[Openswan Users] 10 minute timeouts?
Matthew Claridge
mclaridge at rwa-net.co.uk
Wed Dec 15 12:20:58 CET 2004
on 15/12/2004 11:59 John A. Sullivan III said the following:
>On Wed, 2004-12-15 at 06:41, Matthew Claridge wrote:
>
>
>>Hi,
>>
>>We're connecting between an RHEL server running Openswan and a Cisco
>>VPN concentrator. Everything seems to work fine except for a small
>>anomaly.
>>
>>We've been running a script which sends a message through the vpn to
>>an http server at the other end every second. The replky is received
>>almost immediately. However, every ten minutes, for a period of 3
>>seconds, the messages get lost, presumably within the vpn somewhere.
>>
>>We haven't narrowed down which end they're being lost at yet, although
>>we have tcpdump traces to look at, but does anyone know of any
>>10minute timeouts ot something similar which might explain this? We're
>>at a loss to explain this and would appreciate any ideas...
>>
>>
><snip>
>The three second recovery seems oddly short otherwise I would wonder if
>one side is not accepting the other side's renegotiation of the SA. It
>could be that the differences in expiration are such that every ten
>minutes the side which is not accepted initiates renegotiation. The
>other side ignores it, no traffic passes because the initiating side has
>expired, then the side which did not accept the offer initiates its own
>renegotiation and the tunnel jumps back to life. However, I would
>expect a longer gap than three seconds in such a case.
>
>Are there any external factors like some process that runs every ten
>minutes which saturates the WAN links or disrupts the network?
>
>
There are no external factors that we know of, but we can't yet be
totally sure of the remote end - it seems unlikely at this time though.
Matt
More information about the Users
mailing list