[Openswan Users] comm_handle error
jp.espino at gmail.com
Tue Jan 16 14:11:40 EST 2007
I upgraded to Openswan 2.4.2 and I got other difficulties. I got 31 of
200 roadwarrior connections that never established an IPsec tunnel
with the following messages:
2007:01:12-17:32:24 (none) pluto: "D_XXX539_0" 10.10.10.34
#20558: STATE_MAIN_R2: sent MR2, expecting MI3
2007:01:12-17:32:37 (none) pluto: "D_XXX539_0" 10.10.10.34
#20321: max number of retransmissions (2) reached STATE_MAIN_R2
Also when the first phase 1 re-negotiation ocurred all the connections
go down. I'm natting, so from some ethereal captures I suspect there
is a problem changing the UDP port from 500 to 4500 during the phase
1. I wonder if it is a known problem with this version of Openswan?,
Thanks for helping.
-IPsec VPN clients: Safenet HA Remote 1.4
On 1/12/07, Paul Wouters <paul at xelerance.com> wrote:
> On Thu, 11 Jan 2007, Juan Pablo Espino wrote:
> > > That's like 4 year old code. Upgrade?
> > >
> > Yeap I agree but my problem is that I have to convince some people at
> > my work who don't know anything about technology.
> > I know there have been many improvements and new features from
> > freeswan 1.99 to current versions of openswan: NAT-T RFC complainant,
> > Dead peer detection, opportunistic encryption, etc, etc., but how can
> > I argue that a new version is going to manage well our vpn connections
> > and it isn't going to crash like our actual system. Thanks for
> > helping.
> Install it on a new PC, and hotswap it? If it would be worse swap it back?
> Building and integrating Virtual Private Networks with Openswan:
More information about the Users