[Openswan Users] more info on my little war with NAT-T
Albert Agusti
aagusti at serialnet.net
Tue Oct 26 22:07:33 CEST 2004
I've manually modified the file affected by the patch refered some
messages above. IT SEEMS TO WORK
I've patched the R (Responder) and now ISAKMP rekey works perfect when
tunnel gets initiated by remote end. I'm happy, very happy
after keylife expires, tunnel is still up and running.
I feel happy, very happy BUT :-(
Problem: If I simulate a reboot/crash/ipsec restart of the remote
(Initiator) side, the fuc... messages rise again saying fuc.. the same
So tunnel is no strong enough to support the remote (initiator) restart
But I can do down/up without problems as times I want.
Is this normal ? I supose isn't having to restart Tunnel server ipsec
when a client dies.
But for me is still unclear one thing about ipsec I/R rolls:
When you have two sides of a tunnel and you want to raise the secure
connection what is RECOMENDED ?
-Do "auto up" at both sides ?
-Decide who acts as a responder (server) and isue only "auto up" at
client (Intiatior) side ?
Which is the difference in the two cases and how does it affect ? I
suspect in second case there are two different tunnels, but are both
used ?
Thanks
Albert
More information about the Users
mailing list