[Openswan Users] Persistent connection for VPN connection

Peter Njiiri pnjiiri at novell.ae
Tue Jun 19 05:54:44 EDT 2007


Hi Kevin
The two servers are connected via a WAN. The Internet connection is constantly on and I noticied that the tunnel disconnects after some hours, 6hrs or 7 hrs. Will check if the rekey=yes works otherwise, are there other recommendations you have for this issue?

Thanks for the feedback,Peter!

>>> Kevin <kevin at sepit.com.au>  >>>
What type of internet connections are each endpoint using and how stable 
are they?  I ask this because I had problems with tunnels apparently not 
staying up and it turned out that the internet connection dropping out 
even for a very short time was causing the problem.

Regards
Kevin

Paul Wouters wrote:

>On Mon, 18 Jun 2007, Peter Njiiri wrote:
>
>  
>
>>The connection is Gatewat-to_gateway connection using FreeSwan (ipsec.conf) will adding the rekey=yes line work for FreeSwan? Thanks for the feedback
>>    
>>
>
>See below on the remark when one of the endpoints is on dynamic ip (roadwarrior).
>AFAIK, freeswan also had rekey=yes as the default, so i dont think it is going to help you.
>
>freeswan is unsupported and has not seen all required security patches. You should migrate
>to openswan.
>
>Paul
>
>  
>
>>Regards,Peter
>>
>>    
>>
>>>>>Paul Wouters <paul at xelerance.com>  >>>
>>>>>          
>>>>>
>>On Mon, 18 Jun 2007, Peter Njiiri wrote:
>>
>>    
>>
>>>I just need to know how a persistent connection can be established when VPN is up. I always have to restart the VPN after some hours as it seems that the SA connection/handshake is dropped?Is there a line that can be added into the ipsec.conf file??? I need the VPN to be running consistently 24-7?
>>>      
>>>
>>If you use rekey=yes (the default!) then it should work already. If this is a roadwarrior connection,
>>then the roadwarrior has to initiate the rekey and the server should use rekey=no.
>>
>>Paul
>>
>>    
>>
>
>  
>


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan: 
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155



More information about the Users mailing list