[Openswan Users] Lack of communication after a few time...
Jacco de Leeuw
jacco2 at dds.nl
Thu Aug 4 17:54:23 CEST 2005
Stefano Pazzaglia wrote:
> I've set up a VPN Server with Openswan 2.3.1 with NAT-T patch
> and (almost) everything works. Connection starts and I can work in VPN but
> after some hours (very often between 296,297 minutes) after connection has
> started communication falls
This sounds like a bug that is fixed in the upcoming Openswan 2.4.0:
* Fix for NAT-T/PSK rekey (Ulrich @ Astaro)
> #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: both are
> NATed
I have not done much testing with double NAT, sorry.
> #1: I did not send a certificate because I do not have one.
It seems you are using a PSK. I recommend using certificates instead,
because of the NAT-T and because of better security in general.
> Jul 6 16:36:22 Orione pluto[32645]: "roadwarrior-l2tp"[2] xxx.xxx.xxx.82
> #1: cannot respond to IPsec SA request because no connection is known for
> xxx.xxx.xxx.85/32===xxx.xxx.xxx.91:17/1701...xxx.xxx.xxx.82[@org28.icdoc.local]:17/1701
You could post your ipsec.conf so that people can analyse it.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list