[Openswan Users] IPSec, Windows XP/2000 and Dead Peer Detection
Jacco de Leeuw
jacco2 at dds.nl
Wed Oct 12 13:02:50 CEST 2005
Andrej Trobentar wrote:
> I have the same problem as Duncan Reed in the thread "IPSec Connections
> hanging around after Windows L2TP die or exit" - here's the summary :
>
>>>Windows IPSec/L2TP clients connect fine, they do some work, they lose
>>>there connection while NOT being idle at a (seemly) random period of
>>>time (Happened from anywhere between 5 mins to 1hr+).
>>>
>>>Eventually (I guess) the dead peer connection picks it up and you see
>>>it go into %hold. At some point I think after dpdtimeout is reach its
>>>cleared.
Windows does not support Dead Pear Detection (DPD) so I cannot imagine
that DPD is involved. Did you check the logs at either side to see what
causes the disconnects?
>>>Until it clears the client with that ip address cannot log back into
>>>the VPN.
>>>
>>>You can see when the client tries to log back in and the connection is
>>>on hold ....
Are those Windows clients behind NAT, by any chance? There have been a few
NAT-T related fixes in Openswan 2.4.x. You might want to try that version.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
Mosquitos suck
More information about the Users
mailing list