[Openswan Users]

Paul Wouters paul at xelerance.com
Sat Apr 16 01:47:17 CEST 2005

On Fri, 15 Apr 2005, Oskar Liljeblad wrote:

> I'm having trouble with my IPsec configuration. It seems to go down and up
> quite frequently. It stays down, or up for that matter, for an hour or
> longer.

> 15:42:23 pluto[406]: "dlink-subnet-alpha-subnet" #40: ISAKMP SA established 
> Then a little later:
> 15:57:00 alpha pluto[406]: "dlink-subnet-alpha-subnet" #39: received Delete SA payload: deleting ISAKMP State #39
> 15:57:00 alpha pluto[406]: packet from 194.XXX.XXX.XXX:500: received and ignored informational message

The other end is hanging up. It might tell you in its logs why.

> It's just a matter of restarting Openswan to reinitialize the VPN. Note that
> I get this weird error in my daemon log after the VPN has successfully
> started:

Sometimes one end is more liberal in what it acepts then in what it sends,
so a connection that gets initiated by A to B will work, but if B starts a
rekey before A it will fail (and sometimes A will rekey first and it will work).

Double check your configuration. A workaround might be for the openswan side
to use a shorter keylife, so that it will always be the one initiating a rekey.

See the options keylife and ikelifetime.

But the best thing would be to see the logs of the other end and check why it
decides to hang up the vpn connection.


More information about the Users mailing list