[Openswan Users] 10 minute timeouts?

Matthew Claridge mclaridge at rwa-net.co.uk
Wed Dec 15 12:20:58 CET 2004

on 15/12/2004 11:59 John A. Sullivan III said the following:

>On Wed, 2004-12-15 at 06:41, Matthew Claridge wrote:
>>We're connecting between an RHEL server running Openswan and a Cisco
>>VPN concentrator. Everything seems to work fine except for a small
>>We've been running a script which sends a message through the vpn to
>>an http server at the other end every second. The replky is received
>>almost immediately. However, every ten minutes, for a period of 3
>>seconds, the messages get lost, presumably within the vpn somewhere. 
>>We haven't narrowed down which end they're being lost at yet, although
>>we have tcpdump traces to look at, but does anyone know of any
>>10minute timeouts ot something similar which might explain this? We're
>>at a loss to explain this and would appreciate any ideas...
>The three second recovery seems oddly short otherwise I would wonder if
>one side is not accepting the other side's renegotiation of the SA.  It
>could be that the differences in expiration are such that every ten
>minutes the side which is not accepted initiates renegotiation.  The
>other side ignores it, no traffic passes because the initiating side has
>expired, then the side which did not accept the offer initiates its own
>renegotiation and the tunnel jumps back to life.  However, I would
>expect a longer gap than three seconds in such a case.
>Are there any external factors like some process that runs every ten
>minutes which saturates the WAN links or disrupts the network?
There are no external factors that we know of, but we can't yet be 
totally sure of the remote end - it seems unlikely at this time though.


More information about the Users mailing list