[Openswan Users] Lack of communication after a few time...
stefano.pazzaglia at fastwebnet.it
stefano.pazzaglia at fastwebnet.it
Fri Aug 5 11:09:37 CEST 2005
No way, VPN refuses to work with these changes...I've set keyingtries back
to 3 (I agree this setting is better...) and I've extended keylife and ikeylifetime
to 8 and 24 hours (their max values). Now comunication lasts almost 8 hours
and then already seen error messages appear. I would like to know how pluto
can't delete roadwarrior route automatically; in fact,I can manuallly connect
and disconnect thousands of time without problems, but when pluto tries reconnection
by itself route erasing problem occurs.
I don't know what to think...
>-- Original Message --
>Date: Thu, 04 Aug 2005 17:51:49 +0200
>From: Jacco de Leeuw <jacco2 at dds.nl>
>To: stefano.pazzaglia at fastwebnet.it
>Subject: Re: [Openswan Users]
>
>
>
>> #virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.1.0/24,%v4:!192.168.0.0/24
>> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
>
>
>If 192.168.0.0/24 is your internal network (as roadwarrior-net seems to
imply)
>then the line that you commented out is the one that is correct.
>
>> conn %default
>> #keyingtries=3
>> keyingtries=0
>
>I don't recommend keyingtries=0 for Road Warriors, because the
>connection will be retried indefinitely after it is set up.
>
>> compress=yes
>> disablearrivalcheck=no
>> authby=secret
>> type=tunnel
>> keyexchange=ike
>> ikelifetime=240m
>> keylife=60m
>
>I never had to specify these explicitly. Openswan's defaults should be
>fine. You could try to comment out these. And move the authby= to the
>individual connection sections.
>
>> conn roadwarrior-l2tp
>> leftsubnet=192.168.0.0/24
>
>No, this is not correct. Can you replace this
>with leftnexthop=192.168.0.1 (or whatever the IP
>address is of the NAT router before the VPN server).
>Idem for roadwarrior-l2tp-updatedwin.
>
>I still recommend certificates instead of PSKs.
>
>Jacco
>--
>Jacco de Leeuw mailto:jacco2 at dds.nl
>Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list