[Openswan Users]

arno van der walt vex0r2002 at hotmail.com
Tue Aug 1 12:53:53 CEST 2006

>So are you saying it's OK if Openswan initiates, but it fails if the PIX
>initiates? Sounds like a firewall may be getting in your way. Do you
>have any iptables rules?

Sometimes the rekey does take place, sometimes it doesn't. We run iptables 
but explicitly permit protocol 50 and udp 500. It seems to fail on DPD at 
times. The DPD counter just keeps on increasing on Openswan.

We will try Paul Wouters suggestion and upgrade to 2.4.6.

>Maybe you're blocking the DPD traffic? Do you have DPD enabled on the
>Openswan box? Can we see logs and configs from it?
>(Actually, it seems like you have plutodebug=all set - please don't post
>logs in that case....)

DPD is enabled using the defaults.

