[Openswan Users] Checkpoint connection problems
Brent Foster
Brent.Foster at int-sol.com
Tue Aug 17 12:48:28 CEST 2004
Keylife of 1h didn't do the trick... I had tried that before anyways.
I ended up writing a quick script to monitor the tunnel and reset it
if there was a problem. Looking at the logs from my script, it appears
to be totally random disconnect times. Any other ideas?
Mon Aug 16 14:23:01 EDT 2004 Restarting AGF 1 Tunnel (Tunnel dropped)
Mon Aug 16 16:55:00 EDT 2004 Restarting AGF 1 Tunnel (Tunnel dropped)
Mon Aug 16 19:27:00 EDT 2004 Restarting AGF 1 Tunnel (Tunnel dropped)
Mon Aug 16 22:00:01 EDT 2004 Restarting AGF 2 Tunnel (Tunnel dropped)
Mon Aug 16 23:46:00 EDT 2004 Restarting AGF 1 Tunnel (Tunnel dropped)
Tue Aug 17 00:47:00 EDT 2004 Restarting AGF 1 Tunnel (Tunnel dropped)
Tue Aug 17 01:48:00 EDT 2004 Restarting AGF 1 Tunnel (Tunnel dropped)
Tue Aug 17 02:49:00 EDT 2004 Restarting AGF 1 Tunnel (Tunnel dropped)
Tue Aug 17 06:54:00 EDT 2004 Restarting AGF 2 Tunnel (Tunnel dropped)
Tue Aug 17 08:37:01 EDT 2004 Restarting AGF 1 Tunnel (Tunnel dropped)
Tue Aug 17 09:38:00 EDT 2004 Restarting AGF 1 Tunnel (Tunnel dropped)
Thanks,
Brent
> -----Original Message-----
> From: Paul Wouters [mailto:paul at xelerance.com]
> Sent: Sunday, August 15, 2004 4:54 PM
> To: Brent Foster
> Cc: users at lists.openswan.org
> Subject: Re: [Openswan Users] Checkpoint connection problems
>
> On Sun, 15 Aug 2004, Brent Foster wrote:
>
> > connection to a Checkpoint FW1 box and the tunnel works
> fine, except
> > that it will stop working after a few hours. Sometimes it will
> > auto-recover, sometimes I have to -down and -up the tunnel. In all
> > cases OpenSwan thinks the tunnel is up and will route
> traffic across
> > the ipsec0 interface.
>
> > keylife=8h
>
> Try setting the keylife to 1h. That will force Openswan to
> rekey before the Checkpoint gets into its (I guess buggy)
> state. If it works, can you send a message back to the list
> so we can update our Wiki?
>
> I am not sure what happened to the october 2003 archive, it
> only starts from december 2003. Perhaps we moved servers and
> lost the archive at that point.
>
> Paul
>
>
More information about the Users
mailing list