[Openswan Users] Newbie help with Cisco to Openswan
Sean Waite
swaite at sbn-services.com
Sun Aug 6 14:46:54 EDT 2006
I have a VPN to a Cisco PIX, the Openswan side is on Endian firewall v2.0. I previously was using m0n0wall (FreeBSD) for an IPSEC
connection. Although I did have some issues, they were nothing like I have recently just experienced when switching to Endian. The
first machine set up was a P2 400mhz with 128MB RAM. I upgraded to a P3 500Mhz with 768, and performance wise this worked great. The
VPN worked just fine for a week or so, but the last few days it has gone haywire. At least once a day the connection goes dead, I just
ping to a device at the other end and all is fine.
Today it went down completely. Although both ends indicated a tunnel with SAs were formed, no traffic went through. Strangely I left
for about 5 hours, came back to work on it and wouldn't you know, it works again.
Sadly, this is the only log message of interest on the Openswan side:
Aug 6 18:54:01 pluto[2688] "CSO" #9: R_U_THERE_ACK has invalid rcookie (tolerated)
Aug 6 18:55:31 pluto[2688] "CSO" #9: R_U_THERE_ACK has invalid icookie
Correct me if I am wrong, but this is a rather meaningless error message anyways. I looked through Cisco's site and found nothing in
reference to "R_U_THERE_ACK" or DPD.
Anyone have any ideas on how or what could be the problem? The Cisco to Openswan is basically your standard config, nothing special,
using AES-256 and pre-shared key.
Sean Waite
More information about the Users
mailing list