[Openswan Users]

[Paul Wouters]

On Tue, 4 Oct 2005, Nicolas Ross wrote:

> Earlier this year, I posted a message reguarding this problem, and didn't had 
> any follow-ups. And I haven't been able to found a solution for this.
>
> I have a openswan to checkpoint tunnel that, after some time of inactivity,
> closes. If I ping, for 10 to 20 seconds, the tunnel re-opens and stays up
> for 20 minutes of so.

There are various interop problems with checkpoint, which we believe to be
all bugs at the checkpoint end.

> here's a sample of one of the checkpoint-openswan tunnel :
>
> conn bos22
>       esp=3des-md5
>       left=some_ip
>       leftsubnet=some_subnet
>       leftnexthop=some_ip
>       right=some_ip
>       rightsubnet=some_subnet
>       rightnexthop=some_ip
>       keyexchange=ike
>       auth=esp
>       pfs=no
>       auto=add
>       authby=secret
>
> The tunnel works and establishes correctly, but closes after some inactivity.

I suggest playing with keylife= and ipseckeylife= to ensure that the rekeying
happens by one end only, the one end that is confirmed to be able to initiate
the connection.

Paul