[Openswan Users] Roadwarrior L2TP connection drops after 2hours, openswan <=> XPSP2

[Ronald Moesbergen]

-----Original Message-----
From: users-bounces at openswan.org on behalf of Jacco de Leeuw
Sent: Sat 1/29/2005 17:59
To: users at openswan.org
Subject: Re: [Openswan Users] 	Roadwarrior L2TP connection drops after 2hours, openswan <=> XPSP2

Hi Jacco, 

>> I'm using openswan 2.3.0, kernel 2.6.10 with NETKEY for our company to
>> support roadwarriors with XP SP2 machines calling into our network with
>> L2TP using certificates (rp-lt2pd). Everything works great, connection
>> is ok, but after 2 hours of use the connection is suddenly lost. I heard
>> there were some problems with 2.3.0, but we have a customer with a cisco
>> 3000 that only accepts XAUTH, so I must use version 2.3.0.

>I have not yet tested such a setup myself. Unfortunately I don't have time
>at the moment.

>> no IKE algorithms for this connection 
>> NAT-Traversal: Only 0 NAT-D - Aborting NAT-Traversal negociation

>I suspect the problem starts here. Do you get the same problem when you
>disable AES and/or the XP SP2 is not behind NAT? Is there a chance that
>you can disable XAUTH for two hours and see if that solves the problem?

I think I was a little unclear: the XP clients are not using XAUTH, just NAT-T. At the moment I don't have access to a directly connected XPSP2 machine, so I can't test without NAT, sorry. I actually received some replies about this problem off-list from some of the developers and I sent them some debug info. They also asked me to try the CVS-HEAD version, which I'm doing right now. So far it looks good, I have been able to sustain a connection from one machine for more than 2 hours. I'll need some more testing on different machines to be sure though.

>The "negociation" line probably comes from Mathieu Lafon's NAT-T code
>because in English the correct word is "negotiation".

Yeah, I noticed that typo too. :)

>Jacco

Thanks for your reply, I'll let you know the outcome.

Regards,
Ronald.