[Openswan Users]
Paul Wouters
paul at xelerance.com
Tue Aug 1 06:44:55 CEST 2006
On Tue, 1 Aug 2006, arno van der walt wrote:
> We've dropped the IPSec SA timer down to one hour and our tunnel dropped 45
> minutes into every hour as the Pix tried to rekey. It is currently set to
> 28800 for bith SA's.
>
> We're running Fedora Core 4, Openswan 2.4.4, kernel 2.6.17.
>
> Take a look at the DPD, it just keeps on incrementing, almost as if DPD is not
> interopreable.
This looks like bug #452: dpdaction=restart doesn't clear or restart quick mode SAs
Please try upgrading to 2.4.6rc5 and see if the problem goes away. 2.4.6 will likely
be released on wednesday.
> Would upgrading to 2.4.5 with the DPD enhancements help? We're fairly open to
> suggestion at this stage.
This DPD bug was fixed after 2.4.5, but 2.4.6 has not yet been released. That's
why I'm suggesting you try our release candidate 2.4.6c5.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list