[Openswan Users] windows roadwarrior don't rekey!

foren titze freeswan at gmx.net
Mon May 24 16:43:30 CEST 2004 

hello users,

i have set up an ipsec/l2tp tunnel with x509 certs between windowsxp and linux 
server.

our situation is that i have set the keylife to one hour for the roadwarrior, 
because when the user of the notebook disconnect his internet-connection 
before he closed the tunnel, the tunnel still be established. now I thought I 
limit the time and so the tunnel breaks after the time of 20 minutes.
BUT the windows roadwarrior wouldn't rekey ( renegotiate ) the connection.
After this time, the tunnel collapses and I get this error message in 
auth.log.

-------------------
May 24 14:46:23 linux-vpn pluto[5409]: "titze_laptop"[5] 62.96.xxx.131:4500 
#19: IPsec SA expired (LATEST!)
May 24 14:46:24 linux-vpn pluto[5409]: "titze_laptop"[5] 62.96.xxx.131:4500 
#23: responding to Quick Mode
May 24 14:46:24 linux-vpn pluto[5409]: "titze_laptop"[5] 62.96.xxx.131:4500 
#23: transition from state (null) to state STATE_
QUICK_R1
May 24 14:46:24 linux-vpn pluto[5409]: "titze_laptop"[5] 62.96.xxx.131:4500 
#24: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+
DISABLEARRIVALCHECK
May 24 14:46:24 linux-vpn pluto[5409]: ERROR: "titze_laptop"[5] 
62.96.xxx.131:4500 #23: pfkey write() of SADB_X_ADDFLOW messa
ge 59 for flow esp.866856c7 at 62.96.xxx.131 failed. Errno 14: Bad address
May 24 14:46:24 linux-vpn pluto[5409]: |   02 0e 00 03  17 00 00 00  3b 00 00 
00  21 15 00 00
May 24 14:46:24 linux-vpn pluto[5409]: |   02 00 01 00  86 68 56 c7  00 00 00 
00  02 00 00 00
May 24 14:46:24 linux-vpn pluto[5409]: |   03 00 05 00  00 00 00 00  02 00 06 
a5  3e 60 13 9c
May 24 14:46:24 linux-vpn pluto[5409]: |   00 00 00 00  00 00 00 00  03 00 06 
00  00 00 00 00
May 24 14:46:24 linux-vpn pluto[5409]: |   02 00 06 a5  3e 60 13 83  00 00 00 
00  00 00 00 00
May 24 14:46:24 linux-vpn pluto[5409]: |   03 00 15 00  00 00 00 00  02 00 06 
a5  3e 60 13 9c
May 24 14:46:24 linux-vpn pluto[5409]: |   00 00 00 00  00 00 00 00  03 00 16 
00  00 00 00 00
May 24 14:46:24 linux-vpn pluto[5409]: |   02 00 06 a5  3e 60 13 83  00 00 00 
00  00 00 00 00
May 24 14:46:24 linux-vpn pluto[5409]: |   03 00 17 00  00 00 00 00  02 00 ff 
ff  ff ff ff ff
May 24 14:46:24 linux-vpn pluto[5409]: |   31 00 06 08  00 00 00 00  03 00 18 
00  00 00 00 00
May 24 14:46:24 linux-vpn pluto[5409]: |   02 00 ff ff  ff ff ff ff  c0 c4 0f 
08  65 73 70 2e
May 24 14:46:24 linux-vpn pluto[5409]: |   01 00 1a 00  11 00 00 00
May 24 14:46:24 linux-vpn pluto[5409]: "titze_laptop"[5] 62.96.xxx.131:4500 
#18: ignoring informational payload, type INVALID
_ID_INFORMATION
-------------------

conn %default
     dpdaction=clear
     keylife=20m
     keyingtries=3
     disablearrivalcheck=yes


what's wrong? 

thanks a lot

More information about the Users mailing list