<div><br></div><div class="gmail_quote">On Mon, Dec 27, 2010 at 11:35 PM, Paul Wouters <span dir="ltr"><<a href="mailto:paul@xelerance.com">paul@xelerance.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">On Mon, 27 Dec 2010, Spacelee wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
my system : xl2tp + openswan + ppp + freeradius + mysql <br>
I set simultaneous-use = 1 for a test account in freeradius to limit the online of one account at the same time.<br>
my problem is when my WiFi or Mac OS shutdown suddenly, there is no time for client to send disconnect signal to the server, so that server will still<br>
think the client is online, when the account try to log in next time, it will meet authentication problem, as server thought it's already online.<br>
</blockquote>
<br></div>
This should work without problems. Perhaps you are using an old version of openswan?<div class="im"><br></div></blockquote><div> </div><div>This is my version, should I use the newest one?</div><div><br></div><meta charset="utf-8"><div>
ipsec --version</div><div>Linux Openswan U2.6.24rc5/K2.6.26-2-xen-amd64 (netkey)</div><div>See `ipsec --copyright' for copyright information.</div><div><br></div><div><div>xl2tpd --version</div><div>xl2tpd version: xl2tpd-1.2.5</div>
</div><div><br></div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
My question is in openswan or xl2tp, is there any configuration could reach this same effect? <br>
</blockquote>
<br></div>
You could enable DPD (see man ipsec.conf) might I'm not sure if OSX supports them.<br></blockquote><div><br></div><div><br></div><div>I think I have already enabled all of them : </div><div>conn L2TP-PSK-NAT</div><div>
overlapip=yes</div><div> rightsubnet=vhost:%priv</div><div> also=L2TP-PSK-noNAT</div><div><br></div><div>conn L2TP-PSK-noNAT</div><div> authby=secret</div><div> pfs=no</div><div> auto=add</div>
<div># keyingtries=3</div><div> rekey=no</div><div> ikelifetime=8h</div><div> keylife=1h</div><div> type=transport</div><div> left=xx.xx.xx.xx</div><div> leftprotoport=17/1701</div>
<div> right=%any</div><div> rightprotoport=17/%any</div><div> dpddelay=30</div><div> dpdtimeout=60</div><div> dpdaction=clear </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<font color="#888888">
<br>
Paul<br>
</font></blockquote></div><br><br clear="all"><br>-- <br><div><b>Space Lee</b></div><br>