3)
Apr  4 18:16:37 (none) authpriv.warn pluto[2108]: "netgenie" #1: deleting state (STATE_MAIN_I1)
Apr  4 18:16:38 (none) authpriv.warn pluto[2108]: "netgenie" #4: initiating Main Mode
Apr  4 18:16:38 (none) authpriv.warn pluto[2108]: packet from 115.242.13.228:500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x9ffec71f
Apr  4 18:16:39 (none) authpriv.warn pluto[2108]: "netgenie" #4: received Vendor ID payload [Openswan (this version) 2.6.38 ]
Apr  4 18:16:39 (none) authpriv.warn pluto[2108]: "netgenie" #4: received Vendor ID payload [Dead Peer Detection]
Apr  4 18:16:39 (none) authpriv.warn pluto[2108]: "netgenie" #4: received Vendor ID payload [RFC 3947] method set to=115 
Apr  4 18:16:39 (none) authpriv.warn pluto[2108]: "netgenie" #4: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
Apr  4 18:16:39 (none) authpriv.warn pluto[2108]: "netgenie" #4: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Apr  4 18:16:39 (none) authpriv.warn pluto[2108]: "netgenie" #4: STATE_MAIN_I2: sent MI2, expecting MR2
Apr  4 18:16:41 (none) authpriv.warn pluto[2108]: "netgenie" #4: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected
Apr  4 18:16:41 (none) authpriv.warn pluto[2108]: "netgenie" #4: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Apr  4 18:16:41 (none) authpriv.warn pluto[2108]: "netgenie" #4: STATE_MAIN_I3: sent MI3, expecting MR3
Apr  4 18:16:42 (none) authpriv.warn pluto[2108]: "netgenie" #4: received Vendor ID payload [CAN-IKEv2]
Apr  4 18:16:42 (none) authpriv.warn pluto[2108]: "netgenie" #4: Main mode peer ID is ID_FQDN: '@DEMO-VDSL-DEMO-0035.ddns.netgenie.net'
Apr  4 18:16:42 (none) authpriv.warn pluto[2108]: "netgenie" #4: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Apr  4 18:16:42 (none) authpriv.warn pluto[2108]: "netgenie" #4: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_md5 group=modp1024}
Apr  4 18:16:42 (none) authpriv.warn pluto[2108]: "netgenie" #4: Dead Peer Detection (RFC 3706): enabled
Apr  4 18:16:42 (none) authpriv.warn pluto[2108]: "netgenie" #5: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#4 msgid:62e4e20d proposal=AES(12)_128-MD5(1)_128, AES(12)_192-MD5(1)_128, AES(12)_256-MD5(1)_128, AES(12)_128-SHA1(2)_160, AES(12)_192-SHA1(2)_160, AES(12)_256-SHA1(2)_160, 3DES(3)_192-MD5(1)_128, 3DES(3)_192-SHA1(2)_160 pfsgroup=OAKLEY_GROUP_MODP1024}
Apr  4 18:16:49 (none) authpriv.warn pluto[2108]: "netgenie" #4: the peer proposed: 192.168.1.0/24:0/0 -> 10.1.1.0/24:0/0
Apr  4 18:16:49 (none) authpriv.warn pluto[2108]: "netgenie" #6: responding to Quick Mode proposal {msgid:02ec687a}
Apr  4 18:16:49 (none) authpriv.warn pluto[2108]: "netgenie" #6: us: 192.168.1.0/24===14.99.180.56<14.99.180.56>[@CXYZ-HHYZ-AXYZ-A010.ddns.netgenie.net]---172.23.130.4
Apr  4 18:16:49 (none) authpriv.warn pluto[2108]: "netgenie" #6: them: 115.242.13.228<DEMO-VDSL-DEMO-0035.ddns.netgenie.net>[@DEMO-VDSL-DEMO-0035.ddns.netgenie.net]===10.1.1.0/24
Apr  4 18:16:49 (none) authpriv.warn pluto[2108]: "netgenie" #6: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Apr  4 18:16:49 (none) authpriv.warn pluto[2108]: "netgenie" #6: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Apr  4 18:16:50 (none) authpriv.warn pluto[2108]: "netgenie" #6: up-client output: client list: 115.242.13.228,
Apr  4 18:16:51 (none) authpriv.warn pluto[2108]: "netgenie" #6: Dead Peer Detection (RFC 3706): enabled
Apr  4 18:16:51 (none) authpriv.warn pluto[2108]: "netgenie" #6: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Apr  4 18:16:51 (none) authpriv.warn pluto[2108]: "netgenie" #6: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0xc3f90f83 <0x4d0cdcda xfrm=AES_128-HMAC_MD5 NATOA=none NATD=none DPD=enabled}
Apr  4 18:16:54 (none) authpriv.warn pluto[2108]: "netgenie" #5: Dead Peer Detection (RFC 3706): enabled
Apr  4 18:16:54 (none) authpriv.warn pluto[2108]: "netgenie" #5: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Apr  4 18:16:54 (none) authpriv.warn pluto[2108]: "netgenie" #5: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xa308fce3 <0x01465495 xfrm=AES_128-HMAC_MD5 NATOA=none NATD=none DPD=enabled}
Apr  4 18:16:55 (none) authpriv.warn pluto[2108]: "netgenie" #4: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xec774557) not found (maybe expired)
Apr  4 18:16:55 (none) authpriv.warn pluto[2108]: "netgenie" #4: received and ignored informational message




Apr  4 18:24:48 (none) authpriv.warn pluto[2108]: "netgenie" #7: initiating Main Mode to replace #4
Apr  4 18:26:03 (none) authpriv.warn pluto[2108]: "netgenie" #4: DPD: No response from peer - declaring peer dead
Apr  4 18:26:03 (none) authpriv.warn pluto[2108]: "netgenie" #4: DPD: Restarting Connection
Apr  4 18:26:03 (none) authpriv.warn pluto[2108]: "netgenie" #6: rekeying state (STATE_QUICK_R2)
Apr  4 18:26:03 (none) authpriv.warn pluto[2108]: "netgenie" #5: rekeying state (STATE_QUICK_I2)
Apr  4 18:26:04 (none) authpriv.warn pluto[2108]: "netgenie" #5: down-client output: client list: 
Apr  4 18:26:04 (none) authpriv.warn pluto[2108]: "netgenie" #7: rekeying state (STATE_MAIN_I1)
Apr  4 18:26:04 (none) authpriv.warn pluto[2108]: "netgenie" #6: rekeying state (STATE_QUICK_R2)
Apr  4 18:26:04 (none) authpriv.warn pluto[2108]: "netgenie" #6: ERROR: netlink response for Del SA esp.c3f90f83@115.242.13.228 included errno 3: No such process
Apr  4 18:26:04 (none) authpriv.warn pluto[2108]: "netgenie" #6: ERROR: netlink response for Del SA esp.4d0cdcda@14.99.180.56 included errno 3: No such process
Apr  4 18:26:04 (none) authpriv.warn pluto[2108]: "netgenie" #5: rekeying state (STATE_QUICK_I2)
Apr  4 18:26:04 (none) authpriv.warn pluto[2108]: "netgenie" #5: ERROR: netlink response for Del SA esp.a308fce3@115.242.13.228 included errno 3: No such process
Apr  4 18:26:04 (none) authpriv.warn pluto[2108]: "netgenie" #5: ERROR: netlink response for Del SA esp.1465495@14.99.180.56 included errno 3: No such process
Apr  4 18:26:04 (none) authpriv.warn pluto[2108]: "netgenie" #7: rekeying state (STATE_MAIN_I1)
Apr  4 18:26:04 (none) authpriv.warn pluto[2108]: "netgenie" #8: initiating Main Mode to replace #4

pr  4 18:29:55 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: received Vendor ID payload [Openswan (this version) 2.6.38 ]
Apr  4 18:29:55 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: received Vendor ID payload [Dead Peer Detection]
Apr  4 18:29:55 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: received Vendor ID payload [RFC 3947] method set to=115 
Apr  4 18:29:55 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
Apr  4 18:29:55 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Apr  4 18:29:55 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
Apr  4 18:29:55 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Apr  4 18:29:55 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: initial Main Mode message received on 14.99.180.56:500 but no connection has been authorized with policy=PSK
Apr  4 11:30:28 (none) authpriv.warn pluto[2108]: time moved backwards 25167 seconds
Apr  4 11:31:07 (none) authpriv.warn pluto[2108]: "netgenie" #6: ERROR: netlink response for Del SA esp.c3f90f83@115.242.13.228 included errno 3: No such process
Apr  4 11:31:07 (none) authpriv.warn pluto[2108]: "netgenie" #6: ERROR: netlink response for Del SA esp.4d0cdcda@14.99.180.56 included errno 3: No such process
Apr  4 11:31:35 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: received Vendor ID payload [Openswan (this version) 2.6.38 ]
Apr  4 11:31:35 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: received Vendor ID payload [Dead Peer Detection]
Apr  4 11:31:35 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: received Vendor ID payload [RFC 3947] method set to=115 
Apr  4 11:31:35 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
Apr  4 11:31:35 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Apr  4 11:31:35 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
Apr  4 11:31:35 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Apr  4 11:31:35 (none) authpriv.warn pluto[2108]: packet from 115.242.38.205:500: initial Main Mode message received on 14.99.180.56:500 but no connection has been authorized with policy=PSK

Please let me know if you need any logs.

score 0 · Accepted Answer · answered Jun 10 '14 at 06:35

Actually It has a problem on my side. I have two ntp clients running on machine. And both are setting time by +7 & -7 Hrs in each transaction (due to inappropriate timezone settings).

Now issue is that openswan is setting long time value & will compare system time with this long value to regenerate dns query for domain name. And if it gets new IP address, it will send initiation packets on new IP address.

In my case, system time has changed to -7 Hrz (by other ntp client). So openswan will react after 7Hrs (due to that condition).

Finally got it by digging into code. Thanks.

Openswan is not sending packets on new ip after DPD

1 Answers1