[Openswan Users] Windows clients expire idle connection
Walter Haidinger
walter.haidinger at gmx.at
Sun Jun 27 17:30:20 CEST 2004
On Sat, 26 Jun 2004, Paul Wouters wrote:
> On Sat, 26 Jun 2004, Walter Haidinger wrote:
>
> > Short: My Windows clients expire the IPsec connection after some time and
> > I'm not able to reestablish or keepalive the connection from my Linux
> > gateway. :-(
>
> > d. Anything else?
>
> Try enabling the Dead Peer Detection on the Linux end, and it might
> successfully tear down the broken tunnels.
Thanks, that helped! I don't know why, but the tunnels seem to be stable
now (tested for a couple of hours) despite I'm _not_ seeing any DPD
specific logs. Odd.
I assume XP already includes DPD capability, right? To put it another way:
Do I have to add the dpdxxx= options to the Windows ipsec.conf too? Right
now I've only added this on the Linux gateway. However, Openswan's
README.DPD says that both sides have to have a DPD timeout set.
> The broken tunnels might be due to inactivity over your NAT gateway.
> Taht one might actually be responsible for killing the connection.
The connections expire from the XP clients too which are directly
connected, i.e. not behind a NAT router.
Regards, Walter
More information about the Users
mailing list