[Openswan Users]
Paul Wouters
paul at xelerance.com
Wed Nov 2 18:36:58 CET 2005
On Wed, 2 Nov 2005, DIAS DA SILVA Loïc wrote:
> I have a very little appointment with an ipsec tunnel between openswan
> 2.2.0-8 (debian stable) and checkpoint fw-1.
> west: 172.16.(49/50).0/24 --> [172.16.(49/50).254 / 192.168.1.2] -->
> {192.168.1.1 / IPEXT1}(cisco)
> ====
> east: [IPEXT2 / 10.234.(120/122).254] --> 10.234.(120/122).0/(23/25)
>
> the tunnel is established between 192.168.1.2(via a port redirection
> from IPEXT1) and IPEXT2
> I have to issue a ping from 172.16.49.0/24 to 10.234.120.0/23
> (swan->fw-1) before the ping from 10.234.120.0/23 to 172.16.49.0/24
> (fw-1->swan) works.
> If i do this first ping, all is ok, in the two sides. But it works for
> about 10 minutes.
> After these 10 minutes, i have to re-issue a ping.
This sounds like it could be a rekey issue. Try adding 'rekey=no' to that
one connection that is giving problems.
> The more strange thing i can say is that no log is written while
> performing this operation :
Are there any logs on the checkpoint? Is it saying why it is dropping
packets?
Paul
More information about the Users
mailing list