[Openswan Users] Vigor2600 & Openswan 2.4.5rc5
Roberto Fichera
kernel at tekno-soft.it
Wed Feb 22 17:14:36 CET 2006
At 17.51 21/02/2006, Roberto Fichera wrote:
>At 17.42 21/02/2006, Paul Wouters wrote:
>
> >On Tue, 21 Feb 2006, Roberto Fichera wrote:
> >
> >> Feb 21 11:35:10 vpn pluto[10117]: "vigor2600-vpn" #20:
STATE_QUICK_I2: sent
> >> QI2, IPsec SA established {ESP=>0xfefcfa5f <0x68a5327b
>xfrm=3DES_0 HMAC_SHA1
> >> NATD=none DPD=none}
> >> Feb 21 11:35:10 vpn pluto[10117]: "vigor2600-vpn" #5: received Delete
> >> SA(0xfefcfa5e) payload: deleting IPSEC State #10
> >
> >The vigor is not set to allow dailin, or you are trying two ipsec SA's to
> >it with a different subnet= which is not supported (bug) with the vigors.
> >
> >What you see is the vigor hanging up.
>
>I see many of this problems on vigor side. Basically the connection is
>dead because the vigor doesn't drop the tunnel while Openswan is
>trying to rekey it, than it seems to open a second tunnel while the previous
>one is alive. The vigor above is setted to have only one VPN, only for
>dial-in, with a idle timeout as 9600 nothing else. All the configuration
>are basically equal to the URL http://www.xtdnet.nl/paul/vigor/.
Finally seems that I have solved the problem :-)!
Basically I set the idle timeout to zero for the dial-in only profile on
the vigor2600 side and "magically" all the problems disappear!
Now the tunnel stay up more than one day, so I hope now it's
working as well!
>
> >
> >Paul
>
>Roberto Fichera.
>
>_______________________________________________
>Users at openswan.org
>http://lists.openswan.org/mailman/listinfo/users
>Building and Integrating Virtual Private Networks with Openswan:
>http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
Roberto Fichera.
More information about the Users
mailing list