[Openswan Users]

Paul Wouters paul at xelerance.com
Tue Aug 1 06:44:55 CEST 2006

On Tue, 1 Aug 2006, arno van der walt wrote:

> We've dropped the IPSec SA timer down to one hour and our tunnel dropped 45
> minutes into every hour as the Pix tried to rekey. It is currently set to
> 28800 for bith SA's.
> We're running Fedora Core 4, Openswan 2.4.4, kernel 2.6.17.
> Take a look at the DPD, it just keeps on incrementing, almost as if DPD is not
> interopreable.

This looks like bug #452: dpdaction=restart doesn't clear or restart quick mode SAs
Please try upgrading to 2.4.6rc5 and see if the problem goes away. 2.4.6 will likely
be released on wednesday.

> Would upgrading to 2.4.5 with the DPD enhancements help? We're fairly open to
> suggestion at this stage.

This DPD bug was fixed after 2.4.5, but 2.4.6 has not yet been released. That's
why I'm suggesting you try our release candidate 2.4.6c5.

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list