[Openswan Users] Persistent connection for VPN connection

Peter Njiiri pnjiiri at novell.ae
Tue Jun 19 05:45:28 EDT 2007


Hi,
FreeSwan is the default VPN that comes with SUSE Linux Enterprise Server 9 and in my case Open Enterprise Server Linux, please see http://www-uxsup.csx.cam.ac.uk/pub/doc/suse/sles9/adminguide-sles9/ch26s02.html . Thus this is the VPN I've used.

Kind Regards,Peter

>>> Paul Wouters <paul at xelerance.com>  >>>
On Mon, 18 Jun 2007, Peter Njiiri wrote:

> The connection is Gatewat-to_gateway connection using FreeSwan (ipsec.conf) will adding the rekey=yes line work for FreeSwan? Thanks for the feedback

See below on the remark when one of the endpoints is on dynamic ip (roadwarrior).
AFAIK, freeswan also had rekey=yes as the default, so i dont think it is going to help you.

freeswan is unsupported and has not seen all required security patches. You should migrate
to openswan.

Paul

> Regards,Peter
>
> >>> Paul Wouters <paul at xelerance.com>  >>>
> On Mon, 18 Jun 2007, Peter Njiiri wrote:
>
> > I just need to know how a persistent connection can be established when VPN is up. I always have to restart the VPN after some hours as it seems that the SA connection/handshake is dropped?Is there a line that can be added into the ipsec.conf file??? I need the VPN to be running consistently 24-7?
>
> If you use rekey=yes (the default!) then it should work already. If this is a roadwarrior connection,
> then the roadwarrior has to initiate the rekey and the server should use rekey=no.
>
> Paul
>

-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155



More information about the Users mailing list