[Openswan Users] netkey -- klips
Harald Scharf
h.scharf at nestec.at
Wed Apr 25 08:36:16 EDT 2007
Hello, again
Any idea what this could be?
I have an ipsec tunnel with one side on KLIPS and NETKEY on the other
side.
Sometimes (twice a week), the tunnel breaks and the vpn subnet could not
be reached from
both sides.
When I make an ipsec auto -up conn-name then I get an
117 "conn-name" #701: STATE_QUICK_I1: initiate
004 "conn-name" #701: STATE_QUICK_I2: sent QI2, IPsec SA established
So, I think, the tunnel is not really down. It seems, that the vpn
systems may use
different quick mode states. Could this be a timing problem on rekeying?
I did not set specific timing values in my cons, so the netkey and
The klips config are running with defaults for ike/ipsec lifetime.
When this is a timing problem, why does this not happen in a "pattern"
way?
Kind regards
Harald
NESTEC - Die IT Security & Messaging Distribution mit Personlichkeit
GFi Software - BitDefender - NOD32 - BRICKS ISS - pdfMachine
2X Terminal & ThinClient Solutions -Accunetix
Besuchen sie uns: www.nestec.at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070425/66352435/attachment.html
More information about the Users
mailing list