[Openswan Users] Netgear FWAG114
randy at pillowfactory.org
randy at pillowfactory.org
Wed Mar 9 16:03:52 CET 2005
> Has anyone gotten the netgear fwag114 to work with openswan? I have
> gotten it to work for 8 hours and then I get "IPSec SA expired
> (Latest)" in my openswan log file and then it won't rekey. The
> ikelifetime=1440m and the keylife=480m in the ipsec.conf file. I have
> some netgear fvs318s working just fine with this same config. Any help
> is appreciated.
>
> Justin
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
Your Openswan won't/can't force the other end of the connection to
re-negotioate, so there's not much you can do configuration-wise for
Openswan. In my [extremely] limited experience, I can see two options:
1. Find the [hidden] configuration on the FWAG114 that sets it's max SA
life to 8 hours and/or not re-negotiate.
2. Write a process that tears down and rebuilds the tunnel with the
device every 7 hours.
Surely there's a better way?
RB
More information about the Users
mailing list