[Openswan Users] IP cache on ADSL Connections

Paul Wouters paul at xelerance.com
Wed Nov 7 14:57:40 EST 2007


On Wed, 7 Nov 2007, Frederico Madeira wrote:

> I have a central server with static ip and I'm installing few clients
> using ADSL lines.
> For this clients, the ip assignment is dynamic.
> I'm using no-ip hostnames in ipsec.conf. (right=host.no-ip.org)
> My vpn type is net-to-net.
>
> I've setup the first connection and was ok.
> After fisrt client reboot, it can't eestablish connections.
>
> In server log i saw:
>
> Nov  7 16:19:53 vpn pluto[12087]: ERROR: asynchronous network error
> report on eth1 (sport=500) for message to 189.70.99.52 port 500,
> complainant 189.70.99.52: Connection refused [errno 111, origin ICMP
> type 3 code 3 (not authenticated)]
> Nov  7 16:19:54 vpn pluto[12087]: packet from 189.70.153.230:500:
> ignoring unknown Vendor ID payload [4f455a7e4261425d725c705f]
> Nov  7 16:19:54 vpn pluto[12087]: packet from 189.70.153.230:500:
> received Vendor ID payload [Dead Peer Detection].
>
> In first message server tried to do something using the old client
> ip(before restart) 189.70.99.52, and for sub sequential messages used
> correct ip(after restart) 189.70.153.230.
>
> I solve this problem restarting ipsec service on server..
> How can I solve this problem without server restart ?

Do you have rekey=no?

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list