[Openswan Users]

Paul Wouters paul at xelerance.com
Thu Dec 9 17:26:34 CET 2004

On Thu, 9 Dec 2004, Duncan Reed wrote:

> Windows IPSec/L2TP clients connect fine, they do some work, they lose
> there connection while NOT being idle at a (seemly) random period of
> time (Happened from anywhere between 5 mins to 1hr+).
> Eventually (I guess) the dead peer connection picks it up and you see it
> go into %hold. At some point I think after dpdtimeout is reach its
> cleared.
> Until it clears the client with that ip address cannot log back into the
> VPN.

For roadwarrior connections you should always use dpdaction=clear. After
all, the roadwarrior can come back from another IP as well.
Only use dpdaction=hold on static tunnels.

As for the original prolbem, this might be a bug in the windows rekeying
method. e're looking into some reports and a proper fix.


More information about the Users mailing list