[Openswan Users] Netgear FWAG114

randy at pillowfactory.org randy at pillowfactory.org
Wed Mar 9 16:03:52 CET 2005

> Has anyone gotten the netgear fwag114 to work with openswan?  I have
> gotten it to work for 8 hours and then I get "IPSec SA expired
> (Latest)" in my openswan log file and then it won't rekey.  The
> ikelifetime=1440m and the keylife=480m in the ipsec.conf file.  I have
> some netgear fvs318s working just fine with this same config.  Any help
> is appreciated.
> Justin
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users

Your Openswan won't/can't force the other end of the connection to
re-negotioate, so there's not much you can do configuration-wise for
Openswan.  In my [extremely] limited experience, I can see two options:

1.  Find the [hidden] configuration on the FWAG114 that sets it's max SA
life to 8 hours and/or not re-negotiate.
2.  Write a process that tears down and rebuilds the tunnel with the
device every 7 hours.

Surely there's a better way?


More information about the Users mailing list