[Openswan Users] Tunnels established, but reset in seconds
Paul Wouters
paul at xelerance.com
Tue Nov 2 22:19:59 CET 2004
On Tue, 2 Nov 2004, Charlie Hedlin wrote:
>> Running tcpdump and looking through the logs I can see it completing phase
>> I and starting phase II. It restarts every few seconds.
Likely the Vigor is sending Notify/Delete's. Try disabling the 'always on' feature
and just do 'call out', I noticed similar behaviour. Also, upgrade to the latest
version of the vigor firmware. Draytek did fixes things in the ipsec stack.
Make sure you are not doing 1DES, make sure you do not have 'medium security' (AH)
enabled. Make sure to enable PFS. If you define a subnet to tunnel on the vigor,
make sure to write it as proper subnet (eg 10.0.2.0) and not as host (eg 10.0.2.1)
despite properly configuring the subnet, this does not work (known bug at Draytek).
>> Here is the output of the commands to bring up the connection, and then a
>> Status shortly thereafter. I have barf output if it will help, but I don't
>> want to flood the list with that long of a message.
Your log did not contain enough information. Also, try enabling syslog on the
Vigor and redirect it to a linux box that does remote syslogging (not the box
you are running ipsec on!)
Also, if you change a configuration on the Vigor, reboot it. Since the vigor will
not restart the phase 1 connection if it is established.
Paul
More information about the Users
mailing list