[Openswan Users] Fedora + xl2tpd + openswan with psk retransmiting key?
Paul Wouters
paul at xelerance.com
Thu Nov 8 12:41:24 EST 2007
On Thu, 8 Nov 2007, Panics Robert wrote:
> I got a working config with PSK setting, but when I use the VPN connection
> longer than an hour, I got a message like that at secure.log
>
> Nov 8 00:38:16 devel pluto[8487]: "L2TP-PSK"[4] #9: responding to Quick
> Mode {msgid:df83756b}
> Every hour..
Yes.
> When this message shows, on the VPN client I got one or two packet lost, but
> the xl2tpd connection didn't disconnect. I think it's retransmit the ipsec
> key or something like that..
It is rekeying. And since the remote client has to rekey (and openswan waits
for that with rekey=no), there is nothing you can do. The keylife has been
set by the Windows client. On ISA server you can fairly easilly change the
keylifes, but i dont think you can easilly cahnge it on XP/Vista.
Of course, you should not be losing any packets, as with a proper rekey
you will briefly allow receiving packets on the old IPsec SA, but not use
it to send anymore, so it guarantees a smooth transition. Guess it's a bug
in Windows.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list