[Openswan Users] Prevent Connection Timeout

Paul Wouters paul at xelerance.com
Thu Jan 25 10:07:06 EST 2007


On Thu, 25 Jan 2007, Sebastian Ries wrote:

> > Try enabling Dead Peer Detection, see the man page for dpdaction and
> > dpdtimeout.
> dpd is enabled, but no dpdaction is set.
> As the man ipsec.conf does only tell about hols (default) and clear (only
> recomended for roadwarrier clients.
> Is there an action like "restart"?

yes, dpdaction=restart is valid. I'll add it to the man page.

> Jan 25 11:33:22 atomium pluto[16768]: packet from <other gateway>:4500:
> received Vendor ID payload [Dead Peer Detection]
> Jan 25 11:33:22 atomium pluto[16768]: packet from <other gateway>:4500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
> Jan 25 11:33:22 atomium pluto[16768]: packet from <other gateway>:4500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
> already using method 108
> Jan 25 11:33:22 atomium pluto[16768]: packet from <other gateway>:4500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
> Jan 25 11:33:22 atomium pluto[16768]: packet from <other gateway>:4500:
> initial Main Mode message received on <internal IP>:4500 but no connection
> has been authorized

Odd, it seems the other end switched to talk to your internal ip, instead of
the external one. For the internal one, you have no connection setup, so
you get this error. The other end is clearly doing something bad[tm].

Paul


More information about the Users mailing list