[Openswan Users] netkey -- klips

Harald Scharf h.scharf at nestec.at
Wed Apr 25 08:36:16 EDT 2007

Hello, again


Any idea what this could be?

I have an ipsec tunnel with one side on KLIPS and NETKEY on the other

Sometimes (twice a week), the tunnel breaks and the vpn subnet could not
be reached from

both sides.


When I make an ipsec auto -up conn-name then I get an


117 "conn-name" #701: STATE_QUICK_I1: initiate

004 "conn-name" #701: STATE_QUICK_I2: sent QI2, IPsec SA established


So, I think, the tunnel is not really down. It seems, that the vpn
systems may use

different quick mode states. Could this be a timing problem on rekeying?

I did not set specific timing values in my cons, so the netkey and

The klips config are running with defaults for ike/ipsec lifetime.

When this is a timing problem, why does this not happen in a "pattern"


Kind regards





NESTEC - Die IT Security & Messaging Distribution mit Personlichkeit
GFi Software - BitDefender - NOD32 - BRICKS ISS - pdfMachine
2X Terminal & ThinClient Solutions -Accunetix
Besuchen sie uns: www.nestec.at

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070425/66352435/attachment.html 

More information about the Users mailing list