[Openswan Users] 10 minute timeouts? / invalid_spi
Matthew Claridge
mclaridge at rwa-net.co.uk
Thu Dec 16 17:24:58 CET 2004
on 15/12/2004 11:51 Paul Wouters said the following:
> On Wed, 15 Dec 2004, Matthew Claridge wrote:
>
>> We've been running a script which sends a message through the vpn to
>> an http server at the other end every second. The
>> replky is received almost immediately. However, every ten minutes,
>> for a period of 3 seconds, the messages get lost,
>> presumably within the vpn somewhere.
>>
>> We haven't narrowed down which end they're being lost at yet,
>> although we have tcpdump traces to look at, but does anyone
>> know of any 10minute timeouts ot something similar which might
>> explain this? We're at a loss to explain this and would
>> appreciate any ideas...
>
>
> Check the logfiles. Are you rekeying every 10 minutes?
>
> Are you using KLIPS or NETKEY? This might be a packet caching issue.
>
> Paul
well, the 10 minute thing seems to have disappeared......
however, the vpn has now decided not to work at all. Suddenly, we are
receiving an INVALID_SPI error for all our dpd packets and responses.
Given that this has been running happily for quite some time, we can see
no reason for this to happen as nothing has changed at either end.
Are there any common causes for receiving this error message?
cheers
Matt
More information about the Users
mailing list