[Openswan Users] "Delete SA payload" killing tunnel
Matthew Claridge
mclaridge at rwa-net.co.uk
Fri Oct 15 18:02:31 CEST 2004
Well, looks like I've sorted that problem..........
However, the tunnel is going idle when there's no traffic through it and
it isn't 'woken up' by traffic coming from the remote (cisco) end, only
if I send traffic from this end.
Seeing as most of the traffic comes through from the other end, this is
a bit of a problem. Short of having a script which pings the remote side
every 5 minutes, is the a way to make openswan keep the tunnel up, or at
least allow remote traffic to wake it up?
cheers
Matt
on 13/10/2004 10:44 Matthew Claridge said the following:
> Hi,
>
> I've got a working openswan tunnel to a Cisco VPN 3000. Everything is
> fine most of the time - SAs are replaced periodically and the tunnel
> stays up.
>
> However, the Cisco box is sending regular "Delete SA" payloads, which
> causes Openswan to delete its ISAKMP SA. This kills the tunnel and the
> only way to bring it back up is to restart ipsec completely.
>
> Is there any way I can make openswan ignore these payloads? I don't
> see any need for them as the SAs are being regularly deleted anyway
> and replaced with new ones. Is this an Openswan bug or an
> incompatibility issue or something else?
>
> cheers
> Matt
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
> _____________________________________________________________________
> This e-mail has been scanned for viruses by MCI's Internet Managed
> Scanning Services - powered by MessageLabs. For further information
> visit http://www.mci.com
>
> _____________________________________________________________________
> This e-mail has been scanned for viruses by MCI's Internet Managed
> Scanning Services - powered by MessageLabs. For further information
> visit http://www.mci.com
--
*Matthew Claridge*
Product Support Engineer
RWA Limited
Direct line: 02920 815 054
Email: mclaridge at rwa-net.co.uk
Web: www.rwa-net.co.uk
More information about the Users
mailing list