[Openswan Users] Vigor2600 & Openswan 2.4.5rc5

Roberto Fichera kernel at tekno-soft.it
Wed Feb 22 17:14:36 CET 2006


At 17.51 21/02/2006, Roberto Fichera wrote:
 >At 17.42 21/02/2006, Paul Wouters wrote:
 >
 > >On Tue, 21 Feb 2006, Roberto Fichera wrote:
 > >
 > >> Feb 21 11:35:10 vpn pluto[10117]: "vigor2600-vpn" #20: 
STATE_QUICK_I2: sent
 > >> QI2, IPsec SA established {ESP=>0xfefcfa5f <0x68a5327b
 >xfrm=3DES_0 HMAC_SHA1
 > >> NATD=none DPD=none}
 > >> Feb 21 11:35:10 vpn pluto[10117]: "vigor2600-vpn" #5: received Delete
 > >> SA(0xfefcfa5e) payload: deleting IPSEC State #10
 > >
 > >The vigor is not set to allow dailin, or you are trying two ipsec SA's to
 > >it with a different subnet= which is not supported (bug) with the vigors.
 > >
 > >What you see is the vigor hanging up.
 >
 >I see many of this problems on vigor side. Basically the connection is
 >dead because the vigor doesn't drop the tunnel while Openswan is
 >trying to rekey it, than it seems to open a second tunnel while the previous
 >one is alive. The vigor above is setted to have only one VPN, only for
 >dial-in, with a idle timeout as 9600 nothing else. All the configuration
 >are basically equal to the URL http://www.xtdnet.nl/paul/vigor/.

Finally seems that I have solved the problem :-)!

Basically I set the idle timeout to zero for the dial-in only profile on
the vigor2600 side and "magically" all the problems disappear!
Now the tunnel stay up more than one day, so I hope now it's
working as well!

 >
 > >
 > >Paul
 >
 >Roberto Fichera.
 >
 >_______________________________________________
 >Users at openswan.org
 >http://lists.openswan.org/mailman/listinfo/users
 >Building and Integrating Virtual Private Networks with Openswan:
 >http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
 >

Roberto Fichera. 



More information about the Users mailing list