<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
</head>
<body text="#000000" bgcolor="#ffffff">
On 03/11/2010 04:55 PM, Mike A. Leonetti wrote:
<blockquote cite="mid:4B9966C1.9060907@evolutionce.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
Gaiseric Vandal wrote:
<blockquote cite="mid:4B99522A.8080208@gmail.com" type="cite">
<pre wrap="">Maybe a NAT thing?
The following entry under config section may help
nat_traversal=yes
Do you also have Windows VPN clients? Do they have the same problem?
The general issue I had with Sonicwall was DPD (dead peer detection)
packets that didn't go through NAT.
On 03/11/2010 01:52 PM, Mike A. Leonetti wrote:
</pre>
<blockquote type="cite">
<pre wrap="">It seems at random times the tunnel between the machine and the
Sonicwall device keep disconnecting. I haven't been able to isolate how
long it takes or why. Are there any options I may be missing?
Config:
conn sonicwall
left=x.x.x.x
leftsourceip=10.1.1.1
leftsubnet=10.1.1.0/24
leftid=x.x.x.x
right=y.y.y.y
rightsubnet=10.10.12.0/24
rightid=y.y.y.y
keyingtries=0
pfs=no
aggrmode=yes
auto=start
auth=esp
esp=3des-sha1
ike=3des-sha1
authby=secret
keyexchange=ike
_______________________________________________
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:Users@openswan.org">Users@openswan.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</a>
Building and Integrating Virtual Private Networks with Openswan:
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a>
</pre>
</blockquote>
<pre wrap=""><!---->
_______________________________________________
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:Users@openswan.org">Users@openswan.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</a>
Building and Integrating Virtual Private Networks with Openswan:
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a>
</pre>
</blockquote>
This is the rest of my config:<br>
<br>
version 2.0<br>
<br>
config setup<br>
nat_traversal=yes<br>
oe=off<br>
protostack=netkey<br>
<br>
I don't have any Windows users on these.<br>
<br>
</blockquote>
<br>
What model and OS for the sonicwall? You may want to check the DPD
settings on the sonicwall. On my system VPN-> Advanced. Enable
DPD. I have the interval set to 30 secs. I do not have "enable DPD
detection for idle sessions" enabled. I don't remember if the VPN
server is so supposed to initiate a DPD exchange with the client of
vice versa- either way DPD doesn't go through NAT properly in one of
the directions (or it uses the wrong port.) I do remember that I
also had to change the interval from 90 to 30 seconds, other wise the
client would time out. <br>
<br>
The benefit of trying it with a Windows client is that it may help you
determine if the problem is a client or server side. If you can
someone assign a real public IP to a linux VPN client, you could also
rule out client side NAT issues that way. <br>
<br>
<br>
<br>
<br>
<br>
</body>
</html>