<div dir="ltr">This problem impact us very hardly...<br><br>Please help me... or answer me that my question is out of your scope :P<br><br>I only need some clue, a way to resolve this problem and I'll work very hard to fix it !<br>
<br>Julien<br><br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Julien DELEAN</b> <<a href="mailto:julien.delean@gmail.com">julien.delean@gmail.com</a>><br>Date: 2008/7/11<br>
Subject: Vista rekeying workaround<br>To: <a href="mailto:dev@openswan.org">dev@openswan.org</a><br><br><br>Hi,<br><br>I'm trying to write a patch in order to have long session with a NAT-Ted Vista roadwarrior (on openswan 2.4.8 or 2.4.12 and netkey).<br>
<br>The problem is : when transferred data volume limitation is reached on Windows side, it's starting a rekey process. It's ok with XP but it fails on Vista. Here are logs on Openswan side :<br>
<br>Jun 12 11:56:02 xxx pluto[6962]: "roadwarrior-l2tp"[1] xx.xx.xx.xx #1: responding to Main Mode from unknown peer xx.xx.xx.xx<br>...<br>Jun
12 11:56:03 xxx pluto[6962]: "roadwarrior-l2tp"[2] xx.xx.xx.xx #2:
STATE_QUICK_R2: IPsec SA established {ESP=>0xfb7982a1 <0xf516b8d0
xfrm=AES_128-HMAC_SHA1 NATD=xx.xx.xx.xx:4500 DPD=none}<br>
Jun 12 12:18:18 xxx pluto[6962]: "roadwarrior-l2tp"[3] xx.xx.xx.xx #3: responding to Quick Mode {msgid:02000000}<br>Jun
12 12:18:18 xxx pluto[6962]: "roadwarrior-l2tp"[3] xx.xx.xx.xx #3:
cannot install eroute -- it is in use for "roadwarrior-l2tp"[2]
xx.xx.xx.xx #2<br> <br><br>Paul has suggested to write a patch in order to allow rekey when ip/port are matching.<br><br>I studied Pluto source code and I unsuccessfully tried some "tricks" :<br><ul><li>Do nothing but return route-easy when eroute are in conflict and pray ;) (I know : It was stupid :P)</li>
<li>Delete old eroute :</li><ul><li>with unroute() (really bad idea : route was in use ! and this function can't be called in this case)</li><li>with shunt_eroute()<br></li></ul><li>Delete IPSec SA of the connection which is the route-owner in order to "unlock" eroute and permitt replacement.</li>
</ul><br>I don't know on which level to focus in order to permit rekey: eroute, connection, state...<br><br>Any clue or suggestion will be very appreciated !<br><br>Best regards<br><font color="#888888"><br>Julien DELEAN<br>
</font></div><br></div>