[Openswan Users] vpn connection after internet reconnect
Axel.Thimm at ATrpms.net
Sun Nov 26 13:35:23 EST 2006
On Sun, Nov 26, 2006 at 12:09:06AM +0100, Axel Thimm wrote:
> On Sun, Nov 26, 2006 at 12:02:31AM +0100, Paul Wouters wrote:
> > On Sat, 25 Nov 2006, Axel Thimm wrote:
> > > > If both ends support it, you can enable Dead Peer Detection. It will
> > > > cause the tunnel to recover faster.
> > >
> > > I'll try that, I thought that was already enabled (by the comments on
> > > the manpage the values for dpddelay/dpdtimeout already have non-zero
> > > default). But I should change dpdaction to clear and perhaps lower the
> > > dpdtimeout, or are 120+ seconds OK for keeping up the TCP connections
> > > over that tunnel?
> > I don't think dpdaction=restart will work if your ip address changed,
> > so you probably should use dpdaction=clear and have the updown script
> > do an ipsec auto --replace conn and ipsec auto --up conn.
> Until now I wasn't ware of the restart option, I found it about half
> an hour ago by grepping through my archives. Makeing the laptop
> "restart" seems to restablish the connection in the logs, but I still
> can't pass a package through the tunnel. I then found out that 2.4.4
> has a bug (452) causing this. I continued digging and found that I
> need at least 2.4.6 to tyr this, so I'm currently packaging up 2.4.7.
> I hope that 2.4.7 will do the right thing.
It looks much better now. It has some issues to reconnect immediately,
but the next try always succeeds and with
Everything happens in under 2 minutes, so no TCP connections are torn
Here is the first failing attempt to reconnect for reference:
Nov 26 19:24:38 neu pluto: "tww" #7: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Nov 26 19:24:38 neu pluto: "tww" #7: STATE_MAIN_I3: sent MI3, expecting MR3
Nov 26 19:24:45 neu pluto: "tww" #7: discarding duplicate packet; already STATE_MAIN_I3
Nov 26 19:25:05 neu last message repeated 2 times
Nov 26 19:25:48 neu pluto: "tww" #7: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message
Nov 26 19:25:48 neu pluto: "tww" #7: starting keying attempt 2 of an unlimited number, but releasing whack
Nov 26 19:25:48 neu pluto: "tww" #8: initiating Main Mode to replace #7
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20061126/0463e76f/attachment.bin
More information about the Users