[Openswan Users] Vigor2600 & Openswan 2.4.5rc5
Roberto Fichera
kernel at tekno-soft.it
Tue Feb 21 17:51:25 CET 2006
At 17.42 21/02/2006, Paul Wouters wrote:
>On Tue, 21 Feb 2006, Roberto Fichera wrote:
>
>> Feb 21 11:35:10 vpn pluto[10117]: "vigor2600-vpn" #20: STATE_QUICK_I2: sent
>> QI2, IPsec SA established {ESP=>0xfefcfa5f <0x68a5327b
xfrm=3DES_0 HMAC_SHA1
>> NATD=none DPD=none}
>> Feb 21 11:35:10 vpn pluto[10117]: "vigor2600-vpn" #5: received Delete
>> SA(0xfefcfa5e) payload: deleting IPSEC State #10
>
>The vigor is not set to allow dailin, or you are trying two ipsec SA's to
>it with a different subnet= which is not supported (bug) with the vigors.
>
>What you see is the vigor hanging up.
I see many of this problems on vigor side. Basically the connection is
dead because the vigor doesn't drop the tunnel while Openswan is
trying to rekey it, than it seems to open a second tunnel while the previous
one is alive. The vigor above is setted to have only one VPN, only for
dial-in, with a idle timeout as 9600 nothing else. All the configuration
are basically equal to the URL http://www.xtdnet.nl/paul/vigor/.
>
>Paul
Roberto Fichera.
More information about the Users
mailing list