[Openswan Users] VPN always up, but one way after a while
ghenry at suretecsystems.com
Mon Nov 20 18:05:37 EST 2006
Just quick one to try and confirm where I should be looking.
VPN is fine from a remote public IP into our network.
Public IP -- Gateway for that IP -- Internet -- Vigor 2600 -- Private Lan
Vigor 2600 and Openswan 2.4.7.
Traffic passes fine from the public machine into the private lan all the
time. The VPN is always up, but after a while you can't ping or get to
anything on the public ip machine, but the public ip machine can always
get to anything inside the private lan.
I tend to think this is a Vigor issue, as a VPN restart makes everything
work again. Could this be re-keying issues? Or fixing the settings in the
below "ipsec verify"?
"ipsec verfiy" on the public machine:
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.4.7/K2.6.9-42.0.2.ELsmp (netkey)
Checking for IPsec support in kernel [OK]
Testing against enforced SElinux mode [OK]
Hardware RNG detected, testing if used properly [OK]
NETKEY detected, testing for disabled ICMP send_redirects [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/send_redirects
or NETKEY will cause the sending of bogus ICMP redirects!
NETKEY detected, testing for disabled ICMP accept_redirects [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
or NETKEY will accept bogus ICMP redirects!
Checking for RSA private key (/etc/ipsec.secrets) [DISABLED]
ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [OK]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
#Disable Opportunistic Encryption
More information about the Users