[Openswan Users] Prevent Connection Timeout
Sebastian Ries
sebastian.ries at dtnet.de
Thu Jan 25 04:55:08 EST 2007
Hi
> Try enabling Dead Peer Detection, see the man page for dpdaction and
> dpdtimeout.
dpd is enabled, but no dpdaction is set.
As the man ipsec.conf does only tell about hols (default) and clear (only
recomended for roadwarrier clients.
Is there an action like "restart"?
> > > I found out that the connection is not really down, but in a "HOLD"
> > > state.
>
> Or perhaps something is failing at rekey time. What do the logs say. It
> should say something about what is going wrong.
Jan 25 11:33:22 atomium pluto[16768]: packet from <other gateway>:4500:
received Vendor ID payload [Dead Peer Detection]
Jan 25 11:33:22 atomium pluto[16768]: packet from <other gateway>:4500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Jan 25 11:33:22 atomium pluto[16768]: packet from <other gateway>:4500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 108
Jan 25 11:33:22 atomium pluto[16768]: packet from <other gateway>:4500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Jan 25 11:33:22 atomium pluto[16768]: packet from <other gateway>:4500:
initial Main Mode message received on <internal IP>:4500 but no connection
has been authorized
These log messages occur every view minutes.
But there is no difference between a usable tunnel and a tunnel in hold
state...
Regards
Sebastian Ries
--
------------------------------------------------------------
DT Netsolution GmbH - Talaeckerstr. 30 - D-70437 Stuttgart
Tel: +49-711-849910-36 Fax: +49-711-849910-936
WEB: http://www.dtnet.de/ email: Sebastian.Ries at dtnet.de
More information about the Users
mailing list