You might see the message IKE Phase 1 Deleted at different times.
If you get the message at the beginning of a VPN connection, ignore it.
If your connection is in progress, and the status shows for a while before you see the status message, it means an error has occurred in the connection procedure.
Possible Cause: Connectivity issues with your machine.
Action: Fix the connectivity issues and proceed.
Possible Cause: The gateway is down or VPN service is not running on the gateway.
Action: Ensure that the gateway is prepared for a VPN connection.
Possible Cause: Issues with the login credentials.
Action: In the case of a Standard IPsec gateway, ensure that the certificate password is valid. If you are connecting to a Nortel Contivity server, ensure that the group credentials are valid.
If you cannot connect to the IKE, check the status of the IKE by using the following command: /etc/init.d/racoon status
NOTE:You must log in as root to check the IKE status.
If you are a non- root user and you receive the message Failed to connect to the Racoon Daemon while attempting a VPN connection, do the following:
Ensure that IKE is running by using the following command:
/etc/init.d/racoon status
NOTE:You must log in as root to check the IKE status.
If IKE is not running, use the following command to start it:
/etc/init.d/racoon start
If IKE is running, check the IKE log at /var/log/messages.
For details, refer to Section A.1.3, IKE Log.
If you see the message ERROR: File does not have correct permissions. Expected : 432 Has : 384 in the IKE log, verify that you have the required user privileges to use VPN client.
For details, refer to Section 4.1.2, Non-Root Access.
When you are connected to a Nortel server, encryption and decryption of IP fragmentation is not handled effectively. Therefore, applications sending IP fragments might not work.
For TCP applications, you can use the workaround of setting the route MTU (to the gateway server) to less than 1400 for Ethernet. The recommended MTU is 1350.
To do this, after a successful VPN connection:
At the command prompt, enter ip route.
The routing information to the VPN server is displayed in the following format:
VPNSERVERIPADDR via GATEWAYIPADDR dev NETWORKDEVICE
Delete the route by using the following command:
route delete VPNSERVERIPADDR
Add the route with your mss value by using the following command:
route add VPNSERVERIPADDR gw GATEWAYIPADDR NETWORKDEVICE mss 1350
HINT:For variable details, refer to the routing information (discussed in Step 1).
The system runs out of memory
Libxml2.so is missing
Ensure that you have a minimum 128 RAM of memory.
Libxml2.so is provided along with the SLED 10 installation. If it is missing, reinstall the library.
If you have an iptables firewall running on your machine with policies configured to deny outgoing and incoming packets, configure the following rules to allow the packets: