I am running an OpenSwan server to facilitate client-server connections into a secure data centre.
I have a problem with the standard L2TP over IPSEC client in MacOS, specifically when using WIFI.
When I connect for the first time, it works fine. When I disconnect and try to connect again, it fails at the authentication step (shared secret).
From what I can see, when the MAC is using WIFI, it doesn't get time to send a DELETE signal to OpenSwan, so as far as OpenSwan is concerned the peer still exists. I can see this in the OpenSwan logs:
Jun 8 12:23:43 vpn1 pluto[20030]: ERROR: asynchronous network error report on eth0 (sport=500) for message to 213.242.106.82 port 500, complainant 213.242.106.82: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
This message continues to appear in the OpenSwan logs long after I have disconnected the Mac client. When I restart the ipsec service on the server, the log entry disappears and I can connect again.
I have included dead peer detection in my OpenSwan config:
dpddelay=30
dpdtimeout=120
dpdaction=clear
I can see that Dead Peer Detection is enabled when I start the connection:
Jun 8 12:45:34 vpn1 pluto[11064]: "vpnpsk"[14] 213.242.106.82 #14: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0x0188ccda <0x7fe9af15 xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=213.242.106.82:4500 DPD=enabled}
However, when I close the connection on the MAC, DPD doesn't seem to kick in. OpenSwan just keeps logging errors about the connection.
Just looking for suggestions re. a fix.