[Openswan Users] Prevent Connection Timeout

Paul Wouters paul at xelerance.com
Wed Jan 24 09:26:19 EST 2007


On Wed, 24 Jan 2007, Sebastian Ries wrote:

> >
> > But after a while (over night) the connection is down and the only way I
> > know to open it again is to restart both (!) ipsec-deamons.
> > (There is no traffic on the tunnel during this time)
>
> I tested if the tunnel would stay up when there is traffic on it...
> Therefore I added a ping to my crontab every three minutes. This did not make
> a difference.
> The next day (today) the tunnel is down again.

Try enabling Dead Peer Detection, see the man page for dpdaction and dpdtimeout.

> > I found out that the connection is not really down, but in a "HOLD" state.

Or perhaps something is failing at rekey time. What do the logs say. It should
say something about what is going wrong.

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list